[RobJames]

Where to begin, I'm running an old OS Win 7 64. I can't install Malwarebytes, because my Windows won't update (a requirement of Mawarebytes) So I'm stuck before I begin. I suspect I have a Trojan because I keep getting threatening emails claiming they put one on, and are demanding money, to remove it. The second reason I believe it's true, is my External Drive D: is acting up, doing weird things like not letting me extract files, because of non Security ID Ownership and sometimes even renaming my User Security ID's name. So I'm at a loss, I probably can't be helped, but if there is hope, I'm willing to follow orders. As a side note, I have re-formatted my C: drive and still the problem comes back. So I suspect they are leaving the Trojan installer on my D: drive. I don't know.........I'm just guessing here. I'm thinking the file FXSAPIDebugLogFile in my Temp folder has something to do with it, but again, I'm only guessing here. Thanks for your time Gentlemen.

 

Rob,

[Advertisements]

Install the free version of Avast.  It still works on Win 7.

 

https://www.avast.co...-7-antivirus#pc

 

(They usually try and talk you into the paid version but stick to the basic free version. )

 

Don't do the recommend quick scan instead:

 

Once you get it installed (and the system has rebooted) have Avast do a boot time scan:

 

lick on the Avast ball.  Then click on Protection, then on Antivirus, then on Other Scans then on Boot-time Scan.  Click on Install Special Definitions.  wait until it finishes downloading.  Click on Run on Next PC Reboot.

 

When you reboot you will see the scan start.  It will tell you where it saves its log.  Usually it's C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location.   This is a hidden location so you will need to tell Windows to let you see it:

 

http://www.howtogeek...-windows-vista/

 

Copy and paste the text from the log to a Reply when done.

 

It may take hours so I usually let it run while I sleep.. (Mute your speakers so it doesn't wake you up when Windows boots.)

Once it finishes it should load windows.   

 

I would also like to see your FRST logs:

 

Step 3 in

https://www.geekstog...before-posting/

[RKinner]

Install the free version of Avast.  It still works on Win 7.

 

https://www.avast.co...-7-antivirus#pc

 

(They usually try and talk you into the paid version but stick to the basic free version. )

 

Don't do the recommend quick scan instead:

 

Once you get it installed (and the system has rebooted) have Avast do a boot time scan:

 

lick on the Avast ball.  Then click on Protection, then on Antivirus, then on Other Scans then on Boot-time Scan.  Click on Install Special Definitions.  wait until it finishes downloading.  Click on Run on Next PC Reboot.

 

When you reboot you will see the scan start.  It will tell you where it saves its log.  Usually it's C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location.   This is a hidden location so you will need to tell Windows to let you see it:

 

http://www.howtogeek...-windows-vista/

 

Copy and paste the text from the log to a Reply when done.

 

It may take hours so I usually let it run while I sleep.. (Mute your speakers so it doesn't wake you up when Windows boots.)

Once it finishes it should load windows.   

 

I would also like to see your FRST logs:

 

Step 3 in

https://www.geekstog...before-posting/

[RobJames]

Okay, I'm on it. I'll be back as soon as the first log is finished. Wow, it's surprisingly small, and oddly enough it shows 0 infections. But I know my system is infected. Anyways, here it is.

 

02/02/2024 12:12
Scan of C:

Scan of *STARTUP

File C:\Program Files (x86)\XPOSE2\TopologyFile\ProductInfo\code.xlsx|>EncryptedPackage Error 42056 {Archive is password protected.}
Number of searched folders: 18520
Number of tested files: 419620
Number of infected files: 0

 

Just as a side note, I did download FRST to my Desktop, but it reports it's unable to update, which according to the instructions is very important. I am running "As Admin", and it is scanning, but it seems to be unable to update. Don't know if that's important, just reporting what I see. Here is the FRST log.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-05-2021 (ATTENTION: ====> FRST version is 989 days old and could be outdated)
Ran by Rob (administrator) on ROB-PC (Hewlett-Packard HP EliteDesk 800 G1 SFF) (02-02-2024 15:04:08)
Running from C:\Users\Rob\Desktop
Loaded Profiles: Rob
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Acronis International GmbH -> Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Acronis International GmbH -> Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis International GmbH -> Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Adobe Systems, Incorporated -> Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswidsagent.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswToolsSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastUI.exe <3>
(Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Intel Corporation) [File not signed] C:\Windows\System32\IPROSetMonitor.exe
(Invincea, Inc. -> Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Invincea, Inc. -> Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <27>

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [117472 2024-02-02] (Avast Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [454248 2013-08-02] (Canon Inc. -> CANON INC.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [821144 2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1826356920-3857332481-2531623900-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [785416 2015-02-17] (Invincea, Inc. -> Sandboxie Holdings, LLC)
HKLM\...\Windows x64\Print Processors\Canon MX470 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDC2.DLL [30208 2013-09-12] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\Windows\system32\AdobePDF.dll [53656 2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Inc)
HKLM\...\Print\Monitors\Canon BJ FAX Language Monitor MX470 series: C:\Windows\system32\CNCALC2.DLL [303104 2013-09-25] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MX470 series: C:\Windows\system32\CNMLMC2.DLL [391168 2013-09-12] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJNP Port: C:\Windows\system32\CNMN6PPM.DLL [360448 2013-09-11] (CANON INC.) [File not signed]
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {4B93CF86-F2BC-4C44-A315-2C65ACD7CF0E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [665944 2021-04-01] (HP Inc. -> HP Inc.)
Task: {4FCB9550-F48B-4F00-BC94-93B671BA38E8} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {7DD375F0-1055-43E6-B493-899705D9F29B} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [4686560 2024-02-02] (Avast Software s.r.o. -> AVAST Software)
Task: {827C0748-8AFD-4A03-9BDC-200F06BB7D2B} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [724384 2024-01-23] (Mozilla Corporation -> Mozilla Foundation)
Task: {C2512B8F-B1EA-474E-9834-B58819BBF29C} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2144664 2024-02-02] (Avast Software s.r.o. -> Avast Software)
Task: {C66BE133-D4C2-4803-8531-1B9FC06EB7A6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [134768 2021-04-01] (HP Inc. -> HP Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 75.153.171.116
Tcpip\..\Interfaces\{412E24BC-A83B-4B77-9712-43236CCBC76C}: [DhcpNameServer] 192.168.1.254 75.153.171.116
HKLM\System\...\Parameters\PersistentRoutes: [169.254.0.0,255.255.0.0,192.168.1.75,1]

FireFox:
========
FF DefaultProfile: 5mhfxg7g.default
FF ProfilePath: C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\5mhfxg7g.default [2023-08-14]
FF ProfilePath: C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\9lks6zxe.default-esr [2024-02-02]
FF DownloadDir: D:\Downloads
FF Homepage: Mozilla\Firefox\Profiles\9lks6zxe.default-esr -> hxxps://www.google.ca
FF Notifications: Mozilla\Firefox\Profiles\9lks6zxe.default-esr -> hxxps://web.skype.com
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2023-08-28] [Legacy] [not signed]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AcrSch2Svc; C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe [1263424 2014-08-14] (Acronis International GmbH -> Acronis)
R2 afcdpsrv; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [3996664 2023-08-14] (Acronis International GmbH -> Acronis)
R3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [7888408 2024-02-02] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [623216 2024-02-02] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [353504 2024-02-02] (Avast Software s.r.o. -> AVAST Software)
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [403576 2021-04-01] (HP Inc. -> HP Inc.)
R2 Intel® PROSet Monitoring Service; C:\Windows\system32\IProsetMonitor.exe [506368 2019-11-19] (Intel Corporation) [File not signed]
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [175112 2015-02-17] (Invincea, Inc. -> Sandboxie Holdings, LLC)
R2 syncagentsrv; C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [6847712 2014-09-13] (Acronis International GmbH -> Acronis)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [35680 2024-02-02] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [208552 2024-02-02] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [365520 2024-02-02] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [250328 2024-02-02] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [99288 2024-02-02] (Avast Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [41304 2024-02-02] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [177872 2024-02-02] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\Windows\System32\drivers\aswNetHub.sys [524416 2024-02-02] (Avast Software s.r.o. -> AVAST Software)
R3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [38152 2024-02-02] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [107808 2024-02-02] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [83368 2024-02-02] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [850120 2024-02-02] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [466696 2024-02-02] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [216376 2024-02-02] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [326976 2024-02-02] (Avast Software s.r.o. -> AVAST Software)
R0 file_tracker; C:\Windows\System32\DRIVERS\file_tracker.sys [296736 2023-08-14] (Acronis International GmbH -> Acronis International GmbH)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2009-02-10] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.)
R3 NAL; C:\Windows\system32\Drivers\iqvw64e.sys [50152 2019-10-08] (Intel® INTELND1617 -> Intel Corporation) [File not signed]
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [237064 2015-02-17] (Invincea, Inc. -> Sandboxie Holdings, LLC)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1328928 2023-08-14] (Acronis International GmbH -> Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [234784 2023-08-14] (Acronis International GmbH -> Acronis International GmbH)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-02-02 15:04 - 2024-02-02 15:05 - 000012011 _____ C:\Users\Rob\Desktop\FRST.txt
2024-02-02 14:59 - 2024-02-02 15:04 - 000000000 ____D C:\FRST
2024-02-02 14:59 - 2024-02-02 14:59 - 002299904 _____ (Farbar) C:\Users\Rob\Desktop\FRST64.exe
2024-02-02 12:05 - 2024-02-02 12:05 - 000002079 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2024-02-02 12:05 - 2024-02-02 12:05 - 000002079 _____ C:\ProgramData\Desktop\Avast Free Antivirus.lnk
2024-02-02 12:05 - 2024-02-02 12:05 - 000000000 ____D C:\Users\Rob\AppData\Roaming\Avast Software
2024-02-02 12:05 - 2024-02-02 12:05 - 000000000 ____D C:\Users\Rob\AppData\Local\CEF
2024-02-02 12:05 - 2024-02-02 12:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2024-02-02 12:04 - 2024-02-02 12:04 - 000003910 _____ C:\Windows\system32\Tasks\Avast Emergency Update
2024-02-02 12:04 - 2024-02-02 12:04 - 000000000 ____D C:\Windows\system32\Tasks\Avast Software
2024-02-02 12:03 - 2024-02-02 12:03 - 000850120 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2024-02-02 12:03 - 2024-02-02 12:03 - 000524416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetHub.sys
2024-02-02 12:03 - 2024-02-02 12:03 - 000466696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2024-02-02 12:03 - 2024-02-02 12:03 - 000365520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys
2024-02-02 12:03 - 2024-02-02 12:03 - 000339680 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2024-02-02 12:03 - 2024-02-02 12:03 - 000326976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2024-02-02 12:03 - 2024-02-02 12:03 - 000250328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys
2024-02-02 12:03 - 2024-02-02 12:03 - 000216376 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2024-02-02 12:03 - 2024-02-02 12:03 - 000208552 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2024-02-02 12:03 - 2024-02-02 12:03 - 000177872 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2024-02-02 12:03 - 2024-02-02 12:03 - 000107808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2024-02-02 12:03 - 2024-02-02 12:03 - 000099288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys
2024-02-02 12:03 - 2024-02-02 12:03 - 000083368 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2024-02-02 12:03 - 2024-02-02 12:03 - 000041304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2024-02-02 12:03 - 2024-02-02 12:03 - 000038152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetNd6.sys
2024-02-02 12:03 - 2024-02-02 12:03 - 000035680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArDisk.sys
2024-02-02 12:03 - 2024-02-02 12:03 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2024-02-02 12:03 - 2024-02-02 12:03 - 000000000 ____D C:\Program Files\Avast Software
2024-02-02 12:02 - 2024-02-02 15:01 - 000000000 ____D C:\ProgramData\Avast Software
2024-02-01 10:10 - 2024-02-01 10:10 - 002582384 _____ (Malwarebytes) C:\Users\Rob\Downloads\MBSetup.exe
2024-02-01 09:43 - 2024-02-01 09:43 - 000173310 _____ C:\Windows\ntbtlog.txt
2024-02-01 09:25 - 2024-02-01 09:25 - 000420852 _____ C:\Users\Rob\AppData\Local\census.cache
2024-02-01 09:25 - 2024-02-01 09:25 - 000254263 _____ C:\Users\Rob\AppData\Local\ars.cache
2024-02-01 09:14 - 2024-02-01 09:14 - 000000036 _____ C:\Users\Rob\AppData\Local\housecall.guid.cache
2024-02-01 09:14 - 2024-02-01 09:14 - 000000000 ____D C:\Program Files\Trend Micro
2024-01-23 10:08 - 2024-02-01 08:53 - 000000000 ____D C:\Program Files\Mozilla Firefox
2024-01-08 11:48 - 2024-01-08 11:48 - 000000000 ____D C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\realtech VR
2024-01-08 11:48 - 2024-01-08 11:48 - 000000000 ____D C:\Program Files (x86)\realtech VR
2024-01-08 09:45 - 2024-01-08 09:45 - 000000000 ____D C:\Users\Rob\AppData\Roaming\SketchUp
2024-01-08 09:42 - 2024-01-08 10:25 - 000002158 _____ C:\Users\Public\Desktop\Style Builder 2017.lnk
2024-01-08 09:42 - 2024-01-08 10:25 - 000002158 _____ C:\ProgramData\Desktop\Style Builder 2017.lnk
2024-01-08 09:42 - 2024-01-08 10:25 - 000002072 _____ C:\Users\Public\Desktop\LayOut 2017.lnk
2024-01-08 09:42 - 2024-01-08 10:25 - 000002072 _____ C:\ProgramData\Desktop\LayOut 2017.lnk
2024-01-08 09:42 - 2024-01-08 10:25 - 000001987 _____ C:\Users\Public\Desktop\SketchUp 2017.lnk
2024-01-08 09:42 - 2024-01-08 10:25 - 000001987 _____ C:\ProgramData\Desktop\SketchUp 2017.lnk
2024-01-08 09:42 - 2024-01-08 10:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SketchUp 2017
2024-01-08 09:42 - 2024-01-08 09:42 - 000000000 ____D C:\ProgramData\SketchUp
2024-01-08 09:42 - 2024-01-08 09:42 - 000000000 ____D C:\ProgramData\Reprise
2024-01-08 09:42 - 2024-01-08 09:42 - 000000000 ____D C:\Program Files\SketchUp

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-02-02 14:53 - 2023-08-14 09:59 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2024-02-02 12:39 - 2009-07-13 20:45 - 000021248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2024-02-02 12:39 - 2009-07-13 20:45 - 000021248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2024-02-02 12:36 - 2009-07-13 21:13 - 000778150 _____ C:\Windows\system32\PerfStringBackup.INI
2024-02-02 12:36 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\inf
2024-02-02 12:31 - 2009-07-13 21:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2024-02-02 12:09 - 2023-08-15 08:50 - 000001666 _____ C:\Windows\Sandboxie.ini
2024-02-01 08:53 - 2023-08-14 09:58 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2024-02-01 08:51 - 2023-08-15 08:48 - 000000000 ____D C:\Users\Rob\AppData\Local\JDownloader 2.0
2024-01-31 09:39 - 2023-08-14 09:58 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2024-01-09 09:12 - 2023-08-14 08:51 - 000768844 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2024-01-08 10:22 - 2023-08-14 10:05 - 000000000 ____D C:\ProgramData\Package Cache

==================== Files in the root of some directories ========

2024-02-01 09:25 - 2024-02-01 09:25 - 000254263 _____ () C:\Users\Rob\AppData\Local\ars.cache
2024-02-01 09:25 - 2024-02-01 09:25 - 000420852 _____ () C:\Users\Rob\AppData\Local\census.cache
2024-02-01 09:14 - 2024-02-01 09:14 - 000000036 _____ () C:\Users\Rob\AppData\Local\housecall.guid.cache

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2024-01-27 00:20
==================== End of FRST.txt ========================

 

And now the Addition log.

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-05-2021
Ran by Rob (02-02-2024 15:06:58)
Running from C:\Users\Rob\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2023-08-14 01:28:14)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1826356920-3857332481-2531623900-500 - Administrator - Disabled)
Guest (S-1-5-21-1826356920-3857332481-2531623900-501 - Limited - Enabled)
Rob (S-1-5-21-1826356920-3857332481-2531623900-1000 - Administrator - Enabled) => C:\Users\Rob

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {5078598A-1FA2-C888-AA5F-A9C66537DB12}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acronis True Image 2015 (HKLM-x32\...\{9C48ED33-4A66-4299-B274-BD8110AB6EAA}) (Version: 18.0.6525 - Acronis) Hidden
Acronis True Image 2015 (HKLM-x32\...\{9C48ED33-4A66-4299-B274-BD8110AB6EAA}Visible) (Version: 18.0.6525 - Acronis)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.0.0 - Adobe Systems)
Atmosphere (HKLM-x32\...\Atmosphere_is1) (Version:  - Spectrasonics, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 21.2.2455 - Avast Software)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: 1.5.1.4 - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.4.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.5.14 - Canon Inc.)
Canon MX470 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX470_series) (Version: 1.02 - Canon Inc.)
DroidKit (HKLM-x32\...\DroidKit) (Version: 1.0.1.1 - iMobie Inc.)
HP Support Solutions Framework (HKLM-x32\...\{FF81F9EB-61C1-48A4-8EE5-45C5D61BC0E0}) (Version: 12.19.53.13 - HP Inc.)
Intel® Chipset Device Software (HKLM-x32\...\{314d4c01-f54b-4125-a71f-1e2722c29050}) (Version: 10.1.1.40 - Intel® Corporation) Hidden
Intel® Network Connections 25.0.0.1000 (HKLM\...\PROSetDX) (Version: 25.0.0.1000 - Intel)
Ipswitch WS_FTP Pro (HKLM-x32\...\WS_FTP Pro) (Version:  - )
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
LAV Filters 0.74.1 (HKLM-x32\...\lavfilters_is1) (Version: 0.74.1 - Hendrik Leppkes)
Microsoft .NET Framework 4 Client Profile (HKLM\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox ESR (x64 en-US) (HKLM\...\Mozilla Firefox 115.7.0 ESR (x64 en-US)) (Version: 115.7.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 102.14.0 - Mozilla)
Native Instruments Kontakt 7 (HKLM-x32\...\Native Instruments Kontakt 7) (Version: 7.5.2.0 - Native Instruments)
OpenGL Extensions Viewer 6.4 (HKLM-x32\...\GLVIEW3) (Version: 649 - )
Sandboxie 4.16 (64-bit) (HKLM\...\Sandboxie) (Version: 4.16 - Sandboxie Holdings, LLC)
SketchUp 2017 (HKLM\...\{F1E181BD-01D6-4754-92CC-DB8C259B9B28}) (Version: 17.0.18899 - Trimble, Inc.)
Steinberg Cubase 5 (HKLM-x32\...\{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}) (Version: 5.1.2 - Steinberg Media Technologies GmbH)
Steinberg Drum Loop Expansion 01 (HKLM-x32\...\{490BF87E-1F75-4453-BF55-9F540543A3CA}) (Version: 1.0.0.1 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent ONE Content (HKLM-x32\...\{BD86F1AC-B594-46E4-85DC-1258AC9E2232}) (Version: 1.0.0.003 - Steinberg Media Technologies GmbH)
Steinberg HALionOne (HKLM-x32\...\{E70E7159-93B1-470D-9FBD-D8E9EF34B538}) (Version: 1.1.0.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Additional Content Set 01 (HKLM-x32\...\{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}) (Version: 1.0.0.001 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Expression Set (HKLM-x32\...\{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}) (Version: 1.0.1.0 - Steinberg Media Technologies GmbH)
Steinberg HALionOne GM Drum Set (HKLM-x32\...\{AC997F93-0757-4ED4-A701-F40C2D654D09}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne GM Set (HKLM-x32\...\{F057965A-D974-4C64-ADB1-4381CD4B8956}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Pro Set (HKLM-x32\...\{D82CDA0D-C182-42C8-8FF2-5649C98D6003}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Studio Drum Set (HKLM-x32\...\{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Studio Set (HKLM-x32\...\{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg Hypersonic VSTi DXi v2.0 (HKLM-x32\...\Steinberg Hypersonic VSTi DXi_is1) (Version:  - )
Steinberg LoopMash Content (HKLM-x32\...\{4D454CF8-12FD-464D-B57B-B46FE27B78BB}) (Version: 1.0.0.005 - Steinberg Media Technologies GmbH)
Steinberg REVerence Content 01 (HKLM-x32\...\{532B917B-8235-4FA5-BE36-643A8BB053A5}) (Version: 1.0.0.006 - Steinberg Media Technologies GmbH)
UltraISO Premium V9.33 (HKLM-x32\...\UltraISO_is1) (Version:  - )
Virtual Comport Driver (HKU\S-1-5-21-1826356920-3857332481-2531623900-1000\...\InstallShield_{C49F032D-7298-4324-8C9A-3892F21CAF9E}) (Version: 1.5.0 - STMicroelectronics)
Windows Driver Package - Silicon Laboratories Inc. (silabser) Ports  (09/27/2017 6.7.5.1893) (HKLM\...\3C57DA61F41601ACF85CC77F740AA00672E0BCD7) (Version: 09/27/2017 6.7.5.1893 - Silicon Laboratories Inc.)
Windows Driver Package - STMicroelectronics (usbser) Ports  (04/25/2010 1.3.1) (HKLM\...\1628ECA16EA833D7F30DD35215E306FAD333DF83) (Version: 04/25/2010 1.3.1 - STMicroelectronics)
WinRAR 6.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.11.0 - win.rar GmbH)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
WinRar License version 6.11 (HKLM-x32\...\{0B3E46A4-F620-4ABA-B3B8-CDFE01223112}_is1) (Version: 6.11 - JustFun598)
XPOSE 2.0.7.7 (HKLM-x32\...\XPOSE) (Version: 2.0.7.7 - RGBLink-Qter)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2024-02-02] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2014-09-09] (Acronis International GmbH -> Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2014-09-09] (Acronis International GmbH -> Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2014-09-09] (Acronis International GmbH -> Acronis)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2024-02-02] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2024-02-02] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [VersionsPageShellExt] -> {9E42900A-85F9-4E67-9778-575FBBA0A81C} => C:\Program Files (x86)\Acronis\TrueImageHome\x64\versions_page.dll [2014-09-09] (Acronis International GmbH -> Acronis)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal) [File not signed]
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal) [File not signed]
ContextMenuHandlers1-x32: [WS_FTP] -> {797F3885-5429-11D4-8823-0050DA59922B} => C:\Program Files (x86)\WS_FTP Pro\wsftpsi.dll [2003-05-23] (Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421) [File not signed]
ContextMenuHandlers2: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files (x86)\UltraISO\isoshl64.dll [2007-07-17] (EZB Systems, Inc.) [File not signed]
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2024-02-02] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers4: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files (x86)\UltraISO\isoshl64.dll [2007-07-17] (EZB Systems, Inc.) [File not signed]
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal) [File not signed]
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal) [File not signed]
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2024-02-02] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files (x86)\UltraISO\isoshl64.dll [2007-07-17] (EZB Systems, Inc.) [File not signed]
ContextMenuHandlers6: [VersionsPageShellExt] -> {9E42900A-85F9-4E67-9778-575FBBA0A81C} => C:\Program Files (x86)\Acronis\TrueImageHome\x64\versions_page.dll [2014-09-09] (Acronis International GmbH -> Acronis)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal) [File not signed]
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal) [File not signed]
ContextMenuHandlers6-x32: [WS_FTP] -> {797F3885-5429-11D4-8823-0050DA59922B} => C:\Program Files (x86)\WS_FTP Pro\wsftpsi.dll [2003-05-23] (Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421) [File not signed]

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

==================== Loaded Modules (Whitelisted) =============

2014-11-27 09:43 - 2014-11-27 10:51 - 001507328 _____ (Acronis) [File not signed] C:\Program Files (x86)\Common Files\Acronis\Home\libcrypto10.dll
2023-08-22 18:37 - 2013-08-02 07:43 - 000008192 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNSS_ENU.DLL
2023-08-22 18:37 - 2013-08-02 07:42 - 000307200 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNSS_IMG.dll
2023-08-22 18:37 - 2013-09-11 14:50 - 000360448 _____ (CANON INC.) [File not signed] C:\Windows\System32\CNMN6PPM.DLL
2024-02-02 12:03 - 2024-02-02 12:03 - 000011928 _____ (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\Avast Software\Avast\avast.local_vc142.crt\api-ms-win-core-file-l1-2-0.dll
2024-02-02 12:03 - 2024-02-02 12:03 - 000011720 _____ (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\Avast Software\Avast\avast.local_vc142.crt\api-ms-win-core-file-l2-1-0.dll
2024-02-02 12:03 - 2024-02-02 12:03 - 000014488 _____ (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\Avast Software\Avast\avast.local_vc142.crt\api-ms-win-core-localization-l1-2-0.dll
2024-02-02 12:03 - 2024-02-02 12:03 - 000012232 _____ (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\Avast Software\Avast\avast.local_vc142.crt\api-ms-win-core-processthreads-l1-1-1.dll
2024-02-02 12:03 - 2024-02-02 12:03 - 000012432 _____ (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\Avast Software\Avast\avast.local_vc142.crt\api-ms-win-core-synch-l1-2-0.dll
2024-02-02 12:03 - 2024-02-02 12:03 - 000012440 _____ (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\Avast Software\Avast\avast.local_vc142.crt\api-ms-win-core-timezone-l1-1-0.dll
2024-02-02 12:03 - 2024-02-02 12:03 - 000015816 _____ (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\Avast Software\Avast\avast.local_vc142.crt\api-ms-win-crt-convert-l1-1-0.dll
2024-02-02 12:03 - 2024-02-02 12:03 - 000012232 _____ (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\Avast Software\Avast\avast.local_vc142.crt\api-ms-win-crt-environment-l1-1-0.dll
2024-02-02 12:03 - 2024-02-02 12:03 - 000013768 _____ (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\Avast Software\Avast\avast.local_vc142.crt\api-ms-win-crt-filesystem-l1-1-0.dll
2024-02-02 12:03 - 2024-02-02 12:03 - 000012952 _____ (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\Avast Software\Avast\avast.local_vc142.crt\api-ms-win-crt-heap-l1-1-0.dll
2024-02-02 12:03 - 2024-02-02 12:03 - 000012464 _____ (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\Avast Software\Avast\avast.local_vc142.crt\api-ms-win-crt-locale-l1-1-0.dll
2024-02-02 12:03 - 2024-02-02 12:03 - 000021144 _____ (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\Avast Software\Avast\avast.local_vc142.crt\api-ms-win-crt-math-l1-1-0.dll
2024-02-02 12:03 - 2024-02-02 12:03 - 000020120 _____ (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\Avast Software\Avast\avast.local_vc142.crt\api-ms-win-crt-multibyte-l1-1-0.dll
2024-02-02 12:03 - 2024-02-02 12:03 - 000016536 _____ (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\Avast Software\Avast\avast.local_vc142.crt\api-ms-win-crt-runtime-l1-1-0.dll
2024-02-02 12:03 - 2024-02-02 12:03 - 000017864 _____ (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\Avast Software\Avast\avast.local_vc142.crt\api-ms-win-crt-stdio-l1-1-0.dll
2024-02-02 12:03 - 2024-02-02 12:03 - 000018376 _____ (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\Avast Software\Avast\avast.local_vc142.crt\api-ms-win-crt-string-l1-1-0.dll
2024-02-02 12:03 - 2024-02-02 12:03 - 000014280 _____ (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\Avast Software\Avast\avast.local_vc142.crt\api-ms-win-crt-time-l1-1-0.dll
2024-02-02 12:03 - 2024-02-02 12:03 - 000012232 _____ (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\Avast Software\Avast\avast.local_vc142.crt\api-ms-win-crt-utility-l1-1-0.dll
2024-02-02 12:03 - 2024-02-02 12:03 - 000590112 _____ (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\Avast Software\Avast\avast.local_vc142.crt\MSVCP140.dll
2024-02-02 12:03 - 2024-02-02 12:03 - 001035720 _____ (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\Avast Software\Avast\avast.local_vc142.crt\ucrtbase.DLL
2024-02-02 12:03 - 2024-02-02 12:03 - 000101872 _____ (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\Avast Software\Avast\avast.local_vc142.crt\VCRUNTIME140.dll
2024-02-02 12:03 - 2024-02-02 12:03 - 000044528 _____ (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\Avast Software\Avast\avast.local_vc142.crt\VCRUNTIME140_1.dll
2022-10-25 11:13 - 2022-10-25 11:13 - 000021976 _____ (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\Avast Software\Avast\defs\24020204\avast.local_vc142.crt\api-ms-win-core-file-l1-2-0.dll
2022-10-25 11:13 - 2022-10-25 11:13 - 000022008 _____ (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\Avast Software\Avast\defs\24020204\avast.local_vc142.crt\api-ms-win-core-file-l2-1-0.dll
2022-10-25 11:13 - 2022-10-25 11:13 - 000021976 _____ (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\Avast Software\Avast\defs\24020204\avast.local_vc142.crt\api-ms-win-core-localization-l1-2-0.dll
2022-10-25 11:13 - 2022-10-25 11:13 - 000022008 _____ (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\Avast Software\Avast\defs\24020204\avast.local_vc142.crt\api-ms-win-core-processthreads-l1-1-1.dll
2022-10-25 11:13 - 2022-10-25 11:13 - 000021976 _____ (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\Avast Software\Avast\defs\24020204\avast.local_vc142.crt\api-ms-win-core-synch-l1-2-0.dll
2022-10-25 11:13 - 2022-10-25 11:13 - 000021984 _____ (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\Avast Software\Avast\defs\24020204\avast.local_vc142.crt\api-ms-win-core-timezone-l1-1-0.dll
2022-10-25 11:13 - 2022-10-25 11:13 - 000026080 _____ (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\Avast Software\Avast\defs\24020204\avast.local_vc142.crt\api-ms-win-crt-convert-l1-1-0.dll
2022-10-25 11:13 - 2022-10-25 11:13 - 000022008 _____ (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\Avast Software\Avast\defs\24020204\avast.local_vc142.crt\api-ms-win-crt-environment-l1-1-0.dll
2022-10-25 11:13 - 2022-10-25 11:13 - 000021976 _____ (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\Avast Software\Avast\defs\24020204\avast.local_vc142.crt\api-ms-win-crt-filesystem-l1-1-0.dll
2022-10-25 11:13 - 2022-10-25 11:13 - 000021976 _____ (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\Avast Software\Avast\defs\24020204\avast.local_vc142.crt\api-ms-win-crt-heap-l1-1-0.dll
2022-10-25 11:13 - 2022-10-25 11:13 - 000022000 _____ (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\Avast Software\Avast\defs\24020204\avast.local_vc142.crt\api-ms-win-crt-locale-l1-1-0.dll
2022-10-25 11:13 - 2022-10-25 11:13 - 000030200 _____ (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\Avast Software\Avast\defs\24020204\avast.local_vc142.crt\api-ms-win-crt-math-l1-1-0.dll
2022-10-25 11:13 - 2022-10-25 11:13 - 000030200 _____ (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\Avast Software\Avast\defs\24020204\avast.local_vc142.crt\api-ms-win-crt-multibyte-l1-1-0.dll
2022-10-25 11:13 - 2022-10-25 11:13 - 000026072 _____ (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\Avast Software\Avast\defs\24020204\avast.local_vc142.crt\api-ms-win-crt-runtime-l1-1-0.dll
2022-10-25 11:13 - 2022-10-25 11:13 - 000026072 _____ (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\Avast Software\Avast\defs\24020204\avast.local_vc142.crt\api-ms-win-crt-stdio-l1-1-0.dll
2022-10-25 11:13 - 2022-10-25 11:13 - 000026104 _____ (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\Avast Software\Avast\defs\24020204\avast.local_vc142.crt\api-ms-win-crt-string-l1-1-0.dll
2022-10-25 11:13 - 2022-10-25 11:13 - 000021984 _____ (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\Avast Software\Avast\defs\24020204\avast.local_vc142.crt\api-ms-win-crt-time-l1-1-0.dll
2022-10-25 11:13 - 2022-10-25 11:13 - 000022008 _____ (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\Avast Software\Avast\defs\24020204\avast.local_vc142.crt\api-ms-win-crt-utility-l1-1-0.dll
2022-10-25 11:13 - 2022-10-25 11:13 - 000571312 _____ (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\Avast Software\Avast\defs\24020204\avast.local_vc142.crt\MSVCP140.dll
2022-10-25 11:13 - 2022-10-25 11:13 - 001123832 _____ (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\Avast Software\Avast\defs\24020204\avast.local_vc142.crt\ucrtbase.DLL
2022-10-25 11:13 - 2022-10-25 11:13 - 000098736 _____ (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\Avast Software\Avast\defs\24020204\avast.local_vc142.crt\VCRUNTIME140.dll
2022-10-25 11:13 - 2022-10-25 11:13 - 000038304 _____ (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\Avast Software\Avast\defs\24020204\avast.local_vc142.crt\VCRUNTIME140_1.dll
2024-02-02 12:03 - 2024-02-02 12:03 - 005621024 _____ (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\Avast Software\Avast\mfc140u.dll
2024-01-23 10:08 - 2023-09-28 09:55 - 000011728 _____ (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\Mozilla Firefox\api-ms-win-core-file-l1-2-0.dll
2024-01-23 10:08 - 2023-09-28 09:55 - 000011744 _____ (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\Mozilla Firefox\api-ms-win-core-file-l2-1-0.dll
2024-01-23 10:08 - 2023-09-28 09:55 - 000014800 _____ (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\Mozilla Firefox\api-ms-win-core-localization-l1-2-0.dll
2024-01-23 10:08 - 2023-09-28 09:55 - 000012240 _____ (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\Mozilla Firefox\api-ms-win-core-processthreads-l1-1-1.dll
2024-01-23 10:08 - 2023-09-28 09:55 - 000012240 _____ (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\Mozilla Firefox\api-ms-win-core-synch-l1-2-0.dll
2024-01-23 10:08 - 2023-09-28 09:55 - 000012240 _____ (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\Mozilla Firefox\api-ms-win-core-timezone-l1-1-0.dll
2024-01-23 10:08 - 2023-09-28 09:55 - 000015824 _____ (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\Mozilla Firefox\api-ms-win-crt-convert-l1-1-0.dll
2024-01-23 10:08 - 2023-09-28 09:55 - 000012240 _____ (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\Mozilla Firefox\api-ms-win-crt-environment-l1-1-0.dll
2024-01-23 10:08 - 2023-09-28 09:55 - 000013776 _____ (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\Mozilla Firefox\api-ms-win-crt-filesystem-l1-1-0.dll
2024-01-23 10:08 - 2023-09-28 09:55 - 000012752 _____ (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\Mozilla Firefox\api-ms-win-crt-heap-l1-1-0.dll
2024-01-23 10:08 - 2023-09-28 09:55 - 000012240 _____ (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\Mozilla Firefox\api-ms-win-crt-locale-l1-1-0.dll
2024-01-23 10:08 - 2023-09-28 09:55 - 000020944 _____ (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\Mozilla Firefox\api-ms-win-crt-math-l1-1-0.dll
2024-01-23 10:08 - 2023-09-28 09:55 - 000019920 _____ (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\Mozilla Firefox\api-ms-win-crt-multibyte-l1-1-0.dll
2024-01-23 10:08 - 2023-09-28 09:55 - 000064464 _____ (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\Mozilla Firefox\api-ms-win-crt-private-l1-1-0.dll
2024-01-23 10:08 - 2023-09-28 09:55 - 000016336 _____ (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\Mozilla Firefox\api-ms-win-crt-runtime-l1-1-0.dll
2024-01-23 10:08 - 2023-09-28 09:55 - 000017872 _____ (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\Mozilla Firefox\api-ms-win-crt-stdio-l1-1-0.dll
2024-01-23 10:08 - 2023-09-28 09:55 - 000018384 _____ (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\Mozilla Firefox\api-ms-win-crt-string-l1-1-0.dll
2024-01-23 10:08 - 2023-09-28 09:55 - 000014288 _____ (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\Mozilla Firefox\api-ms-win-crt-time-l1-1-0.dll
2024-01-23 10:08 - 2023-09-28 09:55 - 000012240 _____ (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\Mozilla Firefox\api-ms-win-crt-utility-l1-1-0.dll
2024-01-23 10:08 - 2023-09-28 09:55 - 004524496 _____ (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\Mozilla Firefox\d3dcompiler_47.dll
2024-01-23 10:08 - 2023-09-28 09:55 - 000566704 _____ (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\Mozilla Firefox\MSVCP140.dll
2024-01-23 10:08 - 2023-09-28 09:55 - 001035728 _____ (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\Mozilla Firefox\ucrtbase.DLL
2024-01-23 10:08 - 2023-09-28 09:55 - 000098224 _____ (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\Mozilla Firefox\VCRUNTIME140.dll
2024-01-23 10:08 - 2023-09-28 09:55 - 000037256 _____ (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\Mozilla Firefox\VCRUNTIME140_1.dll
2024-02-02 12:03 - 2024-02-02 12:03 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Avast Software\Avast\1033\avast.local_vc142.crt\api-ms-win-core-file-l1-2-0.dll
2024-02-02 12:03 - 2024-02-02 12:03 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Avast Software\Avast\1033\avast.local_vc142.crt\api-ms-win-core-file-l2-1-0.dll
2024-02-02 12:03 - 2024-02-02 12:03 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Avast Software\Avast\1033\avast.local_vc142.crt\api-ms-win-core-localization-l1-2-0.dll
2024-02-02 12:03 - 2024-02-02 12:03 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Avast Software\Avast\1033\avast.local_vc142.crt\api-ms-win-core-processthreads-l1-1-1.dll
2024-02-02 12:03 - 2024-02-02 12:03 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Avast Software\Avast\1033\avast.local_vc142.crt\api-ms-win-core-synch-l1-2-0.dll
2024-02-02 12:03 - 2024-02-02 12:03 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Avast Software\Avast\1033\avast.local_vc142.crt\api-ms-win-core-timezone-l1-1-0.dll
2024-02-02 12:03 - 2024-02-02 12:03 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Avast Software\Avast\1033\avast.local_vc142.crt\api-ms-win-crt-convert-l1-1-0.dll
2024-02-02 12:03 - 2024-02-02 12:03 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Avast Software\Avast\1033\avast.local_vc142.crt\api-ms-win-crt-heap-l1-1-0.dll
2024-02-02 12:03 - 2024-02-02 12:03 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Avast Software\Avast\1033\avast.local_vc142.crt\api-ms-win-crt-runtime-l1-1-0.dll
2024-02-02 12:03 - 2024-02-02 12:03 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Avast Software\Avast\1033\avast.local_vc142.crt\api-ms-win-crt-stdio-l1-1-0.dll
2024-02-02 12:03 - 2024-02-02 12:03 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Avast Software\Avast\1033\avast.local_vc142.crt\api-ms-win-crt-string-l1-1-0.dll
2024-02-02 12:03 - 2024-02-02 12:03 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Avast Software\Avast\1033\avast.local_vc142.crt\ucrtbase.DLL
2024-02-02 12:03 - 2024-02-02 12:03 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Avast Software\Avast\1033\avast.local_vc142.crt\VCRUNTIME140.dll
2023-09-04 08:41 - 2022-03-03 05:16 - 000647832 _____ (win.rar GmbH -> Alexander Roshal) [File not signed] C:\Program Files\WinRAR\rarext.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Version 8) (Whitelisted) ==========

HKU\S-1-5-21-1826356920-3857332481-2531623900-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.ca/
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: WsftpBrowserHelper Class -> {601ED020-FB6C-11D3-87D8-0050DA59922B} -> C:\Program Files (x86)\WS_FTP Pro\wsbho2k0.dll [2003-05-23] (Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421) [File not signed]
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1826356920-3857332481-2531623900-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Windows -> Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Windows -> Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Windows -> Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Windows -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2023-08-14 18:43 - 000000901 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1 validation.sls.microsoft.com
127.0.0.1 activation.acronis.com

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1826356920-3857332481-2531623900-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254 - 75.153.171.116
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
MSCONFIG\startupreg: AcronisTibMounterMonitor => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
MSCONFIG\startupreg: TrueImageMonitor.exe => "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{684D2450-6338-47BE-AD6B-6AF705D43E2D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{93802BB9-9599-4D3C-877A-D4CC0311E624}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{275DFBBE-2D3B-4A06-A454-D632CA3AC6DC}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis International GmbH -> Acronis)
FirewallRules: [{8926CF4A-C254-4F9B-B04D-E60F9AD7B916}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis International GmbH -> Acronis)
FirewallRules: [{771BB7FC-87F0-4D28-88F9-1594BB309815}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis International GmbH -> Acronis)
FirewallRules: [{77D5B779-8DA3-4E20-A326-DCD218283D92}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis International GmbH -> Acronis)
FirewallRules: [{D9D003CC-472C-4B61-8B9F-84483ED15788}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis International GmbH -> Acronis)
FirewallRules: [{1FE7F445-AD43-4F07-9CD4-F9AFA265673F}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis International GmbH -> Acronis)
FirewallRules: [{0F8A1111-9DC6-4E2F-BDFD-921CAC0C540E}] => (Allow) C:\Program Files (x86)\XPOSE2\XPOSE.exe () [File not signed]
FirewallRules: [{294DDF00-A2EB-42D2-A788-9B6209583944}] => (Allow) C:\Program Files (x86)\XPOSE2\XPOSE.exe () [File not signed]

==================== Restore Points =========================

08-01-2024 09:41:01 Installed SketchUp 2017
08-01-2024 10:20:37 Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.32.31332
08-01-2024 10:21:06 Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.32.31332
08-01-2024 10:21:57 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215
09-01-2024 09:07:59 Installed Microsoft .NET Framework 4 Client Profile
09-01-2024 09:11:19 Installed Microsoft .NET Framework 4 Extended
17-01-2024 05:25:36 Scheduled Checkpoint
25-01-2024 00:00:03 Scheduled Checkpoint
01-02-2024 07:11:08 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============

Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: ========================

Application errors:
==================
Error: (02/02/2024 03:04:26 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
.

Error: (02/02/2024 03:04:26 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
.

Error: (02/02/2024 03:04:26 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
.

Error: (02/02/2024 03:04:26 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
.

Error: (02/02/2024 03:04:25 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
.

Error: (02/02/2024 03:04:25 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
.

Error: (02/02/2024 03:04:25 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
.

Error: (02/02/2024 03:04:25 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
.


System errors:
=============
Error: (02/02/2024 03:10:34 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.75.
The computer with the IP address 192.168.1.71 did not allow the name to be claimed by
this computer.

Error: (02/02/2024 03:05:24 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.75.
The computer with the IP address 192.168.1.71 did not allow the name to be claimed by
this computer.

Error: (02/02/2024 03:00:51 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (02/02/2024 03:00:51 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (02/02/2024 03:00:51 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (02/02/2024 03:00:14 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.75.
The computer with the IP address 192.168.1.71 did not allow the name to be claimed by
this computer.

Error: (02/02/2024 02:59:56 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (02/02/2024 02:59:56 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.


==================== Memory info ===========================

BIOS: Hewlett-Packard L01 v02.57 12/11/2014
Motherboard: Hewlett-Packard 1998
Processor: Intel® Core™ i5-4590 CPU @ 3.30GHz
Percentage of memory in use: 86%
Total physical RAM: 4000.94 MB
Available physical RAM: 540.38 MB
Total Virtual: 8000.06 MB
Available Virtual: 2193.26 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:417.32 GB) NTFS
Drive d: (Local Disk) (Fixed) (Total:2794.52 GB) (Free:1575.59 GB) NTFS

\\?\Volume{258ed931-3a41-11ee-af8f-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 4C78386E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==========================================================
Disk: 1 (Size: 2794.5 GB) (Disk ID: 0FC27EF8)

Partition: GPT.

==================== End of Addition.txt =======================

 

Edited by RobJames, 02 February 2024 - 05:26 PM.

[RKinner]

I expect Avast is eating FRST upgrades.  Right click on Avast's ball and select Avast shields control.  Then disable for one hour.

 

It should work then.

 

I don't see anything active but let's look a bit closer:

 

Get Process Explorer

 

https://live.sysinte...com/procexp.exe

 

Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  

View and check Show Processes From All Users 

 

View, Select Column, check Verified Signer, OK

Options, Verify Image Signatures

 

 

Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  

 

Wait a full minute then:

 

File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.

 

 

https://crystalmark....CrystalDiskInfo

 

 

 

Scroll down a bit and you will see a 

button that says Installer (Vista+).  That's the button you need to use to download the installer.  

Save the file then go to the download folder and right click on the file and run as admin.  

The program will install and then start up.   Once it reads the drives you just hit File then Save Text.  

Save the file to your desktop and then attach it or open it then copy and paste the text to a reply.  

 

[RobJames]

Sorry for the delay in my response, I've been sick in bed. Farbar won't update even with Avast disabled for an hour, so I don't know. Is there a way to download a fully updated version? Is it crucial that it's updated? I'm wondering if whatever has got my PC is able to stop those updates, to stop it from being discovered. Anyways, I'll begin working on the next steps. There doesn't seem to be a way to attach a jpeg to this post, am I missing something?

[RobJames]

I do not see options for these:

 

View, Select Column, check Verified Signer, OK

Options, Verify Image Signatures

 

In the View menu. But here is Processes Report:

 

Process    CPU    Private Bytes    Working Set    PID    Description    Company Name
System Idle Process    97.31    0 K    24 K    0        
procexp64.exe    1.54    59,744 K    81,652 K    4792    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com
csrss.exe    < 0.01    3,280 K    5,812 K    940    Client Server Runtime Process    Microsoft Corporation
svchost.exe    < 0.01    24,328 K    26,864 K    628    Host Process for Windows Services    Microsoft Corporation
Interrupts    < 0.01    0 K    0 K    n/a    Hardware Interrupts and DPCs    
System    < 0.01    492 K    592 K    4        
AvastUI.exe    < 0.01    39,100 K    50,756 K    3292    Avast Antivirus    AVAST Software
explorer.exe    < 0.01    48,956 K    38,616 K    3792    Windows Explorer    Microsoft Corporation
AvastSvc.exe    < 0.01    139,824 K    41,156 K    1444    Avast Service    AVAST Software
SbieCtrl.exe    < 0.01    5,716 K    8,680 K    1148    Sandboxie Control    Sandboxie Holdings, LLC
firefox.exe    < 0.01    42,580 K    55,140 K    6796    Firefox    Mozilla Corporation
firefox.exe    < 0.01    576,080 K    495,668 K    7156    Firefox    Mozilla Corporation
firefox.exe    < 0.01    154,080 K    193,680 K    936    Firefox    Mozilla Corporation
CNMNSST.exe    < 0.01    1,928 K    2,508 K    2444    Canon IJ Network Scanner Selector EX    CANON INC.
lsm.exe    < 0.01    2,852 K    1,992 K    376    Local Session Manager Service    Microsoft Corporation
svchost.exe    < 0.01    13,548 K    13,536 K    1104    Host Process for Windows Services    Microsoft Corporation
SearchIndexer.exe    < 0.01    21,236 K    9,980 K    2728    Microsoft Windows Search Indexer    Microsoft Corporation
services.exe    < 0.01    6,716 K    5,504 K    168    Services and Controller app    Microsoft Corporation
spoolsv.exe    < 0.01    8,448 K    4,340 K    2004    Spooler SubSystem App    Microsoft Corporation
svchost.exe    < 0.01    114,028 K    109,088 K    856    Host Process for Windows Services    Microsoft Corporation
svchost.exe    < 0.01    16,456 K    12,600 K    1376    Host Process for Windows Services    Microsoft Corporation
syncagentsrv.exe    < 0.01    4,908 K    1,492 K    4060    TrueImage Sync Agent Service    Acronis
wmpnetwk.exe        5,352 K    5,028 K    3180    Windows Media Player Network Sharing Service    Microsoft Corporation
winlogon.exe        3,348 K    1,700 K    996    Windows Logon Application    Microsoft Corporation
wininit.exe        1,744 K    492 K    948    Windows Start-Up Application    Microsoft Corporation
taskhost.exe        8,240 K    3,112 K    3664    Host Process for Windows Tasks    Microsoft Corporation
taskhost.exe        9,792 K    3,396 K    2404    Host Process for Windows Tasks    Microsoft Corporation
svchost.exe        20,416 K    12,396 K    816    Host Process for Windows Services    Microsoft Corporation
svchost.exe        5,204 K    5,372 K    720    Host Process for Windows Services    Microsoft Corporation
svchost.exe        4,596 K    4,208 K    636    Host Process for Windows Services    Microsoft Corporation
svchost.exe        11,280 K    9,432 K    1156    Host Process for Windows Services    Microsoft Corporation
svchost.exe        8,308 K    8,116 K    3888    Host Process for Windows Services    Microsoft Corporation
svchost.exe        2,148 K    6,496 K    5636    Host Process for Windows Services    Microsoft Corporation
smss.exe        540 K    384 K    484    Windows Session Manager    Microsoft Corporation
schedul2.exe        3,156 K    3,076 K    2120    Acronis Scheduler 2    Acronis
SbieSvc.exe        2,260 K    1,644 K    1168    Sandboxie Service    Sandboxie Holdings, LLC
procexp.exe        3,896 K    9,064 K    4944    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com
mspaint.exe        50,228 K    70,308 K    7044    Paint    Microsoft Corporation
lsass.exe        23,644 K    15,156 K    388    Local Security Authority Process    Microsoft Corporation
IPROSetMonitor.exe        1,944 K    1,524 K    2280    Intel® PROSet Monitoring Service    Intel Corporation
firefox.exe        31,740 K    30,532 K    2720    Firefox    Mozilla Corporation
firefox.exe        31,612 K    30,392 K    1776    Firefox    Mozilla Corporation
firefox.exe        50,696 K    82,452 K    6040    Firefox    Mozilla Corporation
firefox.exe        42,696 K    59,732 K    4624    Firefox    Mozilla Corporation
firefox.exe        175,516 K    207,828 K    5444    Firefox    Mozilla Corporation
firefox.exe        31,656 K    30,584 K    4604    Firefox    Mozilla Corporation
firefox.exe        41,192 K    52,944 K    4572    Firefox    Mozilla Corporation
firefox.exe        30,796 K    34,816 K    5168    Firefox    Mozilla Corporation
firefox.exe        22,084 K    18,008 K    5296    Firefox    Mozilla Corporation
firefox.exe        23,272 K    18,708 K    4912    Firefox    Mozilla Corporation
firefox.exe        21,976 K    16,876 K    6300    Firefox    Mozilla Corporation
firefox.exe        21,472 K    16,688 K    4980    Firefox    Mozilla Corporation
dwm.exe        2,144 K    764 K    3876    Desktop Window Manager    Microsoft Corporation
dllhost.exe        3,416 K    7,540 K    3548    COM Surrogate    Microsoft Corporation
csrss.exe        3,416 K    2,364 K    892    Client Server Runtime Process    Microsoft Corporation
AvastUI.exe        19,192 K    11,932 K    3808    Avast Antivirus    AVAST Software
AvastUI.exe        15,456 K    10,028 K    7432    Avast Antivirus    AVAST Software
AvastUI.exe        13,244 K    13,828 K    3556    Avast Antivirus    AVAST Software
aswToolsSvc.exe        61,212 K    38,780 K    1512    Avast Antivirus    AVAST Software
afcdpsrv.exe        2,816 K    512 K    2160    File Level CDP Manager Service    Acronis
acrotray.exe        1,488 K    624 K    3592    AcroTray    Adobe Systems Inc.


 

[RobJames]

And now the CrystalDisk info

 

----------------------------------------------------------------------------
CrystalDiskInfo 9.2.2 © 2008-2024 hiyohiyo
                                Crystal Dew World: https://crystalmark.info/
----------------------------------------------------------------------------

    OS : Windows 7 Ultimate SP1 [6.1 Build 7601] (x64)
  Date : 2024/02/04 13:44:41

-- Controller Map ----------------------------------------------------------
 + ATA Channel 2 (2) [ATA]
   - hp DVDRAM GTB0N ATA Device
 + Standard AHCI 1.0 Serial ATA Controller [ATA]
   + ATA Channel 0 (0)
     - TOSHIBA DT01ACA050 ATA Device
   - ATA Channel 2 (2)

-- Disk List ---------------------------------------------------------------
 (01) TOSHIBA DT01ACA050 : 500.1 GB [0/0/0, pd1]
 (02) ST3000DM001-1CH166 : 3000.5 GB [1/X/X, sa1] (V=2109, P=0711)

----------------------------------------------------------------------------
 (01) TOSHIBA DT01ACA050
----------------------------------------------------------------------------
           Model : TOSHIBA DT01ACA050
        Firmware : MS1OA7C0
   Serial Number : 25AUVPMKS
       Disk Size : 500.1 GB (8.4/137.4/500.1/500.1)
     Buffer Size : 23652 KB
     Queue Depth : 32
    # of Sectors : 976773168
   Rotation Rate : 7200 RPM
       Interface : Serial ATA
   Major Version : ACS-2
   Minor Version : ATA8-ACS version 4
   Transfer Mode : SATA/600 | SATA/600
  Power On Hours : 46180 hours
  Power On Count : 791 count
     Temperature : 37 C (98 F)
   Health Status : Good
        Features : S.M.A.R.T., APM, NCQ, GPL
       APM Level : 0000h [OFF]
       AAM Level : ----
    Drive Letter : C:

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 100 _95 _16 000000000001 Read Error Rate
02 142 100 _54 000000000047 Throughput Performance
03 126 100 _24 000300B600B6 Spin-Up Time
04 100 100 __0 00000000032B Start/Stop Count
05 100 100 __5 000000000000 Reallocated Sectors Count
07 100 100 _67 000000000000 Seek Error Rate
08 115 100 _20 000000000022 Seek Time Performance
09 _94 _94 __0 00000000B464 Power-On Hours
0A 100 100 _60 000000000000 Spin Retry Count
0C 100 100 __0 000000000317 Power Cycle Count
B7 100 100 __0 000000000000 Vendor Specific
B8 100 100 _97 000000000000 End-to-End Error
B9 100 100 __0 00000000FFFF Vendor Specific
BB _98 _98 __0 000000000002 Reported Uncorrectable Errors
BC 100 100 __0 000508670000 Command Timeout
BD 100 100 __0 000000000000 High Fly Writes
BE _63 _58 __0 00001B280025 Airflow Temperature
C0 100 100 __0 0000000003F6 Power-off Retract Count
C1 100 100 __0 0000000003F6 Load/Unload Cycle Count
C2 162 142 __0 002A000F0025 Temperature
C4 100 100 __0 000000000000 Reallocation Event Count
C5 100 100 __0 000000000000 Current Pending Sector Count
C6 100 100 __0 000000000000 Uncorrectable Sector Count
C7 200 200 __0 000000000000 UltraDMA CRC Error Count

-- IDENTIFY_DEVICE ---------------------------------------------------------
        0    1    2    3    4    5    6    7    8    9
000: 045A 3FFF C837 0010 0000 0000 003F 0000 0000 0000
010: 2020 2020 2020 2020 2020 2032 3541 5556 504D 4B53
020: 0003 B8C8 0004 4D53 314F 4137 4330 544F 5348 4942
030: 4120 4454 3031 4143 4130 3530 2020 2020 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 4000 2F00
050: 4000 0200 0200 0007 3FFF 0010 003F FC10 00FB 0110
060: FFFF 0FFF 0000 0007 0003 0078 0078 0078 0078 0008
070: 0000 0000 0000 0000 0000 001F 850E 0006 004C 0040
080: 03FC 0029 706B 7C09 4123 7069 BC01 4123 207F 0026
090: 0027 0000 FFFE 0000 0000 0000 0000 0000 0000 0000
100: 6030 3A38 0000 0000 0000 0000 6003 5A87 5000 039F
110: FFD9 D900 0000 0000 0000 0000 0000 0000 0000 401C
120: 401C 0000 0000 0000 0000 0000 0000 0000 0029 000B
130: 0000 0000 2182 0CF1 3A20 0001 4000 2804 0121 0000
140: 0000 0708 0000 0000 0000 0000 0000 0000 0000 0000
150: 0000 0005 5348 4237 0000 6841 0000 5DBD 7BC8 8000
160: 0000 0000 0000 0000 0000 0000 0000 0000 0002 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 0000 003D 0000 0000 4000
210: 0000 0000 0000 0000 0000 0000 0000 1C20 0000 0000
220: 0000 0000 103F 0000 0000 0000 0000 0000 0000 0000
230: 6030 3A38 0000 0000 0001 0080 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 1BA5

-- SMART_READ_DATA ---------------------------------------------------------
     +0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 2F 00 64 5F 01 00 00 00 00 00 00 02 27
010: 00 8E 64 47 00 00 00 00 00 00 03 23 00 7E 64 B6
020: 00 B6 00 03 00 00 04 32 00 64 64 2B 03 00 00 00
030: 00 00 05 33 00 64 64 00 00 00 00 00 00 00 07 2F
040: 00 64 64 00 00 00 00 00 00 00 08 25 00 73 64 22
050: 00 00 00 00 00 00 09 32 00 5E 5E 64 B4 00 00 00
060: 00 00 0A 33 00 64 64 00 00 00 00 00 00 00 0C 32
070: 00 64 64 17 03 00 00 00 00 00 B7 32 00 64 64 00
080: 00 00 00 00 00 00 B8 33 00 64 64 00 00 00 00 00
090: 00 00 B9 32 00 64 64 FF FF 00 00 00 00 00 BB 32
0A0: 00 62 62 02 00 00 00 00 00 00 BC 32 00 64 64 00
0B0: 00 67 08 05 00 00 BD 3A 00 64 64 00 00 00 00 00
0C0: 00 00 BE 22 00 3F 3A 25 00 28 1B 00 00 00 C0 32
0D0: 00 64 64 F6 03 00 00 00 00 00 C1 32 00 64 64 F6
0E0: 03 00 00 00 00 00 C2 22 00 A2 8E 25 00 0F 00 2A
0F0: 00 00 C4 32 00 64 64 00 00 00 00 00 00 00 C5 32
100: 00 64 64 00 00 00 00 00 00 00 C6 30 00 64 64 00
110: 00 00 00 00 00 00 C7 32 00 C8 C8 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 84 00 C3 0D 01 5B
170: 03 00 01 00 02 3B 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9F

-- SMART_READ_THRESHOLD ----------------------------------------------------
     +0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 10 00 00 00 00 00 00 00 00 00 00 02 36
010: 00 00 00 00 00 00 00 00 00 00 03 18 00 00 00 00
020: 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00
030: 00 00 05 05 00 00 00 00 00 00 00 00 00 00 07 43
040: 00 00 00 00 00 00 00 00 00 00 08 14 00 00 00 00
050: 00 00 00 00 00 00 09 00 00 00 00 00 00 00 00 00
060: 00 00 0A 3C 00 00 00 00 00 00 00 00 00 00 0C 00
070: 00 00 00 00 00 00 00 00 00 00 B7 00 00 00 00 00
080: 00 00 00 00 00 00 B8 61 00 00 00 00 00 00 00 00
090: 00 00 B9 00 00 00 00 00 00 00 00 00 00 00 BB 00
0A0: 00 00 00 00 00 00 00 00 00 00 BC 00 00 00 00 00
0B0: 00 00 00 00 00 00 BD 00 00 00 00 00 00 00 00 00
0C0: 00 00 BE 00 00 00 00 00 00 00 00 00 00 00 C0 00
0D0: 00 00 00 00 00 00 00 00 00 00 C1 00 00 00 00 00
0E0: 00 00 00 00 00 00 C2 00 00 00 00 00 00 00 00 00
0F0: 00 00 C4 00 00 00 00 00 00 00 00 00 00 00 C5 00
100: 00 00 00 00 00 00 00 00 00 00 C6 00 00 00 00 00
110: 00 00 00 00 00 00 C7 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E9

----------------------------------------------------------------------------
 (02) ST3000DM001-1CH166
----------------------------------------------------------------------------
       Enclosure : ST3000DM 001-1CH166 USB Device (V=2109, P=0711, sa1)
           Model : ST3000DM001-1CH166
        Firmware : CC43
   Serial Number : W1F1G0ZZ
       Disk Size : 3000.5 GB (8.4/137.4/3000.5/3000.5)
     Buffer Size : Unknown
     Queue Depth : 32
    # of Sectors : 5860533168
   Rotation Rate : 7200 RPM
       Interface : USB (Serial ATA)
   Major Version : ATA8-ACS
   Minor Version : ATA8-ACS version 4
   Transfer Mode : SATA/600 | SATA/600
  Power On Hours : 19006 hours
  Power On Count : 1188 count
     Temperature : 45 C (113 F)
   Health Status : Caution
        Features : S.M.A.R.T., APM, NCQ, GPL
       APM Level : 8080h [ON]
       AAM Level : ----
    Drive Letter : D:

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 _99 _68 __6 0000089AC447 Read Error Rate
03 _93 _90 __0 000000000000 Spin-Up Time
04 _97 _97 _20 000000000ED0 Start/Stop Count
05 100 100 _36 0000000003A8 Reallocated Sectors Count
07 _62 _57 _30 005B0950E54C Seek Error Rate
09 _79 _79 __0 000000004A3E Power-On Hours
0A 100 100 _97 000000000000 Spin Retry Count
0C _99 _99 _20 0000000004A4 Power Cycle Count
B7 _96 _96 __0 000000000004 Vendor Specific
B8 100 100 _99 000000000000 End-to-End Error
BB __1 __1 __0 00000000FFFF Reported Uncorrectable Errors
BC 100 __1 __0 001C001CAB58 Command Timeout
BD _96 _96 __0 000000000004 High Fly Writes
BE _55 _48 _45 00002E1C002D Airflow Temperature
BF 100 100 __0 000000000000 G-Sense Error Rate
C0 100 100 __0 000000000105 Power-off Retract Count
C1 _92 _92 __0 00000000411D Load/Unload Cycle Count
C2 _45 _52 __0 00070000002D Temperature
C5 _98 __1 __0 0000000001C8 Current Pending Sector Count
C6 _98 __1 __0 0000000001C8 Uncorrectable Sector Count
C7 200 200 __0 000000000004 UltraDMA CRC Error Count
F0 100 253 __0 786E00003EFF Head Flying Hours
F1 100 253 __0 001AFBFD8428 Total Host Writes
F2 100 253 __0 002AB0CC5D1B Total Host Reads

-- IDENTIFY_DEVICE ---------------------------------------------------------
        0    1    2    3    4    5    6    7    8    9
000: 0C5A 3FFF C837 0010 0000 0000 003F 0000 0000 0000
010: 2020 2020 2020 2020 2020 2020 5731 4631 4730 5A5A
020: 0000 0000 0004 4343 3433 2020 2020 5354 3330 3030
030: 444D 3030 312D 3143 4831 3636 2020 2020 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 4000 2F00
050: 4000 0200 0200 0007 3FFF 0010 003F FC10 00FB 0010
060: FFFF 0FFF 0000 0007 0003 0078 0078 0078 0078 0000
070: 0000 0000 0000 0000 0000 001F 850E 0006 004C 0040
080: 01F0 0029 346B 7D09 4163 3469 BC09 4163 407F 00A1
090: 00A1 8080 FFFE 0000 D000 0000 0000 0000 0000 0000
100: A3B0 5D50 0001 0000 0000 0000 6003 0000 5000 C500
110: 5CA1 7FC9 0000 0000 0000 0000 0000 0000 0000 401E
120: 401C 0000 0000 0000 0000 0000 0000 0000 0021 A3B0
130: 5D50 A3B0 5D50 2020 0002 0140 0100 5000 3C06 3C0A
140: 0000 003C 0000 0008 0000 0000 05FF 0280 0000 0000
150: 0008 0000 0000 0000 0000 0000 0000 0000 5800 A800
160: 0000 0000 0000 0000 0000 0000 0000 0000 0002 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 0000 3085 0000 0000 4000
210: 0000 0000 0000 0000 0000 0000 0000 1C20 0000 0000
220: 0000 0000 1020 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 73A5

-- SMART_READ_DATA ---------------------------------------------------------
     +0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 0A 00 01 0F 00 63 44 47 C4 9A 08 00 00 00 03 03
010: 00 5D 5A 00 00 00 00 00 00 00 04 32 00 61 61 D0
020: 0E 00 00 00 00 00 05 33 00 64 64 A8 03 00 00 00
030: 00 00 07 0F 00 3E 39 4C E5 50 09 5B 00 00 09 32
040: 00 4F 4F 3E 4A 00 00 00 00 00 0A 13 00 64 64 00
050: 00 00 00 00 00 00 0C 32 00 63 63 A4 04 00 00 00
060: 00 00 B7 32 00 60 60 04 00 00 00 00 00 00 B8 32
070: 00 64 64 00 00 00 00 00 00 00 BB 32 00 01 01 FF
080: FF 00 00 00 00 00 BC 32 00 64 01 58 AB 1C 00 1C
090: 00 00 BD 3A 00 60 60 04 00 00 00 00 00 00 BE 22
0A0: 00 37 30 2D 00 1C 2E 00 00 00 BF 32 00 64 64 00
0B0: 00 00 00 00 00 00 C0 32 00 64 64 05 01 00 00 00
0C0: 00 00 C1 32 00 5C 5C 1D 41 00 00 00 00 00 C2 22
0D0: 00 2D 34 2D 00 00 00 07 00 00 C5 12 00 62 01 C8
0E0: 01 00 00 00 00 00 C6 10 00 62 01 C8 01 00 00 00
0F0: 00 00 C7 3E 00 C8 C8 04 00 00 00 00 00 00 F0 00
100: 00 64 FD FF 3E 00 00 6E 78 03 F1 00 00 64 FD 28
110: 84 FD FB 1A 00 00 F2 00 00 64 FD 1B 5D CC B0 2A
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 48 02 00 73
170: 03 00 01 00 01 FF 02 4F 01 00 00 00 00 00 00 00
180: 00 00 00 00 01 00 00 00 05 07 08 09 07 07 07 09
190: 07 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 2F 00 0F 8C 88 8A 3B 3E 00 00
1B0: 00 00 00 00 01 00 B9 03 28 84 FD FB 1A 00 00 00
1C0: 1B 5D CC B0 2A 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 3F 00 00 00 12 06 00 00 01 00 00 00
1E0: 00 00 00 00 30 01 00 00 00 00 00 00 00 00 00 06
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 38

-- SMART_READ_THRESHOLD ----------------------------------------------------
     +0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 01 00 01 06 00 00 00 00 00 00 00 00 00 00 03 00
010: 00 00 00 00 00 00 00 00 00 00 04 14 00 00 00 00
020: 00 00 00 00 00 00 05 24 00 00 00 00 00 00 00 00
030: 00 00 07 1E 00 00 00 00 00 00 00 00 00 00 09 00
040: 00 00 00 00 00 00 00 00 00 00 0A 61 00 00 00 00
050: 00 00 00 00 00 00 0C 14 00 00 00 00 00 00 00 00
060: 00 00 B7 00 00 00 00 00 00 00 00 00 00 00 B8 63
070: 00 00 00 00 00 00 00 00 00 00 BB 00 00 00 00 00
080: 00 00 00 00 00 00 BC 00 00 00 00 00 00 00 00 00
090: 00 00 BD 00 00 00 00 00 00 00 00 00 00 00 BE 2D
0A0: 00 00 00 00 00 00 00 00 00 00 BF 00 00 00 00 00
0B0: 00 00 00 00 00 00 C0 00 00 00 00 00 00 00 00 00
0C0: 00 00 C1 00 00 00 00 00 00 00 00 00 00 00 C2 00
0D0: 00 00 00 00 00 00 00 00 00 00 C5 00 00 00 00 00
0E0: 00 00 00 00 00 00 C6 00 00 00 00 00 00 00 00 00
0F0: 00 00 C7 00 00 00 00 00 00 00 00 00 00 00 F0 00
100: 00 00 00 00 00 00 00 00 00 00 F1 00 00 00 00 00
110: 00 00 00 00 00 00 F2 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E3


 

[RKinner]

The D: drive is on its last legs.  You need to get a new drive and copy the data ASAP.  We can see from the Crystal report that it already has a lot of bad sectors and more pending plus Command Timeouts, read  and uncorrectable errors.

01 _99 _68 __6 0000089AC447 Read Error Rate

05 100 100 _36 0000000003A8 Reallocated Sectors Count
BB __1 __1 __0 00000000FFFF Reported Uncorrectable Errors
BC 100 __1 __0 001C001CAB58 Command Timeout
C5 _98 __1 __0 0000000001C8 Current Pending Sector Count
C6 _98 __1 __0 0000000001C8 Uncorrectable Sector Count

 

On a good drive the numbers in bold would be 0.  That explains the problem you are seeing.  As for the emails that's just spam.  They send that out to as many people as they can hoping that someone will be foolish enough to respond.  There is absolutely no sign of any infection.

[RobJames]

Okay, thanks for your help. Is there any way to get rid of these excessive spam emails? Casinos, Viagra, Ukrainian Women etc.?? I'll replace the D: drive. Thanks for your help once again.

 

Rob,

[RKinner]

What do you use for email?  I use gmail and their spam filter is pretty good.

[RobJames]

Well mine is an Outlook account, Hotmail to be specific. And it's filters are next to useless.

[RKinner]

If you get a gmail account you can tell gmail to read your hotmail account.  Pretty sure its filters will be applied.