Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

HELP !Google will not load anymore.


  • Please log in to reply

#1
dolface755

dolface755

    Member

  • Member
  • PipPipPip
  • 247 posts

Been working on this computer for over a week. It keeps deleting the net card, ad if the net card is there then I don't have internet....Last night I tried again after running both AVG and Malware Bytes to see if that helped. Neither one of them came up with anything in there.

I have done the FRST for you and I will attach it at the end of this request. If we can`t get google working for whatever reason. Is there a way for me to get my saved favorites, bookmarks, and all my saved password. I do have a few of them written down, just not sure ones are there that I need.

Thank you so much for your help and expertise

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-05.2019
Ran by Dragonsgrl (administrator) on DRAGONSGRL-PC (Acer Aspire 5552) (09-05-2019 07:59:20)
Running from C:\Users\Dragonsgrl\Desktop
Loaded Profiles: Dragonsgrl (Available Profiles: Dragonsgrl)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Acer Incorporated -> Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Adobe Systems Incorporated -> Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10i_ActiveX.exe
(Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswidsagent.exe
(AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
(AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe
(CHENGDU YIWO Tech Development Co., Ltd. -> ) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
(CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
(Dritek System Inc. -> Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Dritek System Inc. -> Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc. -> Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Dritek System Inc. -> Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleCrashHandler64.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\System32\WirelessKB850NotificationService.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(NewTech Infosystems, Inc -> NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(NewTech Infosystems, Inc -> NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.3.227\WsAppService.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated -> Acer Incorporated)
HKLM\...\Run: [ALU] => C:\Program Files\Acer\Acer Updater\ALU.exe [2379056 2017-04-21] (Acer Incorporated -> Acer Incorporated)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [308656 2019-04-24] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-06-28] (NewTech Infosystems, Inc -> NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc. -> Dritek System Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642304 2013-04-30] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [NPSStartup] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3326494740-2715231408-2236335189-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22488952 2019-03-11] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-3326494740-2715231408-2236335189-1001\...\MountPoints2: {4131879e-c31e-11e8-903f-1c75080899c1} - E:\windows\AutoRun.exe
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\74.0.3729.131\Installer\chrmstp.exe [2019-05-09] (Google LLC -> Google Inc.)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {3EFDED95-C945-4D5D-B367-6D391B171A15} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-11-09] (Google Inc -> Google Inc.)
Task: {60553A67-C09C-4DE9-8918-8EA744C6AA63} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-11-09] (Google Inc -> Google Inc.)
Task: {62F61FAF-AE2B-40F5-8396-ED7D693759C2} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [2970544 2019-04-24] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
Task: {76525926-B807-48E8-96F0-7428D0A98D67} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16494464 2019-03-11] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {8B7F4956-7EB4-45D4-8B40-8B4765E4FAE7} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-03-11] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {B8FB64B6-A962-42FA-90CA-5EF1C3E5B335} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_108_pepper.exe [1454592 2018-09-24] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {C4F13FC6-4202-4B86-977B-1A4DC68B3184} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2408496 2019-04-03] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
Task: {E06C451E-89AF-4EE9-9DDD-70943149601D} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [24480 2016-06-08] (Acer Incorporated -> Acer Incorporated)
Task: {E37B5C17-A2D8-4CC7-A344-468D2A3FF1C0} - System32\Tasks\Core Temp Autostart Dragonsgrl => C:\Program Files\Core Temp\Core Temp.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 75.153.171.122
Tcpip\..\Interfaces\{5AE284F5-3F40-4BA8-AD39-FD777996F789}: [DhcpNameServer] 192.168.1.254 75.153.171.122

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-3326494740-2715231408-2236335189-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://ca.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_anvsft_18_11&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dca%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyE0CtD0FyC0EtCtBtDtD0DyBzzyBtByBtN0D0Tzu0StBtByCyDtN1L2XzuyEtFtBtCtFtDtFtCtBtAtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyD0FyDtBzz0EyDyCtGtAyBtB0CtGtD0A0A0DtGtBtBzyyEtG0BtAtC0AyE0AtCzyyC0BzzyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE1TtCtB1QtC1TyBtG1R1R1PyDtGyEtA1P1QtG1S1Q1QtDtG1R1RyCtA1Ozzzy1RtB1P1Tzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDtBtCtCyEzzzzyEtA%26cr%3D567869070%26a%3Dwbf_anvsft_18_11%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium
HKU\S-1-5-21-3326494740-2715231408-2236335189-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_161\bin\ssv.dll [2018-01-21] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-01-21] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation -> Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-01-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-01-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2018-12-27] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2018-12-27] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2018-12-27] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2018-12-27] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://ca.yahoo.com/
CHR StartupUrls: Default -> "hxxps://ca.yahoo.com/"
CHR DefaultSearchURL: Default -> hxxps://ca.search.yahoo.com/search{google:pathWildcard}?ei={inputEncoding}&fr=crmas&p={searchTerms}
CHR DefaultSearchKeyword: Default -> ca.yahoo.com
CHR DefaultSuggestURL: Default -> hxxps://ca.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}
CHR Profile: C:\Users\Dragonsgrl\AppData\Local\Google\Chrome\User Data\Default [2019-05-09]
CHR Extension: (Slides) - C:\Users\Dragonsgrl\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-09]
CHR Extension: (Docs) - C:\Users\Dragonsgrl\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-09]
CHR Extension: (Google Drive) - C:\Users\Dragonsgrl\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-17]
CHR Extension: (YouTube) - C:\Users\Dragonsgrl\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-11-09]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Dragonsgrl\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2019-04-22]
CHR Extension: (Flash Playlist) - C:\Users\Dragonsgrl\AppData\Local\Google\Chrome\User Data\Default\Extensions\fanagokoaogopceablgmpndejhedkjjb [2018-04-03]
CHR Extension: (Sheets) - C:\Users\Dragonsgrl\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-09]
CHR Extension: (Google Docs Offline) - C:\Users\Dragonsgrl\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-17]
CHR Extension: (Save to Facebook) - C:\Users\Dragonsgrl\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd [2019-01-17]
CHR Extension: (Popup Blocker Pro) - C:\Users\Dragonsgrl\AppData\Local\Google\Chrome\User Data\Default\Extensions\kiodaajmphnkcajieajajinghpejdjai [2019-05-06]
CHR Extension: (F.B.(FluffBusting)Purity) - C:\Users\Dragonsgrl\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmkinhboiljjkhaknpaeaicmdjhagpep [2019-05-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dragonsgrl\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Gmail) - C:\Users\Dragonsgrl\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-29]
CHR Extension: (Chrome Media Router) - C:\Users\Dragonsgrl\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-03-28]
CHR Profile: C:\Users\Dragonsgrl\AppData\Local\Google\Chrome\User Data\Guest Profile [2019-05-08]
CHR Profile: C:\Users\Dragonsgrl\AppData\Local\Google\Chrome\User Data\Profile 1 [2019-05-08]
CHR Extension: (Slides) - C:\Users\Dragonsgrl\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-01-31]
CHR Extension: (Docs) - C:\Users\Dragonsgrl\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2019-01-31]
CHR Extension: (Google Drive) - C:\Users\Dragonsgrl\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-01-31]
CHR Extension: (YouTube) - C:\Users\Dragonsgrl\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-01-31]
CHR Extension: (Sheets) - C:\Users\Dragonsgrl\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-01-31]
CHR Extension: (Google Docs Offline) - C:\Users\Dragonsgrl\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-01-31]
CHR Extension: (AVG SafePrice | Comparison, deals, coupons) - C:\Users\Dragonsgrl\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mbckjcfnjmoiinpgddefodcighgikkgn [2019-01-31]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dragonsgrl\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-01-31]
CHR Extension: (Gmail) - C:\Users\Dragonsgrl\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-01-31]
CHR Extension: (Chrome Media Router) - C:\Users\Dragonsgrl\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-01-31]
CHR Profile: C:\Users\Dragonsgrl\AppData\Local\Google\Chrome\User Data\System Profile [2019-05-08]
CHR HKLM-x32\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [203264 2009-08-18] (Microsoft Windows Hardware Compatibility Publisher -> AMD)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-04-29] (Advanced Micro Devices, Inc.) [File not signed]
R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [362536 2019-04-24] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [6709272 2019-04-24] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [40080 2018-05-10] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes Corporation -> Malwarebytes)
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-26] (EGIS TECHNOLOGY INC. -> Egis Technology Inc.)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-01-15] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Windows -> Microsoft Corporation)
R2 WirelessKB850NotificationService; C:\Windows\system32\WirelessKB850NotificationService.exe [174256 2018-05-14] (Microsoft Corporation -> Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.227\WsAppService.exe [492768 2017-06-21] (Wondershare Technology Co.,Ltd -> Wondershare)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdiox64; C:\Windows\System32\DRIVERS\amdiox64.sys [46136 2010-02-18] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [96896 2012-05-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
R3 atikmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [6037504 2009-08-18] (Microsoft Windows Hardware Compatibility Publisher -> ATI Technologies Inc.)
R0 AtiPcie; C:\Windows\System32\DRIVERS\AtiPcie.sys [16440 2009-08-23] (Advanced Micro Devices, Inc. -> Advanced Micro Devices Inc.)
R0 avgArDisk; C:\Windows\System32\drivers\avgArDisk.sys [37368 2019-04-24] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R1 avgArPot; C:\Windows\System32\drivers\avgArPot.sys [205656 2019-04-24] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\Windows\System32\drivers\avgbidsdriver.sys [254680 2019-04-24] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\Windows\System32\drivers\avgbidsh.sys [196560 2019-04-24] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\Windows\System32\drivers\avgblog.sys [320672 2019-04-24] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\Windows\System32\drivers\avgbuniv.sys [58152 2019-04-24] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R1 avgKbd; C:\Windows\System32\drivers\avgKbd.sys [42336 2019-04-24] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\Windows\System32\drivers\avgMonFlt.sys [166896 2019-04-24] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\Windows\System32\drivers\avgRdr2.sys [112360 2019-04-24] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\Windows\System32\drivers\avgRvrt.sys [87992 2019-04-24] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\Windows\System32\drivers\avgSnx.sys [1030832 2019-04-24] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\System32\drivers\avgSP.sys [476824 2019-04-24] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\Windows\System32\drivers\avgStm.sys [220472 2019-04-24] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\Windows\System32\drivers\avgVmm.sys [385904 2019-04-24] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R3 dc3d; C:\Windows\System32\DRIVERS\dc3d.sys [47616 2011-05-18] (Hardware Group Test Cert -> Microsoft Corporation)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131712 2017-01-15] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [54216 2018-05-15] (CHENGDU YIWO Tech Development Co., Ltd. -> )
R3 k57nd60a; C:\Windows\System32\DRIVERS\k57nd60a.sys [384040 2010-05-14] (Broadcom Corporation -> Broadcom Corporation)
S3 massfilter_hs; C:\Windows\system32\drivers\massfilter_hs.sys [20232 2012-06-20] (ZTE CORPORATION -> HandSet Incorporated)
S3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [110016 2017-11-10] (Malwarebytes Corporation -> Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2019-05-08] (Malwarebytes Corporation -> Malwarebytes)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [165504 2017-01-15] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R3 WirelessKeyboardFilter; C:\Windows\System32\DRIVERS\WirelessKeyboardFilter.sys [49336 2018-03-11] (Microsoft Corporation -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-05-09 07:59 - 2019-05-09 08:03 - 000025427 _____ C:\Users\Dragonsgrl\Desktop\FRST.txt
2019-05-09 07:59 - 2019-05-09 07:59 - 000000000 ____D C:\FRST
2019-05-09 07:56 - 2019-05-09 07:56 - 002430976 _____ (Farbar) C:\Users\Dragonsgrl\Desktop\FRST64.exe
2019-05-09 06:29 - 2019-05-09 06:29 - 000003304 ____N C:\bootsqm.dat
2019-05-09 00:12 - 2019-05-08 19:26 - 057770752 _____ (Google LLC) C:\Users\Dragonsgrl\Downloads\ChromeStandaloneSetup64.exe
2019-05-08 23:56 - 2019-05-09 00:56 - 000241330 _____ C:\Windows\ntbtlog.txt
2019-05-08 17:49 - 2019-05-09 01:33 - 000002263 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-04-26 10:25 - 2019-05-08 17:32 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-04-24 12:45 - 2019-04-24 12:44 - 000362928 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
2019-04-12 13:57 - 2019-04-24 12:47 - 000000077 _____ C:\Windows\system32\Drivers\avgSP.sys.sum
2019-04-11 13:25 - 2019-04-01 18:57 - 003229696 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2019-04-11 13:25 - 2019-03-26 17:40 - 003181568 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2019-04-11 13:25 - 2019-03-25 23:14 - 025736704 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2019-04-11 13:25 - 2019-03-25 22:12 - 020280832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2019-04-11 13:25 - 2019-03-25 22:05 - 015284736 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2019-04-11 13:25 - 2019-03-25 22:00 - 004858880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2019-04-11 13:25 - 2019-03-25 21:24 - 013682176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2019-04-11 13:25 - 2019-03-25 21:08 - 004386304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2019-04-11 13:25 - 2019-03-11 14:41 - 002009600 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2019-04-11 13:25 - 2019-03-11 14:41 - 001894912 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2019-04-11 13:25 - 2019-02-12 09:08 - 014184448 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2019-04-11 13:24 - 2019-03-28 18:36 - 000114688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys
2019-04-11 13:24 - 2019-03-27 20:35 - 000348776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2019-04-11 13:24 - 2019-03-27 18:55 - 000397120 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2019-04-11 13:24 - 2019-03-25 23:03 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2019-04-11 13:24 - 2019-03-25 23:03 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2019-04-11 13:24 - 2019-03-25 22:52 - 002902528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2019-04-11 13:24 - 2019-03-25 22:51 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2019-04-11 13:24 - 2019-03-25 22:51 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2019-04-11 13:24 - 2019-03-25 22:50 - 000577024 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2019-04-11 13:24 - 2019-03-25 22:50 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2019-04-11 13:24 - 2019-03-25 22:50 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2019-04-11 13:24 - 2019-03-25 22:44 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2019-04-11 13:24 - 2019-03-25 22:43 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2019-04-11 13:24 - 2019-03-25 22:41 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2019-04-11 13:24 - 2019-03-25 22:40 - 005777920 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2019-04-11 13:24 - 2019-03-25 22:40 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2019-04-11 13:24 - 2019-03-25 22:40 - 000790528 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2019-04-11 13:24 - 2019-03-25 22:40 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2019-04-11 13:24 - 2019-03-25 22:40 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2019-04-11 13:24 - 2019-03-25 22:35 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2019-04-11 13:24 - 2019-03-25 22:31 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2019-04-11 13:24 - 2019-03-25 22:26 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2019-04-11 13:24 - 2019-03-25 22:26 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2019-04-11 13:24 - 2019-03-25 22:25 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2019-04-11 13:24 - 2019-03-25 22:22 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2019-04-11 13:24 - 2019-03-25 22:22 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2019-04-11 13:24 - 2019-03-25 22:20 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2019-04-11 13:24 - 2019-03-25 22:18 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2019-04-11 13:24 - 2019-03-25 22:10 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2019-04-11 13:24 - 2019-03-25 22:08 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2019-04-11 13:24 - 2019-03-25 22:08 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2019-04-11 13:24 - 2019-03-25 22:07 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2019-04-11 13:24 - 2019-03-25 22:06 - 002135552 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2019-04-11 13:24 - 2019-03-25 22:01 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2019-04-11 13:24 - 2019-03-25 21:51 - 000498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2019-04-11 13:24 - 2019-03-25 21:51 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2019-04-11 13:24 - 2019-03-25 21:50 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2019-04-11 13:24 - 2019-03-25 21:50 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2019-04-11 13:24 - 2019-03-25 21:50 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2019-04-11 13:24 - 2019-03-25 21:48 - 002295808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2019-04-11 13:24 - 2019-03-25 21:48 - 001556992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2019-04-11 13:24 - 2019-03-25 21:46 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2019-04-11 13:24 - 2019-03-25 21:45 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2019-04-11 13:24 - 2019-03-25 21:44 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2019-04-11 13:24 - 2019-03-25 21:43 - 000663040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2019-04-11 13:24 - 2019-03-25 21:43 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2019-04-11 13:24 - 2019-03-25 21:43 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2019-04-11 13:24 - 2019-03-25 21:36 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2019-04-11 13:24 - 2019-03-25 21:36 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2019-04-11 13:24 - 2019-03-25 21:33 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2019-04-11 13:24 - 2019-03-25 21:33 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2019-04-11 13:24 - 2019-03-25 21:32 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2019-04-11 13:24 - 2019-03-25 21:31 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2019-04-11 13:24 - 2019-03-25 21:29 - 004494848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2019-04-11 13:24 - 2019-03-25 21:29 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2019-04-11 13:24 - 2019-03-25 21:29 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2019-04-11 13:24 - 2019-03-25 21:28 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2019-04-11 13:24 - 2019-03-25 21:23 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2019-04-11 13:24 - 2019-03-25 21:22 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2019-04-11 13:24 - 2019-03-25 21:21 - 002059776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2019-04-11 13:24 - 2019-03-25 21:21 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2019-04-11 13:24 - 2019-03-25 21:04 - 001332224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2019-04-11 13:24 - 2019-03-25 21:02 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2019-04-11 13:24 - 2019-03-20 19:13 - 005552872 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2019-04-11 13:24 - 2019-03-20 19:13 - 000708328 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2019-04-11 13:24 - 2019-03-20 19:13 - 000631680 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2019-04-11 13:24 - 2019-03-20 19:13 - 000262376 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2019-04-11 13:24 - 2019-03-20 19:13 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2019-04-11 13:24 - 2019-03-20 19:12 - 001664352 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2019-04-11 13:24 - 2019-03-20 19:12 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2019-04-11 13:24 - 2019-03-20 19:10 - 001472512 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2019-04-11 13:24 - 2019-03-20 19:10 - 001211392 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2019-04-11 13:24 - 2019-03-20 19:10 - 001162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2019-04-11 13:24 - 2019-03-20 19:10 - 000733184 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2019-04-11 13:24 - 2019-03-20 19:10 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2019-04-11 13:24 - 2019-03-20 19:10 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2019-04-11 13:24 - 2019-03-20 19:10 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2019-04-11 13:24 - 2019-03-20 19:10 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2019-04-11 13:24 - 2019-03-20 19:10 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2019-04-11 13:24 - 2019-03-20 19:10 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2019-04-11 13:24 - 2019-03-20 19:10 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2019-04-11 13:24 - 2019-03-20 19:10 - 000236032 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2019-04-11 13:24 - 2019-03-20 19:10 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2019-04-11 13:24 - 2019-03-20 19:10 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2019-04-11 13:24 - 2019-03-20 19:10 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2019-04-11 13:24 - 2019-03-20 19:10 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2019-04-11 13:24 - 2019-03-20 19:10 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2019-04-11 13:24 - 2019-03-20 19:10 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2019-04-11 13:24 - 2019-03-20 19:10 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2019-04-11 13:24 - 2019-03-20 19:10 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2019-04-11 13:24 - 2019-03-20 19:10 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2019-04-11 13:24 - 2019-03-20 19:10 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2019-04-11 13:24 - 2019-03-20 19:10 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2019-04-11 13:24 - 2019-03-20 19:10 - 000032768 _____ (Microsoft Corporation) C:\Windows\system32\sxssrv.dll
2019-04-11 13:24 - 2019-03-20 19:10 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2019-04-11 13:24 - 2019-03-20 19:10 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2019-04-11 13:24 - 2019-03-20 19:10 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2019-04-11 13:24 - 2019-03-20 19:10 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2019-04-11 13:24 - 2019-03-20 19:10 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2019-04-11 13:24 - 2019-03-20 19:10 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
2019-04-11 13:24 - 2019-03-20 19:09 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2019-04-11 13:24 - 2019-03-20 19:09 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2019-04-11 13:24 - 2019-03-20 19:09 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2019-04-11 13:24 - 2019-03-20 19:09 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2019-04-11 13:24 - 2019-03-20 19:09 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2019-04-11 13:24 - 2019-03-20 19:09 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2019-04-11 13:24 - 2019-03-20 19:09 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2019-04-11 13:24 - 2019-03-20 19:09 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2019-04-11 13:24 - 2019-03-20 19:09 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2019-04-11 13:24 - 2019-03-20 19:09 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2019-04-11 13:24 - 2019-03-20 19:09 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2019-04-11 13:24 - 2019-03-20 19:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2019-04-11 13:24 - 2019-03-20 19:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2019-04-11 13:24 - 2019-03-20 19:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2019-04-11 13:24 - 2019-03-20 19:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2019-04-11 13:24 - 2019-03-20 19:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2019-04-11 13:24 - 2019-03-20 19:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2019-04-11 13:24 - 2019-03-20 19:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2019-04-11 13:24 - 2019-03-20 19:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2019-04-11 13:24 - 2019-03-20 19:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2019-04-11 13:24 - 2019-03-20 19:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2019-04-11 13:24 - 2019-03-20 19:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2019-04-11 13:24 - 2019-03-20 19:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2019-04-11 13:24 - 2019-03-20 19:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2019-04-11 13:24 - 2019-03-20 19:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2019-04-11 13:24 - 2019-03-20 19:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2019-04-11 13:24 - 2019-03-20 19:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2019-04-11 13:24 - 2019-03-20 19:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2019-04-11 13:24 - 2019-03-20 19:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2019-04-11 13:24 - 2019-03-20 19:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2019-04-11 13:24 - 2019-03-20 19:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2019-04-11 13:24 - 2019-03-20 19:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2019-04-11 13:24 - 2019-03-20 19:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2019-04-11 13:24 - 2019-03-20 19:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2019-04-11 13:24 - 2019-03-20 19:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2019-04-11 13:24 - 2019-03-20 19:03 - 003961576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2019-04-11 13:24 - 2019-03-20 19:02 - 004056296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2019-04-11 13:24 - 2019-03-20 19:02 - 001314104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2019-04-11 13:24 - 2019-03-20 19:00 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2019-04-11 13:24 - 2019-03-20 19:00 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2019-04-11 13:24 - 2019-03-20 19:00 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2019-04-11 13:24 - 2019-03-20 19:00 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2019-04-11 13:24 - 2019-03-20 19:00 - 000556032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2019-04-11 13:24 - 2019-03-20 19:00 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2019-04-11 13:24 - 2019-03-20 19:00 - 000275968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2019-04-11 13:24 - 2019-03-20 19:00 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2019-04-11 13:24 - 2019-03-20 19:00 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2019-04-11 13:24 - 2019-03-20 19:00 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2019-04-11 13:24 - 2019-03-20 19:00 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2019-04-11 13:24 - 2019-03-20 19:00 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2019-04-11 13:24 - 2019-03-20 19:00 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2019-04-11 13:24 - 2019-03-20 19:00 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2019-04-11 13:24 - 2019-03-20 19:00 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2019-04-11 13:24 - 2019-03-20 19:00 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2019-04-11 13:24 - 2019-03-20 19:00 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2019-04-11 13:24 - 2019-03-20 19:00 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2019-04-11 13:24 - 2019-03-20 19:00 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2019-04-11 13:24 - 2019-03-20 19:00 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2019-04-11 13:24 - 2019-03-20 19:00 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2019-04-11 13:24 - 2019-03-20 19:00 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2019-04-11 13:24 - 2019-03-20 19:00 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2019-04-11 13:24 - 2019-03-20 19:00 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2019-04-11 13:24 - 2019-03-20 19:00 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2019-04-11 13:24 - 2019-03-20 19:00 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2019-04-11 13:24 - 2019-03-20 19:00 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2019-04-11 13:24 - 2019-03-20 19:00 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2019-04-11 13:24 - 2019-03-20 19:00 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2019-04-11 13:24 - 2019-03-20 19:00 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2019-04-11 13:24 - 2019-03-20 19:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2019-04-11 13:24 - 2019-03-20 19:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2019-04-11 13:24 - 2019-03-20 19:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2019-04-11 13:24 - 2019-03-20 19:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2019-04-11 13:24 - 2019-03-20 19:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2019-04-11 13:24 - 2019-03-20 19:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2019-04-11 13:24 - 2019-03-20 19:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2019-04-11 13:24 - 2019-03-20 19:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2019-04-11 13:24 - 2019-03-20 19:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2019-04-11 13:24 - 2019-03-20 19:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2019-04-11 13:24 - 2019-03-20 19:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2019-04-11 13:24 - 2019-03-20 19:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2019-04-11 13:24 - 2019-03-20 19:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2019-04-11 13:24 - 2019-03-20 19:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2019-04-11 13:24 - 2019-03-20 19:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2019-04-11 13:24 - 2019-03-20 19:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2019-04-11 13:24 - 2019-03-20 19:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2019-04-11 13:24 - 2019-03-20 18:45 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2019-04-11 13:24 - 2019-03-20 18:45 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2019-04-11 13:24 - 2019-03-20 18:45 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2019-04-11 13:24 - 2019-03-20 18:44 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2019-04-11 13:24 - 2019-03-20 18:41 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2019-04-11 13:24 - 2019-03-20 18:41 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2019-04-11 13:24 - 2019-03-20 18:41 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2019-04-11 13:24 - 2019-03-20 18:40 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2019-04-11 13:24 - 2019-03-20 18:40 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
2019-04-11 13:24 - 2019-03-20 18:38 - 000464384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2019-04-11 13:24 - 2019-03-20 18:38 - 000406016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2019-04-11 13:24 - 2019-03-20 18:38 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2019-04-11 13:24 - 2019-03-20 18:38 - 000169984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2019-04-11 13:24 - 2019-03-20 18:38 - 000161280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2019-04-11 13:24 - 2019-03-20 18:38 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2019-04-11 13:24 - 2019-03-20 18:37 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2019-04-11 13:24 - 2019-03-20 18:37 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2019-04-11 13:24 - 2019-03-20 18:37 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2019-04-11 13:24 - 2019-03-20 18:37 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2019-04-11 13:24 - 2019-03-20 18:37 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2019-04-11 13:24 - 2019-03-20 18:37 - 000044544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\npfs.sys
2019-04-11 13:24 - 2019-03-20 18:37 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2019-04-11 13:24 - 2019-03-20 18:36 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2019-04-11 13:24 - 2019-03-20 18:36 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2019-04-11 13:24 - 2019-03-20 18:36 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2019-04-11 13:24 - 2019-03-20 18:36 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2019-04-11 13:24 - 2019-03-20 18:35 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2019-04-11 13:24 - 2019-03-20 18:35 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2019-04-11 13:24 - 2019-03-20 18:35 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2019-04-11 13:24 - 2019-03-20 18:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2019-04-11 13:24 - 2019-03-20 18:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2019-04-11 13:24 - 2019-03-15 21:11 - 000114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2019-04-11 13:24 - 2019-03-15 21:09 - 003247616 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2019-04-11 13:24 - 2019-03-15 21:09 - 002072576 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2019-04-11 13:24 - 2019-03-15 21:09 - 000878080 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2019-04-11 13:24 - 2019-03-15 21:09 - 000516608 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2019-04-11 13:24 - 2019-03-15 21:09 - 000504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2019-04-11 13:24 - 2019-03-15 21:09 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\mf3216.dll
2019-04-11 13:24 - 2019-03-15 21:09 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2019-04-11 13:24 - 2019-03-15 21:09 - 000025600 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2019-04-11 13:24 - 2019-03-15 21:09 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2019-04-11 13:24 - 2019-03-15 21:09 - 000008192 _____ (Microsoft Corporation) C:\Windows\system32\msimg32.dll
2019-04-11 13:24 - 2019-03-15 21:08 - 001942016 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2019-04-11 13:24 - 2019-03-15 21:08 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2019-04-11 13:24 - 2019-03-15 20:58 - 002368000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2019-04-11 13:24 - 2019-03-15 20:58 - 001806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2019-04-11 13:24 - 2019-03-15 20:58 - 001425920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2019-04-11 13:24 - 2019-03-15 20:58 - 000583680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2019-04-11 13:24 - 2019-03-15 20:58 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2019-04-11 13:24 - 2019-03-15 20:58 - 000046080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf3216.dll
2019-04-11 13:24 - 2019-03-15 20:58 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
2019-04-11 13:24 - 2019-03-15 20:58 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2019-04-11 13:24 - 2019-03-15 20:58 - 000004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimg32.dll
2019-04-11 13:24 - 2019-03-15 20:42 - 000128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2019-04-11 13:24 - 2019-03-15 20:40 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
2019-04-11 13:24 - 2019-03-15 20:38 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2019-04-11 13:24 - 2019-03-13 08:09 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2019-04-11 13:24 - 2019-03-13 08:02 - 000313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2019-04-11 13:24 - 2019-03-13 07:35 - 000475648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxbde40.dll
2019-04-11 13:24 - 2019-03-13 07:35 - 000375808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mspbde40.dll
2019-04-11 13:24 - 2019-03-12 07:34 - 001311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
2019-04-11 13:24 - 2019-03-12 07:34 - 000352768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2019-04-11 13:24 - 2019-03-12 07:34 - 000340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2019-04-11 13:24 - 2019-03-11 14:41 - 001032192 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2019-04-11 13:24 - 2019-03-11 14:41 - 000688128 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2019-04-11 13:24 - 2019-03-11 14:41 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\oleprn.dll
2019-04-11 13:24 - 2019-03-11 14:41 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2019-04-11 13:24 - 2019-03-11 14:41 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2019-04-11 13:24 - 2019-03-11 14:33 - 001391616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2019-04-11 13:24 - 2019-03-11 14:33 - 001241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2019-04-11 13:24 - 2019-03-11 14:33 - 000827904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2019-04-11 13:24 - 2019-03-11 14:33 - 000107520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleprn.dll
2019-04-11 13:24 - 2019-03-11 14:33 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2019-04-11 13:24 - 2019-03-11 14:33 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2019-04-11 13:24 - 2019-02-21 08:48 - 000025088 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
2019-04-11 13:24 - 2019-02-21 08:43 - 000026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe
2019-04-11 13:24 - 2019-02-21 08:37 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2019-04-11 13:24 - 2019-02-12 09:08 - 001867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2019-04-11 13:24 - 2019-02-12 08:58 - 012880896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2019-04-11 13:24 - 2019-02-12 08:58 - 001499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2019-04-11 13:24 - 2019-02-08 09:08 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2019-04-11 13:24 - 2019-02-08 09:00 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-05-09 07:57 - 2009-07-13 21:45 - 000009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-05-09 07:57 - 2009-07-13 21:45 - 000009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-05-09 06:58 - 2009-07-13 22:13 - 000782744 _____ C:\Windows\system32\PerfStringBackup.INI
2019-05-09 06:58 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\inf
2019-05-09 06:53 - 2009-07-13 22:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-05-09 01:33 - 2017-11-09 22:22 - 000002304 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-05-08 17:31 - 2018-06-01 11:23 - 000000000 ____D C:\Users\Dragonsgrl\Documents\computer fix
2019-05-08 17:26 - 2017-11-10 01:17 - 000004162 _____ C:\Windows\System32\Tasks\Antivirus Emergency Update
2019-05-05 22:05 - 2018-01-21 21:19 - 000000000 ____D C:\Users\Dragonsgrl\AppData\Roaming\PhotoScape
2019-05-03 20:36 - 2019-02-21 11:00 - 000003148 _____ C:\Windows\System32\Tasks\SidebarExecute
2019-05-03 20:36 - 2018-10-27 14:39 - 000003870 _____ C:\Windows\System32\Tasks\CCleaner Update
2019-05-03 20:36 - 2018-10-27 14:39 - 000002810 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2019-05-03 20:36 - 2018-09-05 19:06 - 000000000 ____D C:\Windows\System32\Tasks\AVAST Software
2019-05-03 20:36 - 2017-11-13 14:08 - 000003980 _____ C:\Windows\System32\Tasks\UALU notificatin
2019-05-03 20:36 - 2017-11-09 22:21 - 000003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2019-05-03 20:36 - 2017-11-09 22:21 - 000003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2019-04-30 23:09 - 2018-03-12 12:58 - 000000000 ____D C:\Users\Dragonsgrl\AppData\Roaming\SoftGrid Client
2019-04-24 12:47 - 2018-11-27 15:45 - 000476824 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
2019-04-24 12:47 - 2018-11-27 15:45 - 000385904 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys
2019-04-24 12:44 - 2018-11-27 15:45 - 000220472 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStm.sys
2019-04-24 12:44 - 2018-11-27 15:44 - 000166896 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys
2019-04-24 12:44 - 2018-11-27 15:44 - 000112360 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys
2019-04-24 12:44 - 2018-11-27 15:44 - 000087992 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
2019-04-24 12:44 - 2018-11-27 15:44 - 000042336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgKbd.sys
2019-04-24 12:43 - 2019-01-14 19:05 - 000254680 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdriver.sys
2019-04-24 12:43 - 2019-01-10 13:05 - 000320672 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgblog.sys
2019-04-24 12:43 - 2019-01-10 13:05 - 000196560 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsh.sys
2019-04-24 12:43 - 2019-01-10 13:05 - 000058152 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbuniv.sys
2019-04-24 12:43 - 2019-01-10 13:05 - 000037368 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgArDisk.sys
2019-04-24 12:43 - 2018-11-27 15:44 - 001030832 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys
2019-04-24 12:43 - 2018-11-27 15:44 - 000205656 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgArPot.sys
2019-04-11 18:12 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\rescache
2019-04-11 14:55 - 2009-07-13 21:45 - 000269128 _____ C:\Windows\system32\FNTCACHE.DAT
2019-04-11 13:35 - 2017-11-09 22:20 - 000000000 ____D C:\Windows\system32\MRT
2019-04-11 13:27 - 2017-11-09 22:19 - 131129288 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2019-04-11 12:55 - 2009-07-13 22:08 - 000032602 _____ C:\Windows\Tasks\SCHEDLGU.TXT

==================== Files in the root of some directories =======

2017-12-22 05:15 - 2017-12-22 05:15 - 000000000 _____ () C:\Users\Dragonsgrl\AppData\Local\{65ECEA2F-444A-4E8D-BCE3-1F1A2EBEB15A}

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-05-04 19:37
==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-05.2019
Ran by Dragonsgrl (09-05-2019 08:04:32)
Running from C:\Users\Dragonsgrl\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2017-11-10 05:11:17)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3326494740-2715231408-2236335189-500 - Administrator - Disabled)
Dragonsgrl (S-1-5-21-3326494740-2715231408-2236335189-1001 - Administrator - Enabled) => C:\Users\Dragonsgrl
Guest (S-1-5-21-3326494740-2715231408-2236335189-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3326494740-2715231408-2236335189-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG Antivirus (Enabled - Up to date) {4FC75CA5-1654-5411-7CFB-1893D506BCF4}
AS: AVG Antivirus (Enabled - Up to date) {F4A6BD41-306E-5B9F-464B-23E1AE81F649}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

18 Wheels of Steel - American Long Haul (HKLM-x32\...\WT088649) (Version: 2.2.0.95 - WildTangent) Hidden
Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.68 - NewTech Infosystems)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)
Acer Game Console (HKLM-x32\...\Acer Game Console) (Version:  - WildTangent) Hidden
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.1.3 - WildTangent)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0707.2010 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3504 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.1.82.76 - Adobe Systems Incorporated)
Adobe Flash Player 31 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 31.0.0.108 - Adobe Systems Incorporated)
Adobe Reader 9.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (HKLM-x32\...\WT088295) (Version: 2.2.0.95 - WildTangent) Hidden
AMD Catalyst Install Manager (HKLM\...\{37FCE154-7F59-74F0-3A35-BF503CEB230B}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
Auslogics Disk Defrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 8.0.7.0 - Auslogics Labs Pty Ltd)
AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 19.4.3089 - AVG Technologies)
Backup Manager Basic (HKLM-x32\...\{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.68 - NewTech Infosystems) Hidden
Bejeweled 2 Deluxe (HKLM-x32\...\WT088300) (Version: 2.2.0.95 - WildTangent) Hidden
Blackhawk Striker 2 (HKLM-x32\...\WT088373) (Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot 2 (HKLM-x32\...\WT088310) (Version: 2.2.0.95 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.55 - Piriform)
Chuzzle Deluxe (HKLM-x32\...\WT088312) (Version: 2.2.0.95 - WildTangent) Hidden
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.3216.50 - CyberLink Corp.)
Diner Dash 2 Restaurant Rescue (HKLM-x32\...\WT088318) (Version: 2.2.0.95 - WildTangent) Hidden
Dora's Carnival Adventure (HKLM-x32\...\WT088393) (Version: 2.2.0.95 - WildTangent) Hidden
EaseUS Todo Backup Free 11.0 (HKLM-x32\...\EaseUS Todo Backup_is1) (Version: 11.0 - CHENGDU YIWO Tech Development Co., Ltd)
eSobi v2 (HKLM-x32\...\{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.) Hidden
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
FATE (HKLM-x32\...\WT088413) (Version: 2.2.0.95 - WildTangent) Hidden
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 9.4.0.16811 - Foxit Software Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 74.0.3729.131 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.7 - Google LLC) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
Java 8 Update 161 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Jewel Quest - Heritage (HKLM-x32\...\WT088653) (Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire 2 (HKLM-x32\...\WT088350) (Version: 2.2.0.95 - WildTangent) Hidden
John Deere Drive Green (HKLM-x32\...\WT088445) (Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (HKLM-x32\...\{8E5233E1-7495-44FB-8DEB-4BE906D59619}) (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.14 - Acer Inc.)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Media Player 10 (HKLM-x32\...\Media Player 10) (Version: 10.0.0 - CodeTechno)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24123 (HKLM-x32\...\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}) (Version: 14.0.24123.0 - Microsoft Corporation)
Microsoft Windows Debugging Symbols (HKLM-x32\...\{8DD62FB6-083D-40B9-9D7D-48449FDDDED5}) (Version: 7601 - Microsoft)
MyWinLocker (HKLM-x32\...\{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}) (Version: 3.1.212.0 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.212.0 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.212.0 - Egis Technology Inc.)
Penguins! (HKLM-x32\...\WT088449) (Version: 2.2.0.95 - WildTangent) Hidden
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Plants vs. Zombies (HKLM-x32\...\WT088364) (Version: 2.2.0.95 - WildTangent) Hidden
PokerStars (HKLM-x32\...\PokerStars) (Version:  - PokerStars)
Polar Bowler (HKLM-x32\...\WT088453) (Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (HKLM-x32\...\WT088457) (Version: 2.2.0.95 - WildTangent) Hidden
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6034 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30122 - Realtek Semiconductor Corp.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.63.0 - Samsung Electronics Co., Ltd.)
Shredder (HKLM\...\{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}) (Version: 2.0.8.3 - Egis Technology Inc.) Hidden
Shredder (HKLM-x32\...\{C2695E83-CF1D-43D1-84FE-B3BEC561012A}) (Version: 2.0.8.3 - Egis Technology Inc.) Hidden
Smart Switch (HKLM-x32\...\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.2.18091.6 - Samsung Electronics Co., Ltd.) Hidden
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.2.18091.6 - Samsung Electronics Co., Ltd.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.19.0 - Synaptics Incorporated)
SyncDroid version 1.2.5 (HKLM-x32\...\{BE7E35A4-59E5-412B-9B18-57B4938B8C0B}_is1) (Version: 1.2.5 - JunTu Software, Inc.)
Syncios 6.5.4 (HKLM-x32\...\Syncios) (Version: 6.5.4 - Anvsoft)
Virtual Villagers 4 - The Tree of Life (HKLM-x32\...\WT088553) (Version: 2.2.0.95 - WildTangent) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3004 - Acer Incorporated)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (12/06/2010 4.0.0000.00000) (HKLM\...\30B2813B1F17EF6D99360A190E7F0D3BA2F0DC3C) (Version: 12/06/2010 4.0.0000.00000 - Google, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
ZTE Handset USB Driver (HKLM\...\{01D42BF0-ED08-463f-8A28-99EB6FEE962B}) (Version:  - ZTE Corporation)
ZTE Handset USB Driver (HKLM\...\{D2D77DC2-8299-11D1-8949-444553540000}_is1) (Version: 5.2104.1.02B06 - ZTE Corporation)
Zuma's Revenge (HKLM-x32\...\WT088517) (Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKU\S-1-5-21-3326494740-2715231408-2236335189-1001\...\ChromeHTML: ->  <==== ATTENTION
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll [2010-05-26] (EGIS TECHNOLOGY INC. -> Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll [2010-05-26] (EGIS TECHNOLOGY INC. -> Egis Technology Inc.)
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2019-04-24] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [EDSshellExt] -> {29FF7AB0-BE34-4992-A30B-53A9D86EE239} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\mwlshellext.dll [2010-05-26] (EGIS TECHNOLOGY INC. -> Egis Technology Inc.)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\ConvertToPDFShellExtension_x64.dll [2018-12-25] (Foxit Software Incorporated -> Foxit Software Inc.)
ContextMenuHandlers1: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2018-05-24] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd)
ContextMenuHandlers2: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2018-05-24] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd)
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [ShredderContextMenu] -> {521065F1-DE6C-4E46-BBCB-89B0D0BE860D} => C:\Program Files (x86)\EgisTec Shredder\x64\ShredderContextMenu.dll [2010-04-02] (EGIS TECHNOLOGY INC. -> Egis Technology Inc.)
ContextMenuHandlers4: [EDSshellExt] -> {29FF7AB0-BE34-4992-A30B-53A9D86EE239} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\mwlshellext.dll [2010-05-26] (EGIS TECHNOLOGY INC. -> Egis Technology Inc.)
ContextMenuHandlers4: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2018-05-24] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2013-04-29] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2019-04-24] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\ConvertToPDFShellExtension_x64.dll [2018-12-25] (Foxit Software Incorporated -> Foxit Software Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes Corporation -> Malwarebytes)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Dragonsgrl\Desktop\[email protected] - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"

==================== Loaded Modules (Whitelisted) ==============

2018-07-30 07:26 - 2016-03-07 18:08 - 001291264 _____ () [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\libxml2.dll
2018-07-30 07:26 - 2004-10-05 03:08 - 000055808 _____ () [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\zlib1.dll
2013-04-29 23:25 - 2013-04-29 23:25 - 000073728 _____ () [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2013-04-29 23:03 - 2013-04-29 23:03 - 000837632 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll
2013-04-29 23:02 - 2013-04-29 23:02 - 000004608 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiamenu.dll
2013-04-29 23:25 - 2013-04-29 23:25 - 000361984 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
2018-07-30 07:26 - 2017-02-21 17:19 - 000083136 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CodeLog.dll
2018-07-30 07:26 - 2008-11-25 17:18 - 000892928 _____ (Free Software Foundation) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\iconv.dll
2018-09-18 02:51 - 2015-02-27 10:35 - 000489984 _____ (Newtonsoft) [File not signed] C:\Program Files (x86)\Wondershare\WAF\2.4.3.227\Newtonsoft.Json.dll
2018-09-18 02:51 - 2017-06-21 09:24 - 000087552 _____ (Wondershare) [File not signed] C:\Program Files (x86)\Wondershare\WAF\2.4.3.227\WsAppCollect.dll
2018-09-18 02:51 - 2017-06-21 09:24 - 000198144 _____ (Wondershare) [File not signed] C:\Program Files (x86)\Wondershare\WAF\2.4.3.227\WsAppCommon.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2019-01-07 10:39 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\EgisTec MyWinLocker\x86;C:\Program Files (x86)\EgisTec MyWinLocker\x64;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
HKU\S-1-5-21-3326494740-2715231408-2236335189-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Dragonsgrl\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254 - 75.153.171.122
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BackupRemind.lnk => C:\Windows\pss\BackupRemind.lnk.CommonStartup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Chromium => "c:\users\dragonsgrl\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory=Default --restore-last-session
MSCONFIG\startupreg: EgisTecPMMUpdate => "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
MSCONFIG\startupreg: EgisUpdate => "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
MSCONFIG\startupreg: mwlDaemon => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
MSCONFIG\startupreg: SuiteTray => "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
MSCONFIG\startupreg: Syncios device service => C:\Program Files (x86)\Anvsoft\Syncios\SynciosDeviceService.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{969402E1-A538-4399-8E87-2E5123D3B9B1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE (CyberLink -> CyberLink Corp.)
FirewallRules: [{95460CE1-933A-4158-91FC-BFCF88262CD6}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{15DFC08E-364B-46B8-889E-B0949D5B6B2C}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F50BBD29-40B1-4DF4-9AED-396C42819C32}] => (Allow) svchost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{4C7EC1A7-1E67-4FD6-8372-EBB7E63D4E4C}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{5C71915D-F770-41E7-BEEF-F389249E4EDA}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
FirewallRules: [{39F03C0D-8A65-487F-9D0D-840348AFEC9D}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
FirewallRules: [{7B269E72-49DA-47E7-BE5A-4A50ED67EC7E}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
FirewallRules: [{475A4BC4-B6BE-494B-AB55-27F0555AE4CA}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
FirewallRules: [{08FD9D80-7811-4DAB-975F-73432308DE99}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> )
FirewallRules: [{D2D1A24A-1067-4D79-9CFE-CA1DCCD21E13}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> )
FirewallRules: [{54DD3CBA-F93C-4CB3-8C0A-59A71D76B210}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> )
FirewallRules: [{FC6B24A8-C9C4-4FCA-8C86-06EAA4184782}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> )
FirewallRules: [{DFD4FB5C-9B1B-484C-8644-12DD5BF353CA}] => (Allow) C:\Program Files (x86)\Anvsoft\Syncios\pdt_syncios.exe (Anvsoft Inc. -> Syncios Data Transfer)
FirewallRules: [{5F7E0229-E646-4EFB-BCE4-F6E8B4C78958}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{AE9D01DD-F3CC-415D-8BE4-0E6B079220FE}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{C9D908BC-E9A1-40E6-978C-A5DBD8DB66C1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/09/2019 07:04:03 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed:

Error: (05/09/2019 06:54:04 AM) (Source: Application Virtualization Client) (EventID: 3008) (User: )
Description: {hap=12:app=OfficeVirt 9014006604090000:tid=E98}
The client was unable to connect to an Application Virtualization Server (rc 24604E0A-40000193)

Error: (05/09/2019 06:54:04 AM) (Source: Application Virtualization Client) (EventID: 5009) (User: )
Description: {hap=12:app=OfficeVirt 9014006604090000:tid=E98}
The Application Virtualization Client could not connect to stream URL 'http://c2r.microsoft....7224.5000.sft'(rc 24604E0A-40000193, original rc 24604E0A-40000193).

Error: (05/09/2019 06:40:47 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed:

Error: (05/09/2019 01:46:45 AM) (Source: Application Virtualization Client) (EventID: 3008) (User: )
Description: {hap=12:app=OfficeVirt 9014006604090000:tid=F88}
The client was unable to connect to an Application Virtualization Server (rc 24604E0A-40000193)

Error: (05/09/2019 01:46:45 AM) (Source: Application Virtualization Client) (EventID: 5009) (User: )
Description: {hap=12:app=OfficeVirt 9014006604090000:tid=F88}
The Application Virtualization Client could not connect to stream URL 'http://c2r.microsoft....7224.5000.sft'(rc 24604E0A-40000193, original rc 24604E0A-40000193).

Error: (05/09/2019 01:33:12 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed:

Error: (05/09/2019 12:35:25 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (05/09/2019 06:53:14 AM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (05/09/2019 06:53:14 AM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (05/09/2019 06:53:15 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:51:31 AM on ‎09/‎05/‎2019 was unexpected.

Error: (05/09/2019 06:48:56 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (05/09/2019 06:48:56 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (05/09/2019 06:48:56 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (05/09/2019 06:48:56 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (05/09/2019 06:48:56 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.


CodeIntegrity:
===================================

Date: 2017-11-13 23:26:17.741
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\AtihdW76.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-11-13 23:26:17.741
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\AtihdW76.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-11-13 17:50:48.416
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\AtihdW76.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-11-13 17:50:48.416
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\AtihdW76.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-11-13 13:15:06.562
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\AtihdW76.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-11-13 13:15:06.562
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\AtihdW76.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-11-10 02:39:30.499
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\AtihdW76.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-11-10 02:39:30.499
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\AtihdW76.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

BIOS: Acer V2.01 09/13/2010
Motherboard: Acer JE51_DN
Processor: AMD Athlon™ II P340 Dual-Core Processor
Percentage of memory in use: 93%
Total physical RAM: 2810.9 MB
Available physical RAM: 186.71 MB
Total Virtual: 5619.94 MB
Available Virtual: 1835.9 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:284.99 GB) (Free:201.79 GB) NTFS

\\?\Volume{da946445-c5b5-11e7-883c-806e6f6e6963}\ (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
\\?\Volume{da946444-c5b5-11e7-883c-806e6f6e6963}\ (PQSERVICE) (Fixed) (Total:13 GB) (Free:1.53 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: 7E675493)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=285 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Attached Files


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,658 posts
  • MVP
Error: (05/09/2019 06:48:56 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Usually indicates a problem with the drive.  Often the following will help:

1. Double-click Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Right click on Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs.  Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.


Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).

sfc /scannow

(SPACE after sfc.  This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:

Copy the next two lines:
findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  %UserProfile%\desktop\junk.txt
notepad %UserProfile%\desktop\junk.txt


Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.  Close notepad.  Close the Command Window.


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe

 

To save the Chrome stuff you can export the profile:

 

https://smallbusines...file-79321.html

 

May need to tell Windows to let you see the files:

Control Panel, (View By:  Large Icons)  Folder Options, View.

Uncheck Hide Extensions for Known File Types
Uncheck Hide Protected System Files
Check Show Hidden Files,Folders and Drives.
OK

 

and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application. (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)

 

If Sync is turned on in Chrome then the profile is automatically saved to the cloud.  As soon as you login to a google account it will show up on a new Chrome install.

https://support.goog...m=Desktop&hl=en

 

Let's get some more info:

 

Get Process Explorer

https://live.sysinte...com/procexp.exe

Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  

Wait a full minute then:

File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.


Copy the next 2 lines:

TASKLIST /SVC  > \junk.txt
notepad \junk.txt

Open an Elevated Command Prompt:
Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
Win 8: http://www.eightforu...indows-8-a.html
win 10: http://www.howtogeek...-in-windows-10/

Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.


Get the free version of Speccy:

http://www.filehippo...ownload_speccy/ 

(Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving),
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top,  10-20  lines down.) Save the file.  Attach the file to your next post.  Attaching the log is the best option as it is too big for the forum.  Attaching is a multi step process.

First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.
Now click on Attach this file.


 

 

 


  • 0

#3
dolface755

dolface755

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 247 posts

OK. I'm hoping I get this in the right order for you.

SFC scan took less then 3 minutes. it did not require the second scan you indicated but came with this comment

"Windows Resource Protection did not find any integrity violation"

 

I put the "Default" log file from Chrome onto my desktop. I have not as of yet uninstalled Chrome, because I didn't know if there were other things you wanted me to do first. Also, I should clarify that I don't have sync turned on, either on my phone or my computer. I have trust issues with using anything like Cloud, or sharing my phone number with anything that I don't need to i.e: facebook etc.

 

OK Next....

VEW has produced two logs I will post them right here. If needed I will reply a second time with the other information.

 

 

VEW Log 1:

 

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 10/05/2019 8:39:56 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 10/05/2019 9:36:27 PM
Type: Error Category: 42
Event: 43029 Source: atikmdag
Display is not active

Log: 'System' Date/Time: 10/05/2019 9:36:27 PM
Type: Error Category: 51
Event: 52236 Source: atikmdag
CPLIB :: General - Invalid Parameter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 10/05/2019 9:39:10 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name teredo.ipv6.microsoft.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 10/05/2019 9:36:20 PM
Type: Warning Category: 0
Event: 4 Source: k57nd60a
Broadcom NetLink ™ Gigabit Ethernet: The network link is down.  Check to make sure the network cable is properly connected.

Log: 'System' Date/Time: 10/05/2019 9:36:19 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device {C5A047D8-CB5B-40E9-B9E3-316AB06B5A18}\WirelessKeyboardFilter\8&32779f2c&0&01.

Log: 'System' Date/Time: 10/05/2019 9:35:39 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

 

 

 

VEW Log 2:

 

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 10/05/2019 8:41:47 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 10/05/2019 9:47:30 PM
Type: Error Category: 1
Event: 100 Source: CVHSVC
Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 10/05/2019 10:57:16 PM
Type: Warning Category: 0
Event: 12348 Source: VSS
Volume Shadow Copy Service warning: VSS was denied access to the root of volume \\?\Volume{0509ade7-1604-11e8-bdaa-1c75080899c1}\. Denying administrators from accessing volume roots can cause many unexpected failures, and will prevent VSS from functioning properly.  Check security on the volume, and try the operation again.

Operation:
   Automatically choosing a diff-area volume
   Processing EndPrepareSnapshots

Context:
   Execution Context: System Provider

Log: 'Application' Date/Time: 10/05/2019 10:57:16 PM
Type: Warning Category: 0
Event: 12348 Source: VSS
Volume Shadow Copy Service warning: VSS was denied access to the root of volume \\?\Volume{0509ade7-1604-11e8-bdaa-1c75080899c1}\. Denying administrators from accessing volume roots can cause many unexpected failures, and will prevent VSS from functioning properly.  Check security on the volume, and try the operation again.

Operation:
   Automatically choosing a diff-area volume
   Processing EndPrepareSnapshots

Context:
   Execution Context: System Provider

Log: 'Application' Date/Time: 10/05/2019 10:56:49 PM
Type: Warning Category: 0
Event: 12348 Source: VSS
Volume Shadow Copy Service warning: VSS was denied access to the root of volume \\?\Volume{0509ade7-1604-11e8-bdaa-1c75080899c1}\. Denying administrators from accessing volume roots can cause many unexpected failures, and will prevent VSS from functioning properly.  Check security on the volume, and try the operation again.

Operation:
   Removing auto-release shadow copies
   Loading provider

Context:
   Execution Context: System Provider

Log: 'Application' Date/Time: 10/05/2019 9:47:30 PM
Type: Warning Category: 1
Event: 100 Source: CVHSVC
Information only. Failed to complete bits job

Log: 'Application' Date/Time: 10/05/2019 9:38:01 PM
Type: Warning Category: 1
Event: 100 Source: CVHSVC
Information only. Error:  failed to launch Type: 96::SoftGridApplicationFailure. Stopping task (Stream product id=0x0066) because of fatal error.

Log: 'Application' Date/Time: 10/05/2019 9:38:01 PM
Type: Warning Category: 1
Event: 100 Source: CVHSVC
Information only.  failed to launch. [SoftGrid Error: 0x0000000040000193 in Module: Net Transport Agent, File: httpresource.cpp:624]

Log: 'Application' Date/Time: 10/05/2019 9:38:01 PM
Type: Warning Category: 11
Event: 3211 Source: Application Virtualization Client
{tid=F00}
Attempting Transport Connection URL: http://c2r.microsoft...0.7224.5000.sft Error: 24604E0A-40000193

Log: 'Application' Date/Time: 10/05/2019 9:37:56 PM
Type: Warning Category: 11
Event: 3211 Source: Application Virtualization Client
{tid=EBC}
Attempting Transport Connection URL: http://c2r.microsoft...0.7224.5000.sft Error: 2460450A-40002EE2

Log: 'Application' Date/Time: 10/05/2019 9:37:28 PM
Type: Warning Category: 6
Event: 3057 Source: Application Virtualization Client
{tid=D6C}
The Application Virtualization Client Core initialized correctly.  Installed Product:  Version: 4.6.3.24650 Install Path: C:\Program Files (x86)\Microsoft Application Virtualization Client Global Data Directory: C:\ProgramData\Microsoft\Application Virtualization Client\ Machine Name: DRAGONSGRL-PC Operating System: Windows 7 64-bit Service Pack 1.0 Build 7601 OSD Command:

Log: 'Application' Date/Time: 10/05/2019 9:37:20 PM
Type: Warning Category: 3
Event: 3191 Source: Application Virtualization Client
{tid=D6C}
-------------------------------------------------------- Initialized client log (C:\ProgramData\Microsoft\Application Virtualization Client\sftlog.txt)

Log: 'Application' Date/Time: 10/05/2019 9:35:18 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   2 user registry handles leaked from \Registry\User\S-1-5-21-3326494740-2715231408-2236335189-1001_Classes:
Process 1948 (\Device\HarddiskVolume3\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe) has opened key \REGISTRY\USER\S-1-5-21-3326494740-2715231408-2236335189-1001_CLASSES
Process 1248 (\Device\HarddiskVolume3\Program Files\AVG\Antivirus\AVGSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-3326494740-2715231408-2236335189-1001_CLASSES

Log: 'Application' Date/Time: 10/05/2019 9:35:16 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   7 user registry handles leaked from \Registry\User\S-1-5-21-3326494740-2715231408-2236335189-1001:
Process 1948 (\Device\HarddiskVolume3\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe) has opened key \REGISTRY\USER\S-1-5-21-3326494740-2715231408-2236335189-1001
Process 1248 (\Device\HarddiskVolume3\Program Files\AVG\Antivirus\AVGSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-3326494740-2715231408-2236335189-1001
Process 1248 (\Device\HarddiskVolume3\Program Files\AVG\Antivirus\AVGSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-3326494740-2715231408-2236335189-1001
Process 1248 (\Device\HarddiskVolume3\Program Files\AVG\Antivirus\AVGSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-3326494740-2715231408-2236335189-1001
Process 1248 (\Device\HarddiskVolume3\Program Files\AVG\Antivirus\AVGSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-3326494740-2715231408-2236335189-1001
Process 1248 (\Device\HarddiskVolume3\Program Files\AVG\Antivirus\AVGSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-3326494740-2715231408-2236335189-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
Process 1248 (\Device\HarddiskVolume3\Program Files\AVG\Antivirus\AVGSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-3326494740-2715231408-2236335189-1001\Software\Microsoft\Internet Explorer\EUPP Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy

 

 

 

OK I think the next one was the Junk Log:

 

Junk Log:

 

Image Name                     PID Services                                   
========================= ======== ============================================
System Idle Process              0 N/A                                        
System                           4 N/A                                        
smss.exe                       320 N/A                                        
csrss.exe                      492 N/A                                        
wininit.exe                    552 N/A                                        
csrss.exe                      564 N/A                                        
services.exe                   608 N/A                                        
lsass.exe                      628 KeyIso, SamSs                              
lsm.exe                        636 N/A                                        
winlogon.exe                   664 N/A                                        
svchost.exe                    780 DcomLaunch, PlugPlay, Power                
svchost.exe                    876 RpcEptMapper, RpcSs                        
atiesrxx.exe                   924 AMD External Events Utility                
svchost.exe                   1020 AudioSrv, Dhcp, eventlog,                  
                                   HomeGroupProvider, lmhosts, wscsvc         
svchost.exe                    416 AudioEndpointBuilder, hidserv,             
                                   HomeGroupListener, Netman, PcaSvc, SysMain,
                                   TrkWks, UxSms, Wlansvc, wudfsvc            
svchost.exe                    448 EventSystem, fdPHost, FontCache, netprofm, 
                                   nsi, WdiServiceHost                        
svchost.exe                    548 AeLookupSvc, Appinfo, BITS, Browser,       
                                   EapHost, IKEEXT, iphlpsvc, LanmanServer,   
                                   MMCSS, ProfSvc, Schedule, SENS,            
                                   ShellHWDetection, Themes, Winmgmt, wuauserv
svchost.exe                   1040 gpsvc                                      
svchost.exe                   1152 CryptSvc, Dnscache, LanmanWorkstation,     
                                   NlaSvc                                     
AVGSvc.exe                    1232 AVG Antivirus                              
atieclxx.exe                  1256 N/A                                        
spoolsv.exe                   1508 Spooler                                    
svchost.exe                   1536 BFE, DPS, MpsSvc                           
Fuel.Service.exe              1712 AMD FUEL Service                           
svchost.exe                   1740 DiagTrack                                  
dsiwmis.exe                   1808 DsiWMIService                              
Agent.exe                     1892 EaseUS Agent                               
ePowerSvc.exe                 1996 ePowerSvc                                  
svchost.exe                   2020 FDResPub, SSDPSRV, upnphost                
GREGsvc.exe                   2044 GREGService                                
UpdaterService.exe            1268 Live Updater Service                       
IScheduleSvc.exe              1412 NTI IScheduleSvc                           
sftvsa.exe                    2444 sftvsa                                     
ss_conn_service.exe           2472 ss_conn_service                            
UpdaterService.exe            2532 Updater Service                            
WirelessKB850Notification     2564 WirelessKB850NotificationService           
WsAppService.exe              2652 WsAppService                               
TodoBackupService.exe         2836 N/A                                        
sftlist.exe                   3300 sftlist                                    
CVHSVC.EXE                    3632 cvhsvc                                     
vds.exe                       2548 vds                                        
aswidsagent.exe               2412 avgbIDSAgent                               
WmiPrvSE.exe                  2972 N/A                                        
WUDFHost.exe                  3944 N/A                                        
taskhost.exe                  3524 N/A                                        
dwm.exe                       3308 N/A                                        
explorer.exe                  3220 N/A                                        
RAVCpl64.exe                  3536 N/A                                        
SynTPEnh.exe                  2248 N/A                                        
ePowerTray.exe                1620 N/A                                        
SynTPHelper.exe               4308 N/A                                        
unsecapp.exe                  4404 N/A                                        
ePowerEvent.exe               4524 N/A                                        
AVGUI.exe                     4532 N/A                                        
CCleaner64.exe                4696 N/A                                        
BackupManagerTray.exe         4760 N/A                                        
LManager.exe                  4772 N/A                                        
SearchIndexer.exe             4788 WSearch                                    
MMDx64Fx.exe                  4852 N/A                                        
LMworker.exe                  4872 N/A                                        
wmpnetwk.exe                  3552 WMPNetworkSvc                              
svchost.exe                   4276 p2pimsvc, p2psvc, PNRPsvc                  
GoogleCrashHandler.exe        4332 N/A                                        
GoogleCrashHandler64.exe      2528 N/A                                        
iexplore.exe                  5164 N/A                                        
iexplore.exe                  3752 N/A                                        
FlashUtil10i_ActiveX.exe      5752 N/A                                        
iexplore.exe                  5832 N/A                                        
audiodg.exe                   5372 N/A                                        
explorer.exe                  5296 N/A                                        
HelpPane.exe                  3264 N/A                                        
SearchProtocolHost.exe        4136 N/A                                        
SearchFilterHost.exe          5336 N/A                                        
cmd.exe                       5208 N/A                                        
conhost.exe                   5356 N/A                                        
tasklist.exe                  4596 N/A                                        
WmiPrvSE.exe                  3792 N/A                                        

 

 

 

 

 

 

Ok so that's all I'm going to put in this post. I'll make another one with the Process Explorer, which I will attach. But I have another log generated here on my desktop and I'm not sure which is belongs with. Sorry my brain has been trying to go through this thing for a week, and is starting to shut down.

I will cut and past the last log, plus Process Explorer into another reply

 

And again, thank you so much for your help. This has been very frustrating for me. I should have been able to find out the problem myself.

 

 

 

     

 

 

 

 


  • 0

#4
dolface755

dolface755

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 247 posts

Ok so here is the other log that was generated.  I apologize that I don't remember which log or procedure that you had asked me to do to generate this one. I will also be attaching the log for the Process Explorer minus my serial for Windows. You had said that when I downloaded and ran Speccy, that I didn't need CCleaner. It didn't come up and ask me that, but I have that on my computer since I received it. It took me 3 weeks to clean this thing after my sister-in-law donated it to me, as something I should be able to use for next 5 years. Which if you look at the system that's not at all possible.

 

Again, thank you for the help. It is very much appreciated.

 

LOG:

 

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 67.37 0 K 24 K 0   
explorer.exe 14.26 53,608 K 80,112 K 3220 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
SearchIndexer.exe 4.38 61,052 K 68,596 K 4788 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
iexplore.exe 4.22 276,424 K 298,288 K 3752 Internet Explorer Microsoft Corporation (Verified) Microsoft Corporation
procexp64.exe 3.55 35,012 K 54,952 K 2496 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
SearchProtocolHost.exe 2.20 4,864 K 7,836 K 4136 Microsoft Windows Search Protocol Host Microsoft Corporation (Verified) Microsoft Windows
System 1.90 144 K 960 K 4   
Interrupts 0.64 0 K 0 K n/a Hardware Interrupts and DPCs  
lsass.exe 0.37 7,552 K 13,684 K 628 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
csrss.exe 0.20 12,196 K 11,316 K 564 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
AVGUI.exe 0.20 25,516 K 47,084 K 4532 AVG Antivirus AVG Technologies CZ, s.r.o. (Verified) AVG Technologies USA, Inc.
SearchFilterHost.exe 0.14 2,036 K 5,792 K 5596 Microsoft Windows Search Filter Host Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.10 21,900 K 33,684 K 548 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
Agent.exe 0.09 40,328 K 10,700 K 1892 EaseUS Todo Backup Agent Application CHENGDU YIWO Tech Development Co., Ltd (Verified) CHENGDU YIWO Tech Development Co., Ltd.
AVGSvc.exe 0.07 240,984 K 45,780 K 1232 AVG Service AVG Technologies CZ, s.r.o. (Verified) AVG Technologies USA, Inc.
taskhost.exe 0.06 14,040 K 18,300 K 3524 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.05 4,076 K 8,596 K 780 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.04 136,108 K 138,380 K 416 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
iexplore.exe 0.03 15,748 K 36,052 K 5164 Internet Explorer Microsoft Corporation (Verified) Microsoft Corporation
audiodg.exe 0.03 26,212 K 26,024 K 5372 Windows Audio Device Graph Isolation  Microsoft Corporation (Verified) Microsoft Windows
iexplore.exe 0.02 73,460 K 101,804 K 5832 Internet Explorer Microsoft Corporation (Verified) Microsoft Corporation
CCleaner64.exe 0.02 12,876 K 1,872 K 4696 CCleaner Piriform Software Ltd (Verified) Piriform Software Ltd
aswidsagent.exe 0.02 23,824 K 34,480 K 2412 AVG Software Analyzer AVG Technologies CZ, s.r.o. (Verified) AVG Technologies USA, Inc.
ePowerTray.exe 0.01 3,704 K 9,440 K 1620 ePowerTray Acer Incorporated (Verified) Acer Incorporated
sftlist.exe 0.01 7,056 K 10,304 K 3300 Microsoft Application Virtualization Client Service Microsoft Corporation (Verified) Microsoft Corporation
TodoBackupService.exe 0.01 19,280 K 5,280 K 2836   (Verified) CHENGDU YIWO Tech Development Co., Ltd.
ePowerEvent.exe 0.01 1,792 K 4,728 K 4524 ePowerEvent Acer Incorporated (Verified) Acer Incorporated
svchost.exe < 0.01 23,296 K 24,592 K 1152 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 9,324 K 16,680 K 448 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 7,364 K 13,056 K 2020 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
IScheduleSvc.exe < 0.01 5,156 K 10,356 K 1412 Backup Manager Module NewTech Infosystems, Inc. (Verified) NewTech Infosystems, Inc
WsAppService.exe < 0.01 31,176 K 21,340 K 2652 Wondershare Passport Wondershare (Verified) Wondershare Technology Co.,Ltd
SynTPEnh.exe < 0.01 8,336 K 13,340 K 2248 Synaptics TouchPad Enhancements Synaptics Incorporated (Verified) Synaptics Incorporated
dsiwmis.exe < 0.01 2,516 K 5,920 K 1808 Dritek WMI Service Dritek System Inc. (Verified) Dritek System Inc.
WUDFHost.exe  1,592 K 4,252 K 3944 Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation (Verified) Microsoft Windows
wmpnetwk.exe  12,244 K 13,180 K 3552 Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe  2,936 K 6,976 K 2972 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
WirelessKB850NotificationService.exe  1,292 K 4,076 K 2564 WirelessKB850NotificationService.exe Microsoft Corporation (Verified) Microsoft Corporation
winlogon.exe  2,832 K 5,952 K 664 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe  1,520 K 3,868 K 552 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
vds.exe  2,812 K 6,984 K 2548 Virtual Disk Service Microsoft Corporation (Verified) Microsoft Windows
UpdaterService.exe  1,116 K 3,772 K 1268 Updater Service Acer Incorporated (Verified) Acer Incorporated
UpdaterService.exe  1,128 K 3,780 K 2532 Updater Service Acer Incorporated (Verified) Acer Incorporated
unsecapp.exe  2,216 K 7,024 K 4404 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation (Verified) Microsoft Windows
SynTPHelper.exe  1,304 K 3,300 K 4308 Synaptics Pointing Device Helper Synaptics Incorporated (Verified) Synaptics Incorporated
svchost.exe  4,480 K 7,792 K 876 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  14,744 K 12,348 K 1536 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  2,468 K 5,504 K 1040 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  20,868 K 20,244 K 1020 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  3,600 K 5,740 K 1740 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  5,592 K 11,460 K 4276 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
ss_conn_service.exe  1,796 K 4,224 K 2472 MSS CS Connectivity Service DEVGURU Co., LTD. (Verified) Samsung Electronics CO., LTD.
spoolsv.exe  7,832 K 8,312 K 1508 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
smss.exe  580 K 1,288 K 320 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
sftvsa.exe  1,388 K 4,216 K 2444 Microsoft Application Virtualization Virtual Service Agent Microsoft Corporation (Verified) Microsoft Corporation
services.exe  5,556 K 8,184 K 608 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
RAVCpl64.exe  9,388 K 10,700 K 3536 Realtek HD Audio Manager Realtek Semiconductor (Verified) Realtek Semiconductor Corp
procexp.exe  2,416 K 7,952 K 5260 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
MMDx64Fx.exe  2,280 K 5,512 K 4852 MMDx64Fx Application Dritek System Inc. (Verified) Dritek System Inc.
lsm.exe  2,532 K 4,256 K 636 Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
LMworker.exe  1,304 K 4,396 K 4872 Launch Manager Worker Dritek System Inc. (Verified) Dritek System Inc.
LManager.exe  11,052 K 13,200 K 4772 Launch Manager Dritek System Inc. (Verified) Dritek System Inc.
HelpPane.exe  26,488 K 45,560 K 3264 Microsoft Help and Support Microsoft Corporation (Verified) Microsoft Windows
GREGsvc.exe  828 K 2,792 K 2044 Global Registration Service Acer Incorporated (Verified) Acer Incorporated
GoogleCrashHandler64.exe  1,556 K 528 K 2528 Google Crash Handler Google LLC (Verified) Google Inc
GoogleCrashHandler.exe  1,536 K 528 K 4332 Google Crash Handler Google LLC (Verified) Google Inc
Fuel.Service.exe  1,888 K 4,836 K 1712 AMD Fuel Service Advanced Micro Devices, Inc. (No signature was present in the subject) Advanced Micro Devices, Inc.
FlashUtil10i_ActiveX.exe  1,784 K 6,364 K 5752 Adobe® Flash® Player Installer/Uninstaller 10.1 r82 Adobe Systems, Inc. (Verified) Adobe Systems Incorporated
explorer.exe  38,552 K 36,520 K 5296 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
ePowerSvc.exe  2,564 K 6,544 K 1996 ePowerSvc Acer Incorporated (Verified) Acer Incorporated
dwm.exe  2,036 K 6,304 K 3308 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
CVHSVC.EXE  5,568 K 9,428 K 3632 Microsoft Office Client Virtualization Service  Microsoft Corporation (Verified) Microsoft Corporation
csrss.exe  2,552 K 4,680 K 492 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
BackupManagerTray.exe  1,868 K 7,408 K 4760 Acer Backup Manager NewTech Infosystems, Inc. (Verified) NewTech Infosystems, Inc
atiesrxx.exe  1,404 K 3,888 K 924 AMD External Events Service Module AMD (Verified) Microsoft Windows Hardware Compatibility Publisher
atieclxx.exe  1,916 K 4,812 K 1256 AMD External Events Client Module AMD (Verified) Microsoft Windows Hardware Compatibility Publisher

 

Attached Files


  • 0

#5
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,658 posts
  • MVP

Speccy shows you have 3 sectors on the hard drive that aren't working as they should plus another 33 that have failed and been replaced by spares.  Hard drives usually have about 100-200 spare sectors so the 33 is not as bad as it sounds but if it increases over time it may indicate the drive is failing.  The 3 sectors that aren't working can be a problem since whatever data is stored there is unreadable.
 

 

C4
                                            Attribute name    Reallocation Event Count
                                            Real value    33
                                            Current    100
                                            Worst    100
                                            Threshold    0
                                            Raw Value    0000000021
                                            Status    Good
                                        C5
                                            Attribute name    Current Pending Sector Count
                                            Real value    3
                                            Current    100
                                            Worst    100
                                            Threshold    0
                                            Raw Value    0000000003
                                            Status    Good

 

 

Hitachi makes a drive fitness program called  WinDFT.  It might correct the 3 bad sectors.

https://www.westernd...s/WinDFT095.zip

 

You download it then right click and Extract All, Extract then right click on Setup.exe and Run as Admin.  Then just follow the instructions to select your drive and test it.

There is a PDF file on setup and use if you need it:

 

https://www.westernd...ndUserGuide.pdf

 

What model of ACER is this?  Looks like you could use some updated drivers.

 

If Chrome is not working correctly does IE?  Can you download Ffirefox and see if it will work?

 

https://www.mozilla....US/firefox/new/

 

Can you make a new Process Explorer log as before and post it?  Make sure you have all other programs closed before running it.


  • 0

#6
dolface755

dolface755

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 247 posts

Ok so I tried the DFT scan. I'm including the pic of what happened. It wouldn't scan, quick scan, nothing I clicked on did anything.

I have IE 11 installed. It freezes and comes up with errors even on things as basic as Yahoo.ca. Firefox does the same thing. And most websites say they aren't compatible with the web browser I have. I have a feeling this wonderful machine I was given, is just crap because I've done nothing but keep putting band aids on it since I got it. It's an Acer Aspire 5552-3706. And from the tag on the back, I'm thinking it was a refurbished from parts machine that she bought. There have been no updates that I've been able to find for the drivers, but I may not have been looking in right place. I will include the picture of desktop and the Process log with all windows closed.

 

Attached Thumbnails

  • DFT.jpg

Attached Files


  • 0

#7
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,658 posts
  • MVP

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer Errors
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.


  • 0

#8
dolface755

dolface755

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 247 posts

Ok so going to include the scan results as you requested. I wasn't sure if you wanted me to try uninstalling Chrome or not. I did attempt to save the default folder as shown in your first response. I apologize for taking so long. I am currently working on another machine for a family member. It seems like I'm forever fixing other's machines or building them and I never get around to getting an actual working machine for myself......thems the ways I guess. So I thank you for the help in the areas I'm not quite sure of yet.

 

MiniToolBox by Farbar  Version: 17-06-2016
Ran by Dragonsgrl (administrator) on 15-05-2019 at 19:34:10
Running from "C:\Users\Dragonsgrl\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Model: Aspire 5552 Manufacturer: Acer
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
========================= IP Configuration: ================================

Atheros AR5B97 Wireless Network Adapter = Wireless Network Connection (Connected)
Broadcom NetLink ™ Gigabit Ethernet = Local Area Connection (Media disconnected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled

popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : Dragonsgrl-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : telus

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . : telus
   Description . . . . . . . . . . . : Atheros AR5B97 Wireless Network Adapter
   Physical Address. . . . . . . . . : 4C-0F-6E-12-00-D7
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:569:7327:8900:7d2b:402a:2259:2ef3(Preferred)
   Temporary IPv6 Address. . . . . . : 2001:569:7327:8900:ed3b:dc7e:f708:61e4(Preferred)
   Link-local IPv6 Address . . . . . : fe80::7d2b:402a:2259:2ef3%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.70(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : May-15-19 7:01:07 PM
   Lease Expires . . . . . . . . . . : May-16-19 7:01:09 PM
   Default Gateway . . . . . . . . . : fe80::9e1e:95ff:fef2:cb90%11
                                       192.168.1.254
   DHCP Server . . . . . . . . . . . : 192.168.1.254
   DHCPv6 IAID . . . . . . . . . . . : 223088494
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-21-96-B8-5F-1C-75-08-08-99-C1
   DNS Servers . . . . . . . . . . . : 2001:568:ff09:10a::57
                                       2001:568:ff09:10b::122
                                       192.168.1.254
                                       75.153.171.122
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom NetLink ™ Gigabit Ethernet
   Physical Address. . . . . . . . . : 1C-75-08-08-99-C1
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.telus:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : telus
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  node-1w7jr9n24twqrzrke3a0v8lzr.ipv6.telus.net
Address:  2001:568:ff09:10a::57

Name:    google.com
Addresses:  2607:f8b0:400a:808::200e
   216.58.193.78

Pinging google.com [2607:f8b0:400a:809::200e] with 32 bytes of data:
Reply from 2607:f8b0:400a:809::200e: time=9ms
Reply from 2607:f8b0:400a:809::200e: time=10ms

Ping statistics for 2607:f8b0:400a:809::200e:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 9ms, Maximum = 10ms, Average = 9ms
Server:  node-1w7jr9n24twqrzrke3a0v8lzr.ipv6.telus.net
Address:  2001:568:ff09:10a::57

Name:    yahoo.com
Addresses:  2001:4998:44:41d::3
   2001:4998:c:1023::4
   2001:4998:58:1836::11
   2001:4998:58:1836::10
   2001:4998:44:41d::4
   2001:4998:c:1023::5
   72.30.35.10
   72.30.35.9
   98.137.246.7
   98.138.219.231
   98.138.219.232
   98.137.246.8

Pinging yahoo.com [2001:4998:c:1023::4] with 32 bytes of data:
Reply from 2001:4998:c:1023::4: time=14ms
Reply from 2001:4998:c:1023::4: time=13ms

Ping statistics for 2001:4998:c:1023::4:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 13ms, Maximum = 14ms, Average = 13ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 11...4c 0f 6e 12 00 d7 ......Atheros AR5B97 Wireless Network Adapter
 10...1c 75 08 08 99 c1 ......Broadcom NetLink ™ Gigabit Ethernet
  1...........................Software Loopback Interface 1
 13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.1.254     192.168.1.70     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link      192.168.1.70    281
     192.168.1.70  255.255.255.255         On-link      192.168.1.70    281
    192.168.1.255  255.255.255.255         On-link      192.168.1.70    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.1.70    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.1.70    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 11    281 ::/0                     fe80::9e1e:95ff:fef2:cb90
  1    306 ::1/128                  On-link
 11     33 2001:569:7327:8900::/64  On-link
 11    281 2001:569:7327:8900:7d2b:402a:2259:2ef3/128
                                    On-link
 11    281 2001:569:7327:8900:ed3b:dc7e:f708:61e4/128
                                    On-link
 11    281 fe80::/64                On-link
 11    281 fe80::7d2b:402a:2259:2ef3/128
                                    On-link
  1    306 ff00::/8                 On-link
 11    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (05/15/2019 07:12:00 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed:

Error: (05/15/2019 07:01:42 PM) (Source: Application Virtualization Client) (User: )
Description: {hap=12:app=OfficeVirt 9014006604090000:tid=E98}
The client was unable to connect to an Application Virtualization Server (rc 24604E0A-40000193)

Error: (05/15/2019 07:01:42 PM) (Source: Application Virtualization Client) (User: )
Description: {hap=12:app=OfficeVirt 9014006604090000:tid=E98}
The Application Virtualization Client could not connect to stream URL 'http://c2r.microsoft....7224.5000.sft'(rc 24604E0A-40000193, original rc 24604E0A-40000193).

Error: (05/15/2019 06:09:07 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed:

Error: (05/12/2019 03:11:18 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed:

Error: (05/12/2019 03:06:59 PM) (Source: Application Hang) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.19326 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: c44

Start Time: 01d5090ed468f347

Termination Time: 166

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (05/11/2019 12:19:05 AM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.19326, time stamp: 0x5c99a3b6
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x6efc515d
Faulting process id: 0x1084
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (05/10/2019 11:26:31 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed:

Error: (05/10/2019 11:20:01 PM) (Source: Windows Search Service) (User: )
Description: The index cannot be initialized.

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (05/10/2019 11:20:01 PM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

System errors:
=============
Error: (05/15/2019 07:03:04 PM) (Source: VDS Basic Provider) (User: )
Description: Unexpected failure. Error code: [email protected]

Error: (05/15/2019 07:03:04 PM) (Source: VDS Basic Provider) (User: )
Description: Unexpected failure. Error code: [email protected]

Error: (05/15/2019 07:00:47 PM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (05/15/2019 07:00:47 PM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (05/15/2019 06:01:40 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (05/15/2019 05:58:59 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Wondershare Application Framework Service service to connect.

Error: (05/15/2019 05:58:10 PM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (05/15/2019 05:58:10 PM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (05/12/2019 03:02:50 PM) (Source: Service Control Manager) (User: )
Description: The Windows Media Player Network Sharing Service service failed to start due to the following error:
%%1053 = The service did not respond to the start or control request in a timely fashion.

Error: (05/12/2019 03:02:50 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.

Microsoft Office Sessions:
=========================
Error: (05/15/2019 07:12:00 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed:

Error: (05/15/2019 07:01:42 PM) (Source: Application Virtualization Client)(User: )
Description: {hap=12:app=OfficeVirt 9014006604090000:tid=E98}
24604E0A-40000193

Error: (05/15/2019 07:01:42 PM) (Source: Application Virtualization Client)(User: )
Description: {hap=12:app=OfficeVirt 9014006604090000:tid=E98}
http://c2r.microsoft...604E0A-40000193

Error: (05/15/2019 06:09:07 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed:

Error: (05/12/2019 03:11:18 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed:

Error: (05/12/2019 03:06:59 PM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE11.0.9600.19326c4401d5090ed468f347166C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (05/11/2019 12:19:05 AM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE11.0.9600.193265c99a3b6unknown0.0.0.000000000c00000056efc515d108401d507c34fa3c4e2C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEunknown0ec598d9-73bd-11e9-a2bb-1c75080899c1

Error: (05/10/2019 11:26:31 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed:

Error: (05/10/2019 11:20:01 PM) (Source: Windows Search Service)(User: )
Description:
Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (05/10/2019 11:20:01 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

CodeIntegrity Errors:
===================================
  Date: 2017-11-13 23:26:17.741
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\AtihdW76.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-11-13 23:26:17.741
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\AtihdW76.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-11-13 17:50:48.416
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\AtihdW76.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-11-13 17:50:48.416
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\AtihdW76.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-11-13 13:15:06.562
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\AtihdW76.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-11-13 13:15:06.562
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\AtihdW76.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-11-10 02:39:30.499
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\AtihdW76.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-11-10 02:39:30.499
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\AtihdW76.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-11-10 02:35:56.671
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\AtihdW76.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-11-10 02:35:56.671
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\AtihdW76.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

=========================== Installed Programs ============================

18 Wheels of Steel - American Long Haul (HKLM-x32\...\WT088649) (Version: 2.2.0.95 - WildTangent) Hidden
Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.68 - NewTech Infosystems)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)
Acer Game Console (HKLM-x32\...\Acer Game Console) (Version:  - WildTangent) Hidden
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.1.3 - WildTangent)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0707.2010 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3504 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.1.82.76 - Adobe Systems Incorporated)
Adobe Flash Player 31 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 31.0.0.108 - Adobe Systems Incorporated)
Adobe Reader 9.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (HKLM-x32\...\WT088295) (Version: 2.2.0.95 - WildTangent) Hidden
AMD Catalyst Install Manager (HKLM\...\{37FCE154-7F59-74F0-3A35-BF503CEB230B}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
Auslogics Disk Defrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 8.0.7.0 - Auslogics Labs Pty Ltd)
AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 19.4.3089 - AVG Technologies)
Backup Manager Basic (HKLM-x32\...\{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.68 - NewTech Infosystems) Hidden
Bejeweled 2 Deluxe (HKLM-x32\...\WT088300) (Version: 2.2.0.95 - WildTangent) Hidden
Blackhawk Striker 2 (HKLM-x32\...\WT088373) (Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot 2 (HKLM-x32\...\WT088310) (Version: 2.2.0.95 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.55 - Piriform)
Chuzzle Deluxe (HKLM-x32\...\WT088312) (Version: 2.2.0.95 - WildTangent) Hidden
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.3216.50 - CyberLink Corp.)
Diner Dash 2 Restaurant Rescue (HKLM-x32\...\WT088318) (Version: 2.2.0.95 - WildTangent) Hidden
Dora's Carnival Adventure (HKLM-x32\...\WT088393) (Version: 2.2.0.95 - WildTangent) Hidden
EaseUS Todo Backup Free 11.0 (HKLM-x32\...\EaseUS Todo Backup_is1) (Version: 11.0 - CHENGDU YIWO Tech Development Co., Ltd)
eSobi v2 (HKLM-x32\...\{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.) Hidden
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
FATE (HKLM-x32\...\WT088413) (Version: 2.2.0.95 - WildTangent) Hidden
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 9.4.0.16811 - Foxit Software Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 74.0.3729.131 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.7 - Google LLC) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
Java 8 Update 161 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Jewel Quest - Heritage (HKLM-x32\...\WT088653) (Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire 2 (HKLM-x32\...\WT088350) (Version: 2.2.0.95 - WildTangent) Hidden
John Deere Drive Green (HKLM-x32\...\WT088445) (Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (HKLM-x32\...\{8E5233E1-7495-44FB-8DEB-4BE906D59619}) (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.14 - Acer Inc.)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Media Player 10 (HKLM-x32\...\Media Player 10) (Version: 10.0.0 - CodeTechno)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24123 (HKLM-x32\...\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}) (Version: 14.0.24123.0 - Microsoft Corporation)
Microsoft Windows Debugging Symbols (HKLM-x32\...\{8DD62FB6-083D-40B9-9D7D-48449FDDDED5}) (Version: 7601 - Microsoft)
MyWinLocker (HKLM-x32\...\{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}) (Version: 3.1.212.0 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.212.0 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.212.0 - Egis Technology Inc.)
Penguins! (HKLM-x32\...\WT088449) (Version: 2.2.0.95 - WildTangent) Hidden
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Plants vs. Zombies (HKLM-x32\...\WT088364) (Version: 2.2.0.95 - WildTangent) Hidden
PokerStars (HKLM-x32\...\PokerStars) (Version:  - PokerStars)
Polar Bowler (HKLM-x32\...\WT088453) (Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (HKLM-x32\...\WT088457) (Version: 2.2.0.95 - WildTangent) Hidden
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6034 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30122 - Realtek Semiconductor Corp.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.63.0 - Samsung Electronics Co., Ltd.)
Shredder (HKLM\...\{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}) (Version: 2.0.8.3 - Egis Technology Inc.) Hidden
Shredder (HKLM-x32\...\{C2695E83-CF1D-43D1-84FE-B3BEC561012A}) (Version: 2.0.8.3 - Egis Technology Inc.) Hidden
Smart Switch (HKLM-x32\...\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.2.18091.6 - Samsung Electronics Co., Ltd.) Hidden
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.2.18091.6 - Samsung Electronics Co., Ltd.)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.19.0 - Synaptics Incorporated)
SyncDroid version 1.2.5 (HKLM-x32\...\{BE7E35A4-59E5-412B-9B18-57B4938B8C0B}_is1) (Version: 1.2.5 - JunTu Software, Inc.)
Syncios 6.5.4 (HKLM-x32\...\Syncios) (Version: 6.5.4 - Anvsoft)
Virtual Villagers 4 - The Tree of Life (HKLM-x32\...\WT088553) (Version: 2.2.0.95 - WildTangent) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3004 - Acer Incorporated)
WinDFT (HKLM-x32\...\{065F384A-5C64-4532-814A-A24BA5374503}) (Version: 1.0.0 - HGST)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (12/06/2010 4.0.0000.00000) (HKLM\...\30B2813B1F17EF6D99360A190E7F0D3BA2F0DC3C) (Version: 12/06/2010 4.0.0000.00000 - Google, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
ZTE Handset USB Driver (HKLM\...\{01D42BF0-ED08-463f-8A28-99EB6FEE962B}) (Version:  - ZTE Corporation)
ZTE Handset USB Driver (HKLM\...\{D2D77DC2-8299-11D1-8949-444553540000}_is1) (Version: 5.2104.1.02B06 - ZTE Corporation)
Zuma's Revenge (HKLM-x32\...\WT088517) (Version: 2.2.0.95 - WildTangent) Hidden

========================= Devices: ================================

========================= Memory info: ===================================

Percentage of memory in use: 49%
Total physical RAM: 2810.9 MB
Available physical RAM: 1433.04 MB
Total Virtual: 5619.94 MB
Available Virtual: 4169.52 MB

========================= Partitions: =====================================

1 Drive c: (Acer) (Fixed) (Total:284.99 GB) (Free:197.68 GB) NTFS

========================= Users: ========================================

User accounts for \\DRAGONSGRL-PC

Administrator            Dragonsgrl               Guest                   

========================= Minidump Files ==================================

No minidump file found

**** End of log ****


  • 0

#9
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,658 posts
  • MVP

It looks like the network stuff is now good.  Is Chrome working now?


  • 0

#10
dolface755

dolface755

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 247 posts

Actually I haven't tried opening it up since we started. Wasn't sure if maybe after saving the "default" folder if it wasn't a good idea to uninstall and reinstall it...maybe there was something I was missing in the program


  • 0

Advertisements


#11
dolface755

dolface755

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 247 posts

Ok just tried opening Chrome again. It's still doing the same thing. It will give me 2 icons on the taskbar saying Chrome, 1 says page unresponsive the other says ``untitled``. In my task manager it says there are 15 different Chrome pages, and then the computer shuts down and reboots saying it didn`t shut down properly. I tried taking screen shots for you, but it reboots too quickly for me to get them


  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,658 posts
  • MVP

Uninstall Java 8 Update 161

 

You probably don't need it and it can cause problems.

 

Let's clear up some deadwood.

Download the attached fixlist.txt to the same location as FRST

Attached File  fixlist.txt   6.41KB   14 downloads

Run FRST and press Fix
A fix log will be generated please post that

Reboot if the fix doesn't reboot it for you

Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.

 

 

Get tcpview.  https://live.sysinte...com/Tcpview.exeDownload, Save and then run it by right clicking and Run As Admin.  Start up Chrome using All Programs, Google Chrome instead of any icon on your desktop.  Go back to tcpview

Then File, Save As (to your desktop), tcp , OK.  This should create a  file tcp.txt on your desktop.  Attach or copy and paste it to a reply.
 


  • 0

#13
dolface755

dolface755

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 247 posts

Ok I am just on my way to hospital. I will run scans and such as soon as I'm back. I just wanted to send you this.  I shut this stupid thing off last night because ever since I received it, if you leave windows open and just close monitor it will not start up again. Anyways, I tried opening IE to see if you replied and I got this strange download that I have no idea where it came from...I'm attaching jpeg if you could tell me what this is.

Thank you again

Attached Thumbnails

  • new.jpg

  • 0

#14
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,658 posts
  • MVP

It's just a bad ad.  For IE you can use the adblock plus program to prevent ads from showing up so it should prevent pubmatic from bothering you.

https://adblockplus.org/en/download


  • 0

#15
dolface755

dolface755

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 247 posts

I thought so. I know I didn't request anything that was an image.

 

Ok Here's the FIX.TXT log. I will post the next ones as I do them

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 16-05.2019
Ran by Dragonsgrl (17-05-2019 18:00:22) Run:1
Running from C:\Users\Dragonsgrl\Desktop
Loaded Profiles: Dragonsgrl (Available Profiles: Dragonsgrl)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM-x32\...\Run: [NPSStartup] => [X]
HKU\S-1-5-21-3326494740-2715231408-2236335189-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22488952 2019-03-11] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-3326494740-2715231408-2236335189-1001\...\MountPoints2: {4131879e-c31e-11e8-903f-1c75080899c1} - E:\windows\AutoRun.exe
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\74.0.3729.131\Installer\chrmstp.exe [2019-05-09] (Google LLC -> Google Inc.)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKU\S-1-5-21-3326494740-2715231408-2236335189-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://ca.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_anvsft_18_11&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dca%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyE0CtD0FyC0EtCtBtDtD0DyBzzyBtByBtN0D0Tzu0StBtByCyDtN1L2XzuyEtFtBtCtFtDtFtCtBtAtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyD0FyDtBzz0EyDyCtGtAyBtB0CtGtD0A0A0DtGtBtBzyyEtG0BtAtC0AyE0AtCzyyC0BzzyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE1TtCtB1QtC1TyBtG1R1R1PyDtGyEtA1P1QtG1S1Q1QtDtG1R1RyCtA1Ozzzy1RtB1P1Tzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDtBtCtCyEzzzzyEtA%26cr%3D567869070%26a%3Dwbf_anvsft_18_11%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_161\bin\ssv.dll [2018-01-21] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-01-21] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
CHR DefaultSearchURL: Default -> hxxps://ca.search.yahoo.com/search{google:pathWildcard}?ei={inputEncoding}&fr=crmas&p={searchTerms}
CHR DefaultSearchKeyword: Default -> ca.yahoo.com
CHR DefaultSuggestURL: Default -> hxxps://ca.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}
HKU\S-1-5-21-3326494740-2715231408-2236335189-1001\...\ChromeHTML: ->  <==== ATTENTION
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
MSCONFIG\startupreg: Chromium => "c:\users\dragonsgrl\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory=Default --restore-last-session
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
Reboot:

 

 

*****************

"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\NPSStartup" => removed successfully
"HKU\S-1-5-21-3326494740-2715231408-2236335189-1001\Software\Microsoft\Windows\CurrentVersion\Run\\CCleaner Smart Cleaning" => removed successfully
HKU\S-1-5-21-3326494740-2715231408-2236335189-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4131879e-c31e-11e8-903f-1c75080899c1} => removed successfully
HKLM\Software\Classes\CLSID\{4131879e-c31e-11e8-903f-1c75080899c1} => not found
HKLM\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96} => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKU\S-1-5-21-3326494740-2715231408-2236335189-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146} => removed successfully
HKLM\Software\Classes\CLSID\{2f23ab71-4ac6-41f2-a955-ea576e553146} => not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{2f23ab71-4ac6-41f2-a955-ea576e553146} => not found
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => not found
HKLM\Software\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => not found
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => not found
HKLM\Software\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => not found
"Chrome DefaultSearchURL" => removed successfully
"Chrome DefaultSearchKeyword" => removed successfully
"Chrome DefaultSuggestURL" => removed successfully
HKU\S-1-5-21-3326494740-2715231408-2236335189-1001_Classes\ChromeHTML => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00avg => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Chromium => removed successfully

========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========

========= End of CMD: =========

 

The system needed a reboot.

==== End of Fixlog 18:01:40 ====


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP