Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer slowing down, disk seems to spin all night long....

Started by rayl54292 , Nov 16 2018 05:40 PM

  • Please log in to reply

#1
rayl54292
Posted 16 November 2018 - 05:40 PM

rayl54292

    New Member

  • Member
  • Pip
  • 6 posts

Generally have to reboot to get back to normal speed.  Cleaned up PC couple couple months ago with help from Geeks to Go, but seems headed back to slowness mode.  

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15.11.2018
Ran by ray (administrator) on WINDOWS-R5DKETL (16-11-2018 15:31:03)
Running from C:\Users\ray\Desktop
Loaded Profiles: ray (Available Profiles: ray & Administrator & Guest)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\avp.exe
(Microsoft Corporation) C:\WINDOWS\System32\alg.exe
(Microsoft Corporation) C:\WINDOWS\System32\SkyDrive.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\avpui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksde.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksdeui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-1907028208-728727157-4186076341-1002\...\Run: [QuickLaunch] => C:\Program Files (x86)\Schwab\StreetSmart Edge\QuickLaunch.exe [12800 2018-09-12] (Charles Schwab & Co., Inc.)
HKU\S-1-5-21-1907028208-728727157-4186076341-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8551848 2015-10-19] (Piriform Ltd)
HKU\S-1-5-21-1907028208-728727157-4186076341-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Mystify.scr [133632 2014-10-28] (Microsoft Corporation)
HKLM\...\Providers\Internet Print Provider: inetpp.dll
HKLM\...\Providers\LanMan Print Services: win32spl.dll
CHR HKU\S-1-5-21-1907028208-728727157-4186076341-1002\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{2B08E5F1-4978-4815-91A4-BBC94D9D4F63}: [DhcpNameServer] 192.168.0.254
Tcpip\..\Interfaces\{4F76FD65-1DE2-4091-884B-2DC03D80D152}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{C5CD9B80-A567-465A-A5CD-AF70F9737DBE}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKU\S-1-5-21-1907028208-728727157-4186076341-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
HKU\S-1-5-21-1907028208-728727157-4186076341-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.dell.com
BHO: Kaspersky Protection -> {EC1E29BB-F56A-45D8-B023-D3EF710FA0E0} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\IEExt\ie_plugin.dll [2018-10-02] (AO Kaspersky Lab)
BHO-x32: Kaspersky Protection -> {EC1E29BB-F56A-45D8-B023-D3EF710FA0E0} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\IEExt\ie_plugin.dll [2018-10-02] (AO Kaspersky Lab)
Toolbar: HKLM - Kaspersky Protection Toolbar - {C500C267-63BF-451F-8797-4D720C9A2ED9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\IEExt\ie_plugin.dll [2018-10-02] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {C500C267-63BF-451F-8797-4D720C9A2ED9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\IEExt\ie_plugin.dll [2018-10-02] (AO Kaspersky Lab)
Handler: WSIEChrome - No CLSID Value
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\FFExt\light_plugin_firefox\addon.xpi [2018-08-25]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-19] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1907028208-728727157-4186076341-1002: @citrixonline.com/appdetectorplugin -> C:\Users\ray\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2017-01-09] (Citrix Online)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://www.msn.com/?pc=AV01","hxxp://www.msn.com/?pc=AV01","hxxp://www.google.com/"
CHR Profile: C:\Users\ray\AppData\Local\Google\Chrome\User Data\Backup Default [2018-11-16]
CHR Extension: (File Converter) - C:\Users\ray\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\alblmaecejifbilchdofkdanifpmnmfk [2014-11-03]
CHR Extension: (Kaspersky Protection) - C:\Users\ray\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\amkpcclbbgegoafihnpgomddadjhcadd [2018-08-25]
CHR Extension: (Google Drive) - C:\Users\ray\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\ray\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29]
CHR Extension: (Google Search) - C:\Users\ray\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Adobe Acrobat) - C:\Users\ray\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-04-13]
CHR Extension: (Google Docs Offline) - C:\Users\ray\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-25]
CHR Extension: (Kindle Cloud Reader) - C:\Users\ray\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2014-07-25]
CHR Extension: (PDF to Word Converter App) - C:\Users\ray\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\jclipofobaadknkadkpgggmjkebddjam [2014-07-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ray\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-07]
CHR Extension: (Gmail) - C:\Users\ray\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31]
CHR Extension: (Chrome Media Router) - C:\Users\ray\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-08-25]
CHR Profile: C:\Users\ray\AppData\Local\Google\Chrome\User Data\Default [2018-11-16]
CHR Extension: (Slides) - C:\Users\ray\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-08-29]
CHR Extension: (Kaspersky Protection) - C:\Users\ray\AppData\Local\Google\Chrome\User Data\Default\Extensions\amkpcclbbgegoafihnpgomddadjhcadd [2018-11-08]
CHR Extension: (Docs) - C:\Users\ray\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-08-29]
CHR Extension: (Google Drive) - C:\Users\ray\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-11-08]
CHR Extension: (YouTube) - C:\Users\ray\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-08-29]
CHR Extension: (Adobe Acrobat) - C:\Users\ray\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-08-29]
CHR Extension: (Sheets) - C:\Users\ray\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-08-29]
CHR Extension: (Google Docs Offline) - C:\Users\ray\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-30]
CHR Extension: (Kindle Cloud Reader) - C:\Users\ray\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2018-08-29]
CHR Extension: (PDF to Word Converter App) - C:\Users\ray\AppData\Local\Google\Chrome\User Data\Default\Extensions\jclipofobaadknkadkpgggmjkebddjam [2018-08-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ray\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-08-29]
CHR Extension: (Gmail) - C:\Users\ray\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-08-29]
CHR Extension: (Chrome Media Router) - C:\Users\ray\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-11-13]
CHR HKLM\...\Chrome\Extension: [amkpcclbbgegoafihnpgomddadjhcadd] - hxxps://chrome.google.com/webstore/detail/amkpcclbbgegoafihnpgomddadjhcadd
CHR HKU\S-1-5-21-1907028208-728727157-4186076341-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [amkpcclbbgegoafihnpgomddadjhcadd] - hxxps://chrome.google.com/webstore/detail/amkpcclbbgegoafihnpgomddadjhcadd
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVP19.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\avp.exe [619640 2018-02-28] (AO Kaspersky Lab)
S3 klvssbridge64_19.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\vssbridge64.exe [416560 2018-08-25] (AO Kaspersky Lab)
R2 KSDE3.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksde.exe [617016 2018-02-28] (AO Kaspersky Lab)
S2 SetupARService; C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe [10752 2015-08-18] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
S4 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-06-18] (Atheros) [File not signed]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [243400 2018-01-27] (AO Kaspersky Lab)
S3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [528576 2018-02-20] (AO Kaspersky Lab)
R0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [73416 2018-10-02] (AO Kaspersky Lab)
R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [123152 2018-10-02] (AO Kaspersky Lab)
R2 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [89168 2018-10-02] (AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [29208 2017-03-30] (AO Kaspersky Lab)
R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [220472 2018-10-02] (AO Kaspersky Lab)
R1 KLHK; C:\WINDOWS\System32\drivers\klhk.sys [1214752 2018-10-02] (AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1113912 2018-10-02] (AO Kaspersky Lab)
R1 klim6; C:\WINDOWS\system32\DRIVERS\klim6.sys [57032 2018-02-12] (AO Kaspersky Lab)
R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [58048 2018-01-15] (AO Kaspersky Lab)
R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [83496 2017-12-11] (AO Kaspersky Lab)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [50648 2017-05-30] (AO Kaspersky Lab)
S3 klpnpflt; C:\WINDOWS\system32\DRIVERS\klpnpflt.sys [45768 2018-10-02] (AO Kaspersky Lab)
R3 kltap; C:\WINDOWS\system32\DRIVERS\kltap.sys [48080 2018-02-12] (The OpenVPN Project)
S4 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [100552 2018-02-17] (AO Kaspersky Lab)
R1 klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [161080 2018-07-19] (AO Kaspersky Lab)
R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [203968 2018-02-24] (AO Kaspersky Lab)
S3 Netaapl; C:\WINDOWS\system32\DRIVERS\netaapl64.sys [23040 2017-10-13] (Apple Inc.) [File not signed]
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2017-11-27] (Apple, Inc.) [File not signed]
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
S3 IntcAzAudAddService; \SystemRoot\system32\drivers\RTKVHD64.sys [X]
S1 lmimirr; \SystemRoot\system32\DRIVERS\lmimirr.sys [X]
S3 MBAMSwissArmy; \SystemRoot\System32\Drivers\mbamswissarmy.sys [X]
S3 radpms; \SystemRoot\system32\DRIVERS\radpms.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-11-16 15:31 - 2018-11-16 15:31 - 000014906 _____ C:\Users\ray\Desktop\FRST.txt
2018-11-16 15:30 - 2018-11-16 15:31 - 000000000 ____D C:\FRST
2018-11-16 15:30 - 2018-11-16 15:30 - 002416128 _____ (Farbar) C:\Users\ray\Desktop\FRST64.exe
2018-11-16 15:30 - 2018-11-16 15:30 - 000000000 ____D C:\Users\ray\Desktop\FRST-OlderVersion
2018-11-16 15:29 - 2018-11-16 15:29 - 002416128 _____ (Farbar) C:\Users\ray\Downloads\FRST64.exe
2018-11-16 15:18 - 2018-11-16 15:18 - 000007590 _____ C:\Users\ray\Documents\cc_20181116_151838.reg
2018-11-15 18:29 - 2018-11-15 18:29 - 001055653 _____ C:\Users\ray\Downloads\140D8119Q0003_attachment (2).pdf
2018-11-15 18:27 - 2018-11-15 18:27 - 001055653 _____ C:\Users\ray\Downloads\140D8119Q0003_attachment (1).pdf
2018-11-15 18:19 - 2018-11-15 18:19 - 001055653 _____ C:\Users\ray\Downloads\140D8119Q0003_attachment.pdf
2018-11-15 18:19 - 2018-11-15 18:19 - 000096322 _____ C:\Users\ray\Downloads\Sol_140D8119Q0003.pdf
2018-11-15 18:17 - 2018-11-15 18:17 - 000096229 _____ C:\Users\ray\Downloads\Sol_140D8119Q0002.pdf
2018-11-15 16:48 - 2018-11-15 16:48 - 003748823 _____ C:\Users\ray\Downloads\download.pdf
2018-11-15 00:44 - 2018-11-15 00:44 - 000002487 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-11-14 20:16 - 2018-11-14 20:24 - 000066010 _____ C:\Users\ray\Desktop\GSA Price List.pdf
2018-11-14 19:59 - 2018-11-14 19:59 - 000046255 _____ C:\Users\ray\Desktop\Ben TrollopeH3 X12.pdf
2018-11-14 19:22 - 2018-11-14 19:22 - 000046180 _____ C:\Users\ray\Desktop\Ben Trollope HX8.pdf
2018-11-14 19:20 - 2018-11-14 19:20 - 000046174 _____ C:\Users\ray\Desktop\Ben Trollope H X12.pdf
2018-11-14 19:18 - 2018-11-14 19:21 - 000046180 _____ C:\Users\ray\Desktop\Ben Trollope X12.pdf
2018-11-14 08:43 - 2018-11-02 12:48 - 000835168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-11-14 08:43 - 2018-11-02 12:48 - 000179808 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-11-14 00:36 - 2018-10-24 16:54 - 000151552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshom.ocx
2018-11-14 00:36 - 2018-10-24 16:51 - 000121344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshom.ocx
2018-11-14 00:36 - 2018-10-24 16:46 - 000205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll
2018-11-14 00:36 - 2018-10-24 16:45 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll
2018-11-14 00:36 - 2018-10-17 18:48 - 025737728 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-11-14 00:36 - 2018-10-17 18:17 - 020281344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-11-14 00:36 - 2018-10-15 19:46 - 007371720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-11-14 00:36 - 2018-10-15 19:39 - 002171800 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2018-11-14 00:36 - 2018-10-15 19:39 - 001662504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2018-11-14 00:36 - 2018-10-15 19:39 - 001063368 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2018-11-14 00:36 - 2018-10-15 19:18 - 001137472 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-11-14 00:36 - 2018-10-15 19:02 - 001563584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2018-11-14 00:36 - 2018-10-15 19:02 - 001214920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2018-11-14 00:36 - 2018-10-12 12:35 - 000862208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-11-14 00:36 - 2018-10-12 12:26 - 000498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-11-14 00:36 - 2018-10-12 12:25 - 000189440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrobj.dll
2018-11-14 00:36 - 2018-10-12 12:22 - 002295808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-11-14 00:36 - 2018-10-12 12:17 - 000662016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-11-14 00:36 - 2018-10-12 12:16 - 000148992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscript.exe
2018-11-14 00:36 - 2018-10-12 12:16 - 000131584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cscript.exe
2018-11-14 00:36 - 2018-10-12 12:03 - 004494848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-11-14 00:36 - 2018-10-12 12:00 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2018-11-14 00:36 - 2018-10-12 11:59 - 013680640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-11-14 00:36 - 2018-10-12 11:57 - 000230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2018-11-14 00:36 - 2018-10-12 11:56 - 000696320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-11-14 00:36 - 2018-10-12 11:51 - 000267776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2018-11-14 00:36 - 2018-10-12 11:47 - 001049600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2018-11-14 00:36 - 2018-10-12 11:42 - 004386816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-11-14 00:36 - 2018-10-12 11:38 - 001330176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-11-14 00:36 - 2018-10-12 11:36 - 000710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-11-14 00:36 - 2018-10-11 18:16 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dispex.dll
2018-11-14 00:36 - 2018-10-11 18:12 - 002902016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-11-14 00:36 - 2018-10-11 18:10 - 000576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-11-14 00:36 - 2018-10-11 18:10 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrobj.dll
2018-11-14 00:36 - 2018-10-11 18:01 - 000615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2018-11-14 00:36 - 2018-10-11 17:59 - 005779456 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-11-14 00:36 - 2018-10-11 17:59 - 000794624 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-11-14 00:36 - 2018-10-11 17:58 - 000172032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscript.exe
2018-11-14 00:36 - 2018-10-11 17:58 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscript.exe
2018-11-14 00:36 - 2018-10-11 17:35 - 001033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2018-11-14 00:36 - 2018-10-11 17:30 - 000262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2018-11-14 00:36 - 2018-10-11 17:27 - 000809472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-11-14 00:36 - 2018-10-11 17:27 - 000728064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2018-11-14 00:36 - 2018-10-11 17:25 - 015283712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-11-14 00:36 - 2018-10-11 17:19 - 004859904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-11-14 00:36 - 2018-10-11 17:17 - 000809984 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2018-11-14 00:36 - 2018-10-11 17:12 - 002882048 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2018-11-14 00:36 - 2018-10-11 17:06 - 001555968 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-11-14 00:36 - 2018-10-11 16:55 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-11-14 00:36 - 2018-10-06 10:14 - 001547192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-11-14 00:36 - 2018-10-06 10:14 - 000388536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-11-14 00:36 - 2018-10-06 10:04 - 001308976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-11-14 00:36 - 2018-10-06 10:03 - 000356288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-11-14 00:36 - 2018-10-06 08:48 - 004168192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2018-11-14 00:36 - 2018-10-06 07:41 - 002465792 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2018-11-14 00:36 - 2018-10-06 07:34 - 002175488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2018-11-14 00:36 - 2018-10-06 07:32 - 000747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-11-14 00:36 - 2018-09-28 05:38 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll
2018-11-14 00:36 - 2018-09-28 05:34 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msisip.dll
2018-11-14 00:36 - 2018-09-23 08:47 - 000337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2018-11-14 00:36 - 2018-09-23 08:45 - 000468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2018-11-14 00:36 - 2018-09-23 08:45 - 000248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
2018-11-14 00:36 - 2018-09-23 08:37 - 000774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2018-11-14 00:36 - 2018-09-23 08:24 - 003631616 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-11-14 00:36 - 2018-09-23 08:23 - 000391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2018-11-14 00:36 - 2018-09-23 08:23 - 000272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2018-11-14 00:36 - 2018-09-23 08:20 - 002750464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2018-11-14 00:36 - 2018-09-23 08:17 - 000699392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2018-11-14 00:36 - 2018-09-23 08:00 - 000200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2018-11-14 00:36 - 2018-09-23 08:00 - 000133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2018-11-14 00:36 - 2018-09-23 07:58 - 000904192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2018-11-14 00:36 - 2018-09-23 07:56 - 002551808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2018-11-14 00:36 - 2018-09-23 07:53 - 000168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFilterHost.exe
2018-11-14 00:36 - 2018-09-23 07:51 - 001920000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2018-11-14 00:36 - 2018-09-23 07:50 - 000709632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2018-11-14 00:36 - 2018-09-12 10:30 - 000137008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2018-11-14 00:36 - 2018-09-11 07:30 - 003718144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-11-14 00:36 - 2018-08-25 19:38 - 001200640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2018-11-14 00:36 - 2018-08-25 19:38 - 000323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2018-11-14 00:36 - 2018-08-25 19:21 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2018-11-14 00:36 - 2018-08-25 19:21 - 000200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2018-11-14 00:36 - 2018-08-25 17:45 - 000513448 _____ C:\WINDOWS\SysWOW64\locale.nls
2018-11-14 00:36 - 2018-08-25 17:45 - 000513448 _____ C:\WINDOWS\system32\locale.nls
2018-11-14 00:36 - 2018-08-21 05:39 - 000435200 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2018-11-14 00:36 - 2018-08-21 05:35 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2018-11-14 00:36 - 2018-08-19 08:22 - 000445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2018-11-14 00:36 - 2018-08-19 07:52 - 001436672 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-11-14 00:36 - 2018-08-19 07:43 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2018-11-13 16:49 - 2018-11-13 16:49 - 003541149 _____ C:\Users\ray\Desktop\xFold Deck .pdf
2018-11-13 16:47 - 2018-11-13 16:48 - 003541149 _____ C:\Users\ray\Downloads\xFold Deck .pdf
2018-11-13 16:46 - 2018-11-13 16:46 - 003637142 _____ C:\Users\ray\Downloads\xFold Pitch Deck.pdf
2018-11-13 16:14 - 2018-11-13 16:14 - 000332988 _____ C:\Users\ray\Desktop\COGO UAS RFI.pdf
2018-11-13 16:14 - 2018-11-13 16:14 - 000279890 _____ C:\Users\ray\Desktop\DOIDFBO190010_Attachment.pdf
2018-11-13 16:13 - 2018-11-13 16:13 - 000332988 _____ C:\Users\ray\Downloads\COGO UAS RFI.pdf
2018-11-13 16:10 - 2018-11-13 16:10 - 000279890 _____ C:\Users\ray\Downloads\DOIDFBO190010_Attachment.pdf
2018-11-13 16:10 - 2018-11-13 16:10 - 000279890 _____ C:\Users\ray\Downloads\DOIDFBO190010_Attachment (1).pdf
2018-11-12 21:09 - 2018-11-12 21:09 - 000048363 _____ C:\Users\ray\Desktop\Ben Raviv x8.pdf
2018-11-12 21:09 - 2018-11-12 21:09 - 000048357 _____ C:\Users\ray\Desktop\Ben Raviv Hexa.pdf
2018-11-08 17:18 - 2018-11-08 17:18 - 000045977 _____ C:\Users\ray\Desktop\Factory PureX12.pdf
2018-11-08 17:13 - 2018-11-08 17:13 - 000045885 _____ C:\Users\ray\Desktop\Factory Pure Hybrid X8.pdf
2018-11-08 17:08 - 2018-11-08 17:08 - 000045976 _____ C:\Users\ray\Desktop\Factory PureX8.pdf
2018-11-07 14:58 - 2018-11-07 14:58 - 000166207 _____ C:\Users\ray\Downloads\Factory Prue.pdf
2018-11-07 14:26 - 2018-11-07 14:27 - 000048673 _____ C:\Users\ray\Downloads\Marque DeWinter - Quote.pdf
2018-11-07 10:09 - 2018-11-07 10:09 - 000046516 _____ C:\Users\ray\Downloads\Riah Media - Quote (1).pdf
2018-11-07 09:16 - 2018-11-07 09:16 - 000046711 _____ C:\Users\ray\Downloads\Riah Media - Quote.pdf
2018-11-06 12:52 - 2018-11-06 12:52 - 000001184 _____ C:\Users\Public\Desktop\StreetSmart Edge.lnk
2018-11-05 14:32 - 2018-11-05 14:34 - 300084913 _____ C:\Users\ray\Downloads\Aerial Deliverable Example-Reduced (1).pdf
2018-11-05 07:43 - 2018-11-05 07:43 - 002196633 _____ C:\Users\ray\Downloads\Untitled.pdf
2018-11-02 13:32 - 2018-11-02 13:32 - 000037248 _____ C:\Users\ray\Downloads\402553.pdf
2018-11-01 12:58 - 2018-11-01 12:58 - 000046404 _____ C:\Users\ray\Downloads\Blue Skies Dragon - Quote.pdf
2018-11-01 12:58 - 2018-11-01 12:58 - 000046385 _____ C:\Users\ray\Downloads\Blue Skies Cinema - Quote.pdf
2018-11-01 12:18 - 2018-11-01 12:18 - 000060022 _____ C:\Users\ray\Downloads\Brad Rohl x6 4K Generator.pdf
2018-11-01 12:18 - 2018-11-01 12:18 - 000060019 _____ C:\Users\ray\Downloads\Brad Rohl x6 2.4K Generator.pdf
2018-11-01 12:18 - 2018-11-01 12:18 - 000060019 _____ C:\Users\ray\Downloads\Brad Rohl x6 2.4K Generator (1).pdf
2018-11-01 12:18 - 2018-11-01 12:18 - 000060017 _____ C:\Users\ray\Downloads\Brad Rohl x8 4K Generator.pdf
2018-10-30 14:04 - 2018-10-30 14:04 - 000080709 _____ C:\Users\ray\Desktop\Front - Gallery - Agrowing.html
2018-10-30 14:04 - 2018-10-30 14:04 - 000000000 ____D C:\Users\ray\Desktop\Front - Gallery - Agrowing_files
2018-10-29 18:59 - 2018-10-29 18:59 - 126479712 _____ C:\Users\ray\Downloads\PRESENTACION T.O.P..pptx
2018-10-29 17:28 - 2018-10-29 17:28 - 000964875 _____ C:\Users\ray\Downloads\pegasus-brochure-fold-auvsi-2018.pdf
2018-10-29 17:19 - 2018-10-29 17:19 - 000045852 _____ C:\Users\ray\Desktop\Tyler X8.pdf
2018-10-29 17:18 - 2018-10-29 17:18 - 000045851 _____ C:\Users\ray\Desktop\Tyler.pdf
2018-10-29 17:17 - 2018-10-29 17:17 - 000047137 _____ C:\Users\ray\Downloads\Tyler - Quote.pdf
2018-10-29 16:49 - 2018-10-29 17:03 - 000045879 _____ C:\Users\ray\Desktop\kent nehemiah.pdf
2018-10-29 08:40 - 2018-10-29 08:40 - 000132269 _____ C:\Users\ray\Desktop\WhatsApp Image 2018-10-29 at 9.36.36 AM.jpeg
2018-10-23 06:18 - 2018-10-23 06:18 - 000000105 _____ C:\Users\ray\Downloads\ec2-18-224-95-22.us-east-2.compute.amazonaws.com (1).rdp
2018-10-22 14:23 - 2018-10-22 14:23 - 000043562 _____ C:\Users\ray\Desktop\HTC Dragon x8 Hybrid.pdf
2018-10-22 14:20 - 2018-10-22 14:20 - 000043464 _____ C:\Users\ray\Desktop\HTC x8 Battery.pdf
2018-10-22 14:17 - 2018-10-22 14:17 - 000043674 _____ C:\Users\ray\Desktop\McGill x8 Battery.pdf
2018-10-22 14:15 - 2018-10-22 14:15 - 000043913 _____ C:\Users\ray\Desktop\McGill Dragon x8 Hybrid.pdf
2018-10-22 14:11 - 2018-10-22 14:11 - 000043913 _____ C:\Users\ray\Desktop\McGill.pdf
2018-10-22 13:45 - 2018-10-22 13:45 - 000043863 _____ C:\Users\ray\Desktop\McGill Hexa Battery.pdf
2018-10-22 13:43 - 2018-10-22 13:43 - 000043909 _____ C:\Users\ray\Desktop\McGill Hexa Hybrid.pdf
2018-10-22 13:27 - 2018-10-22 13:27 - 000043587 _____ C:\Users\ray\Desktop\Blue Skies x8 Hybrid.pdf
2018-10-22 13:26 - 2018-10-22 13:26 - 000043596 _____ C:\Users\ray\Desktop\Blue Skies Hybrid.pdf
2018-10-22 13:24 - 2018-10-22 13:24 - 000043569 _____ C:\Users\ray\Desktop\Blue Skies x8.pdf
2018-10-22 13:17 - 2018-10-22 13:22 - 000043568 _____ C:\Users\ray\Desktop\Blue Skies.pdf
2018-10-19 06:49 - 2018-10-19 06:49 - 000000105 _____ C:\Users\ray\Downloads\ec2-18-224-95-22.us-east-2.compute.amazonaws.com.rdp
2018-10-19 06:26 - 2018-10-19 06:26 - 000000104 _____ C:\Users\ray\Downloads\ec2-13-58-51-85.us-east-2.compute.amazonaws.com.rdp
2018-10-18 17:53 - 2018-10-18 17:52 - 000000105 _____ C:\Users\ray\Desktop\ec2-18-224-27-33.us-east-2.compute.amazonaws.com.rdp
2018-10-18 17:52 - 2018-10-18 17:52 - 000000105 _____ C:\Users\ray\Downloads\ec2-18-224-27-33.us-east-2.compute.amazonaws.com.rdp
2018-10-18 17:32 - 2018-10-18 17:32 - 000000107 _____ C:\Users\ray\Downloads\ec2-18-224-199-214.us-east-2.compute.amazonaws.com.rdp
2018-10-17 19:18 - 2018-10-17 19:18 - 000286961 _____ C:\Users\ray\Downloads\Cities Digital Software Contract 20140926.pdf
2018-10-17 18:55 - 2018-10-17 18:55 - 000019545 _____ C:\Users\ray\Downloads\SOFTWARELICENSEPURCHASEAGREEMENT.pdf
2018-10-17 12:50 - 2018-10-17 12:52 - 300084913 _____ C:\Users\ray\Downloads\Aerial Deliverable Example-Reduced.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-11-16 15:28 - 2013-10-08 16:32 - 000003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1907028208-728727157-4186076341-1002
2018-11-16 15:27 - 2014-03-18 02:03 - 000800512 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-11-16 15:27 - 2013-08-22 05:36 - 000000000 ____D C:\WINDOWS\Inf
2018-11-16 15:26 - 2013-11-26 16:54 - 000003802 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{67FFD65B-E88E-4862-A5FC-8FE64B1BD60A}
2018-11-16 15:25 - 2018-08-25 19:59 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2018-11-16 15:24 - 2016-07-02 11:45 - 000000000 ____D C:\Users\ray\OneDrive
2018-11-16 15:23 - 2018-09-30 07:37 - 000073728 ___SH C:\Users\ray\Desktop\Thumbs.db
2018-11-16 15:23 - 2014-09-28 15:25 - 000000581 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2018-11-16 15:23 - 2013-08-22 06:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-11-16 15:22 - 2013-08-22 05:25 - 000524288 ___SH C:\WINDOWS\system32\config\BBI
2018-11-16 09:47 - 2013-08-22 07:36 - 000000000 ____D C:\WINDOWS\rescache
2018-11-16 09:16 - 2018-09-24 16:14 - 000000312 _____ C:\WINDOWS\SysWOW64\AbBakConfig.dat
2018-11-16 09:16 - 2018-09-24 16:14 - 000000150 _____ C:\WINDOWS\SysWOW64\winsevr.dat
2018-11-16 09:15 - 2013-08-22 06:44 - 000512600 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-11-15 22:04 - 2013-08-22 05:25 - 000262144 ___SH C:\WINDOWS\system32\config\ELAM
2018-11-15 16:00 - 2018-06-19 18:04 - 000000000 ____D C:\Users\ray\AppData\Roaming\WhatsApp
2018-11-15 14:13 - 2013-08-22 07:36 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-11-14 08:49 - 2012-07-25 23:59 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-11-14 08:43 - 2013-10-10 02:13 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-11-14 08:40 - 2013-10-10 02:13 - 137810048 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-11-12 20:44 - 2018-09-24 20:23 - 000000630 _____ C:\WINDOWS\Tasks\TradeStation Backup - Monthly.job
2018-11-12 19:19 - 2013-12-26 14:32 - 000002246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-11-09 21:17 - 2013-10-11 20:06 - 000000000 ____D C:\Program Files (x86)\TradeStation Archives
2018-11-08 15:42 - 2018-06-19 18:04 - 000000000 ____D C:\Users\ray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp
2018-11-08 15:41 - 2018-06-19 18:03 - 000000000 ____D C:\Users\ray\AppData\Local\WhatsApp
2018-11-08 15:41 - 2018-06-19 18:03 - 000000000 ____D C:\Users\ray\AppData\Local\SquirrelTemp
2018-10-29 19:58 - 2018-09-25 16:24 - 000227840 ___SH C:\Users\ray\Downloads\Thumbs.db
 
==================== Files in the root of some directories =======
 
2013-10-08 17:59 - 2018-09-24 20:17 - 000000320 _____ () C:\Users\ray\AppData\Roaming\SEC2444679.trad
2016-04-20 14:38 - 2018-09-27 16:39 - 000007597 _____ () C:\Users\ray\AppData\Local\Resmon.ResmonCfg
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
ATTENTION: ==> Could not access BCD. 
 
LastRegBack: 2018-11-16 09:26
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15.11.2018
Ran by ray (16-11-2018 15:32:01)
Running from C:\Users\ray\Desktop
Windows 8.1 (Update) (X64) (2014-05-08 13:17:48)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1907028208-728727157-4186076341-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-1907028208-728727157-4186076341-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-1907028208-728727157-4186076341-1029 - Limited - Enabled)
ray (S-1-5-21-1907028208-728727157-4186076341-1002 - Administrator - Enabled) => C:\Users\ray
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky Free (Enabled - Up to date) {0AB30972-4BAC-7BEE-CBCA-B8F9E68797D8}
AS: Kaspersky Free (Enabled - Up to date) {B1D2E896-6D96-7460-F17A-838B9D00DD65}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.008.20081 - Adobe Systems Incorporated)
Adobe Connect 9 Add-in (HKU\S-1-5-21-1907028208-728727157-4186076341-1002\...\Adobe Connect 9 Add-in) (Version: 11.9.976.299 - Adobe Systems Incorporated)
CCleaner (HKLM\...\CCleaner) (Version: 5.11 - Piriform)
CleanUp! (HKLM-x32\...\CleanUp!) (Version:  - )
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Wireless Driver Installation (HKLM-x32\...\{451517F1-7E41-400B-AA36-FB7E2563526D}) (Version: 10.0 - Dell)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 70.0.3538.102 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Kaspersky Free (HKLM-x32\...\{718613F4-492D-4272-ACC3-D04A8EF0F883}) (Version: 19.0.0.1088 - Kaspersky Lab) Hidden
Kaspersky Free (HKLM-x32\...\InstallWIX_{718613F4-492D-4272-ACC3-D04A8EF0F883}) (Version: 19.0.0.1088 - Kaspersky Lab)
Kaspersky Secure Connection (HKLM-x32\...\{F10AA188-7166-430E-8810-FEAB2AD73DE3}) (Version: 19.0.0.1088 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{F10AA188-7166-430E-8810-FEAB2AD73DE3}) (Version: 19.0.0.1088 - Kaspersky Lab)
Microsoft Expression Encoder 4 (HKLM-x32\...\Encoder_4.0.1651.0) (Version: 4.0.1651.0 - Microsoft Corporation)
Microsoft Expression Encoder 4 Screen Capture Codec (HKLM-x32\...\{952DCCD8-4039-46C8-BC8B-5C1EB6C8E130}) (Version: 4.0.1651.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 x64 ENU (HKLM\...\{8424B163-D1E0-48B7-88A2-C7A61767B3D7}) (Version: 4.0.8482.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{5BABDA39-61CF-41EE-992D-4054B6649A9B}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{ED6C77F9-4D7E-447C-9EC0-9A212D075535}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
OpenOffice 4.1.5 (HKLM-x32\...\{ABCAD346-4F4B-49E9-9AA1-28EF8C26059D}) (Version: 4.15.9789 - Apache Software Foundation)
Python 2.7 tradingWithPython-0.0.12 (HKU\S-1-5-21-1907028208-728727157-4186076341-1002\...\tradingWithPython-py2.7) (Version:  - )
Python 2.7.8 (Anaconda 2.1.0 64-bit) (HKU\S-1-5-21-1907028208-728727157-4186076341-1002\...\Python 2.7.8 (Anaconda 2.1.0 64-bit)) (Version: 2.1.0 - Continuum Analytics, Inc.) <==== ATTENTION
Python 3.4.2 (64-bit) (HKLM\...\{cd723946-09c1-38d3-8542-732ba931e9ef}) (Version: 3.4.2150 - Python Software Foundation)
Remote Desktop Connection Manager (HKLM-x32\...\{0240359E-6A4C-4884-9E94-B397A02D893C}) (Version: 2.7.14060 - Microsoft Corporation)
RogueKiller version 12.12.30.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.30.0 - Adlice Software)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
StreetSmart Edge® (HKLM-x32\...\{5646676A-5A97-4B66-BE71-1B1770AD982B}) (Version: 1.58.133.0 - Schwab)
Trader Workstation (HKU\S-1-5-21-1907028208-728727157-4186076341-1002\...\5889-6375-8446-2021) (Version: latest (957.3j) 20160816 12:14:34 - Interactive Brokers LLC)
TradeStation 9.5 (HKLM-x32\...\{E02A3EE0-1193-454C-8E59-BDFCE6EC7B22}) (Version: 9.05.00.3071 - TradeStation Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WhatsApp (HKU\S-1-5-21-1907028208-728727157-4186076341-1002\...\WhatsApp) (Version: 0.3.1475 - WhatsApp)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\ShellEx.dll [2018-08-25] (AO Kaspersky Lab)
ContextMenuHandlers2: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\ShellEx.dll [2018-08-25] (AO Kaspersky Lab)
ContextMenuHandlers4: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\ShellEx.dll [2018-08-25] (AO Kaspersky Lab)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2015-06-01] (Intel Corporation)
ContextMenuHandlers6: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\ShellEx.dll [2018-08-25] (AO Kaspersky Lab)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION
Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION
Task: {3CE2CE8D-F208-4F35-88E6-6C9F0CE6BF89} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-13] (Adobe Systems Incorporated)
Task: {3EEF47F7-700E-4C5F-83F8-38AC957EA96C} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\avast software\overseer\overseer.exe [2018-11-15] (AVAST Software)
Task: {40525C58-79C2-47A1-9AA2-F1D7FC4F0691} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {6AC7DAD9-0607-4EDC-AA74-4B4E7D3C4C6C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {6E03C6A6-AEFF-4C1B-A925-CC122D8DBA73} - System32\Tasks\{F16AEFA7-4974-4E6F-963B-393C928B976D} => C:\WINDOWS\system32\pcalua.exe -a C:\PROGRA~1\DIFX\DF01F87AB9EE92B0\dpinst64.exe -c /d /u C:\WINDOWS\System32\DriverStore\FileRepository\boseusbcdc.inf_amd64_6171378ea1d78d98\boseusbcdc.inf
Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION
Task: {8208BC39-4C07-448F-93B1-2ECE1A192D6A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {95235334-B72D-4E36-884A-7E5FB82D8718} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {952BC5DC-7CB7-4885-A3E9-2B8DF671B5D3} - System32\Tasks\{25486E99-F4F6-40EC-ACA3-71237145F7C3} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\ray\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveSetup.exe -c  /uninstall
Task: {9661AEF9-7A4D-4EE8-8313-40DA828D22BC} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2018-08-25] (AO Kaspersky Lab)
Task: {A216000C-66D3-4E66-8A6E-D98AB5762D3C} - System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask => C:\Windows\SysWOW64\BthUdTask.exe [2014-10-28] (Microsoft Corporation)
Task: {A98867F8-80F5-4927-9256-C7DC54CD86D6} - System32\Tasks\{56680DE8-C21B-4646-9C86-1657D18C8A86} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\MyPublicWiFi\unins000.exe"
Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION
Task: {DE281518-E746-4719-A9EE-6267D68D4094} - System32\Tasks\TradeStation Backup - Monthly => C:\Program Files (x86)\TradeStation 9.5\Program\TSBackupRestore.exe [2018-01-05] (TradeStation Technologies, Inc.)
Task: {E404E7E0-E063-4214-9D5B-F24A99B0E42B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-10-19] (Piriform Ltd)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\TradeStation Backup - Monthly.job => C:\Program Files (x86)\TradeStation 9.5\Program\TSBackupRestore.exeM/Backup C:\Program Files (x86)\TradeStation 9.5\Templates\Backup\Monthly.tsb
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\ray\AppData\Local\Google\Chrome\User Data\Backup Default\Web Applications\www.askvg.com\http_80\[Did You Know] Google Chrome Allows You to Pin Website Shortcuts on Windows Taskbar, Start Menu and Desktop - AskVG.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --app=hxxp://www.askvg.com/did-you-know-google-chrome-allows-you-to-pin-website-shortcuts-on-windows-taskbar-start-menu-and-desktop/
ShortcutWithArgument: C:\Users\ray\AppData\Local\Google\Chrome\User Data\Backup Default\Web Applications\blog.laptopmag.com\http_80\How to Create a Desktop Shortcut to a Website in Chrome - LAPTOP.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --app=hxxp://blog.laptopmag.com/how-to-create-desktop-shortcuts-for-web-pages-using-chrome
ShortcutWithArgument: C:\Users\ray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anaconda (64-bit)\Anaconda Command Prompt.lnk -> C:\WINDOWS\System32\cmd.exe (Microsoft Corporation) -> /k "C:\Users\ray\Anaconda\Scripts\anaconda.bat"
ShortcutWithArgument: C:\Users\ray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anaconda (64-bit)\Wakari (in the cloud).lnk -> C:\Users\ray\Anaconda\pythonw.exe () -> -m webbrowser -t "hxxps://www.wakari.io/"
 
==================== Loaded Modules (Whitelisted) ==============
 
2018-11-12 19:19 - 2018-11-08 14:14 - 002669400 _____ () C:\Program Files (x86)\Google\Chrome\Application\70.0.3538.102\swiftshader\libglesv2.dll
2018-11-12 19:19 - 2018-11-08 14:14 - 000151384 _____ () C:\Program Files (x86)\Google\Chrome\Application\70.0.3538.102\swiftshader\libegl.dll
2018-08-25 20:00 - 2018-08-25 20:00 - 000864112 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\kpcengine.2.3.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1907028208-728727157-4186076341-1002\...\com -> hxxp://*.Wondershare.com
IE trusted site: HKU\S-1-5-21-1907028208-728727157-4186076341-1002\...\google.com -> hxxps://google.com
IE trusted site: HKU\S-1-5-21-1907028208-728727157-4186076341-1002\...\tradestation.com -> hxxps://tradestation.com
IE restricted site: HKU\S-1-5-21-1907028208-728727157-4186076341-1002\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1907028208-728727157-4186076341-1002\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-1907028208-728727157-4186076341-1002\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-1907028208-728727157-4186076341-1002\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1907028208-728727157-4186076341-1002\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1907028208-728727157-4186076341-1002\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1907028208-728727157-4186076341-1002\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-1907028208-728727157-4186076341-1002\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-1907028208-728727157-4186076341-1002\...\100sexlinks.com -> 100sexlinks.com
IE restricted site: HKU\S-1-5-21-1907028208-728727157-4186076341-1002\...\101lottery.com -> 101lottery.com
IE restricted site: HKU\S-1-5-21-1907028208-728727157-4186076341-1002\...\123found.com -> 123found.com
IE restricted site: HKU\S-1-5-21-1907028208-728727157-4186076341-1002\...\123keno.com -> 123keno.com
IE restricted site: HKU\S-1-5-21-1907028208-728727157-4186076341-1002\...\143[bleep].com -> 143[bleep].com
IE restricted site: HKU\S-1-5-21-1907028208-728727157-4186076341-1002\...\180solutions.com -> 180solutions.com
IE restricted site: HKU\S-1-5-21-1907028208-728727157-4186076341-1002\...\1se.ru -> 1se.ru
IE restricted site: HKU\S-1-5-21-1907028208-728727157-4186076341-1002\...\1sexparty.com -> 1sexparty.com
IE restricted site: HKU\S-1-5-21-1907028208-728727157-4186076341-1002\...\1stfind.com -> 1stfind.com
IE restricted site: HKU\S-1-5-21-1907028208-728727157-4186076341-1002\...\1stpagehere.com -> 1stpagehere.com
IE restricted site: HKU\S-1-5-21-1907028208-728727157-4186076341-1002\...\2020search.com -> 2020search.com
IE restricted site: HKU\S-1-5-21-1907028208-728727157-4186076341-1002\...\20x2p.com -> 20x2p.com
 
There are 1515 more sites.
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 05:25 - 2013-08-22 05:25 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1907028208-728727157-4186076341-1002\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
If an entry is included in the fixlist, it will be removed.
 
MSCONFIG\Services: !SASCORE => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AERTFilters => 2
MSCONFIG\Services: CLKMSVC10_38F51D56 => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: LMIGuardianSvc => 2
MSCONFIG\Services: LMIMaint => 2
MSCONFIG\Services: RichVideo => 2
MSCONFIG\Services: ZAtheros Wlan Agent => 2
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "BDRegion"
HKLM\...\StartupApproved\Run32: => "CLMLServer_For_P2G8"
HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKU\S-1-5-21-1907028208-728727157-4186076341-1002\...\StartupApproved\Run: => "QuickLaunch"
HKU\S-1-5-21-1907028208-728727157-4186076341-1002\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-1907028208-728727157-4186076341-1002\...\StartupApproved\Run: => "GoToMeeting"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [UDP Query User{A498A7AF-6631-42B0-83AA-9CA7172658DD}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{D3FFE042-005A-4566-A788-7DD9B01D3702}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{FBED2E7E-93A0-4DD1-A16C-0066C7B5A377}] => (Allow) LPort=1900
FirewallRules: [{35DCDB1E-F4BB-4685-907B-FD83FD77C44E}] => (Allow) LPort=2869
FirewallRules: [{DA154CA2-97FC-4701-9A85-761977850E43}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{13D12EAE-CE0B-4FE5-9752-8BAF43DD8CE3}] => (Allow) C:\Program Files (x86)\MyPublicWiFi\MyPublicWiFi.exe
FirewallRules: [{64BC6B1E-F620-46E6-8552-FA312C8EDFA8}] => (Allow) C:\Program Files (x86)\MyPublicWiFi\MyPublicWiFi.exe
FirewallRules: [{F3E1EE1E-398D-4E65-924C-BEB868097E9F}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{C4DFF900-C8DD-447A-9451-AE66D7B9E542}] => (Allow) C:\Program Files (x86)\MyPublicWiFi\MyPublicWiFi.exe
FirewallRules: [{773186B7-2C97-4D39-A835-A8A0C8F0A5EB}] => (Allow) C:\Program Files (x86)\MyPublicWiFi\MyPublicWiFi.exe
FirewallRules: [{BC42A57D-AA93-4DA1-9166-91907F7D39B6}] => (Allow) LPort=3306
FirewallRules: [{36FD0FDD-0BF9-4097-A16E-2B1F1B4E8C70}] => (Allow) LPort=3306
FirewallRules: [{34518002-9A4D-4604-87B7-EA3C92005FCD}] => (Allow) LPort=11030
FirewallRules: [{9175C9A3-CF8F-465B-B279-1445462692EB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/16/2018 03:32:33 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2118-10-23T23:32:33Z. Error Code: 0x80070005.
 
Error: (11/16/2018 03:32:03 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2118-10-23T23:32:03Z. Error Code: 0x80070005.
 
Error: (11/16/2018 03:31:33 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2118-10-23T23:31:33Z. Error Code: 0x80070005.
 
Error: (11/16/2018 03:31:03 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2118-10-23T23:31:03Z. Error Code: 0x80070005.
 
Error: (11/16/2018 03:30:33 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2118-10-23T23:30:33Z. Error Code: 0x80070005.
 
Error: (11/16/2018 03:30:03 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2118-10-23T23:30:03Z. Error Code: 0x80070005.
 
Error: (11/16/2018 03:29:11 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2118-10-23T23:29:11Z. Error Code: 0x80070005.
 
Error: (11/16/2018 03:28:41 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2118-10-23T23:28:41Z. Error Code: 0x80070005.
 
 
System errors:
=============
Error: (10/02/2018 12:40:07 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error: 
Incorrect function.
 
Error: (09/24/2018 08:16:05 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
An instance of the service is already running.
 
Error: (09/24/2018 08:15:35 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (09/24/2018 08:15:33 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with the following service-specific error: 
%%2147749126
 
Error: (09/24/2018 08:15:00 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:25:39 PM on ‎9/‎24/‎2018 was unexpected.
 
Error: (09/24/2018 04:35:32 PM) (Source: volsnap) (EventID: 29) (User: )
Description: The shadow copies of volume \\?\Volume{9897c219-3bd9-4c07-8718-a4426b10a825} were aborted during detection.
 
Error: (09/24/2018 04:24:19 PM) (Source: DCOM) (EventID: 10010) (User: WINDOWS-R5DKETL)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
 
Error: (09/17/2018 03:20:17 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register with DCOM within the required timeout.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU G645 @ 2.90GHz
Percentage of memory in use: 40%
Total physical RAM: 3965.59 MB
Available physical RAM: 2362.31 MB
Total Virtual: 7965.59 MB
Available Virtual: 6353.63 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:455.41 GB) (Free:410.33 GB) NTFS
Drive f: (WINRETOOLS) (Fixed) (Total:2 GB) (Free:1.29 GB) NTFS
 
\\?\Volume{a7b39cb4-7b5b-4d11-b31d-55d8c62cc1f1}\ () (Fixed) (Total:0.44 GB) (Free:0.18 GB) NTFS
\\?\Volume{c8315d7d-48fb-4b67-93f1-f6e0a0bda3f4}\ (PBR Image) (Fixed) (Total:7.29 GB) (Free:0.74 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

 


  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP