View Full Version : Windows 7 advising to use basic graphic settings.
Hi
This is my first post in the forum and my PC has started to run really slow. I have run Ad-aware anti virus and spy-bot S&D and CCleaner, but the problem is still there, so much so that last Thursday Windows 7 triggered a recommendation to change my graphic settings to the basic settings due to the computer slow running. This problem is a bit beyond my computer savvy and I was advised to seek help from you guys. dds follows-
Thanks in anticipation and kind regards
Hissy1
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.18315
Run by Peter at 12:23:28 on 2016-06-14
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.16327.10635 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
SP: Microsoft Security Essentials *Enabled/Updated* {CDE0C533-D3CD-62A1-E772-AFADDF863628}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.11.898.9090\AdAwareService.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.11.898.9090\AdAwareTray.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = C:\Program Files\Internet Explorer\pcspecialist.html
mWinlogon: Userinit = userinit.exe
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
Trusted Zone: square-enix.com
Trusted Zone: square-enix.com
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{47DE1C02-8429-442B-A30F-C61E85BAA717} : DHCPNameServer = 192.168.0.1
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] "C:\Windows\System32\rundll32.exe" C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2015-12-15 672104]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2015-12-15 28008]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2015-4-22 20464]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2015-11-13 289120]
R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [2015-12-16 936728]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-14 27136]
R2 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2016-5-26 1165368]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [2015-12-20 28552]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2014-4-30 154584]
R2 LavasoftAdAwareService11;Ad-Aware Service 11;C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.11.898.9090\AdAwareService.exe [2016-6-10 730496]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2016-5-26 1881144]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2016-5-26 2522680]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2016-6-11 1738168]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2016-6-11 2088408]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2016-6-11 171928]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe [2016-5-26 426040]
R3 AFXfilt;AFXfilt;C:\Windows\System32\drivers\afxfilt.sys [2015-12-15 25088]
R3 cthdb;Sound Blaster Audio Controller Driver;C:\Windows\System32\drivers\cthdb.sys [2015-12-15 25088]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2015-4-22 383984]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2015-12-15 795120]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2015-3-4 133816]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2016-1-29 374344]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2016-5-26 28216]
R3 NvStreamNetworkSvc;NVIDIA Streamer Network Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [2016-5-26 3634232]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2016-5-26 56384]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2015-12-15 940760]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-12 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2016-5-11 114688]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2014-2-1 887232]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-8-23 19456]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2013-8-23 29696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-8-23 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-8-23 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2015-12-19 1255736]
.
=============== Created Last 30 ================
.
2016-06-13 09:39:23 11895896 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F124CD36-6A3F-401D-AD48-417E9E076E4D}\mpengine.dll
2016-06-13 09:39:11 11895896 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2016-06-11 15:36:27 -------- d-----w- C:\Program Files\CCleaner
2016-06-11 15:12:16 -------- d-----w- C:\Program Files\Common Files\AV
2016-06-11 15:10:37 21040 ----a-w- C:\Windows\System32\sdnclean64.exe
2016-06-11 15:10:36 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2016-06-11 15:10:33 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-06-11 15:09:50 -------- d-----w- C:\Users\Peter\AppData\Local\Programs
2016-06-11 08:05:03 -------- d-----w- C:\Program Files\Common Files\Lavasoft
2016-06-10 11:51:09 -------- d-----w- C:\Users\Peter\AppData\Roaming\WinPatrol
2016-06-10 08:46:58 -------- d-----w- C:\Users\Peter\AppData\Roaming\LavasoftStatistics
2016-06-10 08:46:22 -------- d-----w- C:\Program Files\Lavasoft
2016-05-27 17:43:50 -------- d-----w- C:\Program Files (x86)\Microsoft ASP.NET
2016-05-26 12:33:13 -------- d-----w- C:\Users\Peter\AppData\Local\NVIDIA Corporation
2016-05-26 12:32:09 1767944 ----a-w- C:\Windows\System32\nvspcap64.dll
2016-05-26 12:32:09 1756608 ----a-w- C:\Windows\System32\nvspbridge64.dll
2016-05-26 12:32:09 1377800 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2016-05-26 12:32:09 1316184 ----a-w- C:\Windows\SysWow64\nvspbridge.dll
2016-05-26 12:32:09 112032 ----a-w- C:\Windows\System32\NvRtmpStreamer64.dll
2016-05-26 12:31:45 113208 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2016-05-26 12:31:03 83512 ----a-w- C:\Windows\System32\nv3dappshextr.dll
2016-05-26 12:31:03 531904 ----a-w- C:\Windows\System32\nv3dappshext.dll
2016-05-26 12:19:45 -------- d-----w- C:\Users\Peter\AppData\Local\NVIDIA
2016-05-26 11:32:36 121488 ----a-w- C:\Windows\System32\OpenCL.dll
2016-05-26 11:32:36 113808 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2016-05-26 11:24:37 -------- d-----w- C:\Windows\SysWow64\GWX
2016-05-26 11:24:37 -------- d-----w- C:\Windows\System32\GWX
2016-05-22 08:58:13 1167568 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E082D2FA-12BA-45CE-99C0-8C350B1921B3}\gapaengine.dll
.
==================== Find3M ====================
.
2016-05-21 21:10:34 46024 ----a-w- C:\Windows\System32\nvhdap64.dll
2016-05-21 21:10:34 1581624 ----a-w- C:\Windows\System32\nvhdagenco64.dll
2016-05-21 21:10:34 141256 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2016-05-20 02:11:23 6346688 ----a-w- C:\Windows\System32\nvcpl.dll
2016-05-20 02:11:23 2454976 ----a-w- C:\Windows\System32\nvsvc64.dll
2016-05-20 02:11:21 69568 ----a-w- C:\Windows\System32\nvshext.dll
2016-05-20 02:11:21 393784 ----a-w- C:\Windows\System32\nvmctray.dll
2016-05-20 02:11:21 1762752 ----a-w- C:\Windows\System32\nvsvcr.dll
2016-05-20 02:11:21 1352760 ----a-w- C:\Windows\System32\nvvsvc.exe
2016-05-18 23:25:24 6448223 ----a-w- C:\Windows\System32\nvcoproc.bin
2016-04-28 16:20:32 485512 ----a-w- C:\Windows\System32\drivers\Trufos.sys
2016-04-23 05:16:10 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2016-04-23 05:16:00 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2016-04-23 05:01:23 66560 ----a-w- C:\Windows\System32\iesetup.dll
2016-04-23 05:00:39 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2016-04-23 05:00:32 417792 ----a-w- C:\Windows\System32\html.iec
2016-04-23 05:00:10 571904 ----a-w- C:\Windows\System32\vbscript.dll
2016-04-23 05:00:01 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2016-04-23 04:47:35 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2016-04-23 04:47:34 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2016-04-23 04:47:20 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2016-04-23 04:46:47 6052352 ----a-w- C:\Windows\System32\jscript9.dll
2016-04-23 04:40:13 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2016-04-23 04:29:15 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2016-04-23 04:20:51 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2016-04-23 04:08:47 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2016-04-23 04:08:47 497152 ----a-w- C:\Windows\SysWow64\vbscript.dll
2016-04-23 04:08:09 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2016-04-23 04:07:58 341504 ----a-w- C:\Windows\SysWow64\html.iec
2016-04-23 04:07:05 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2016-04-23 04:06:09 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2016-04-23 04:05:05 2131968 ----a-w- C:\Windows\System32\inetcpl.cpl
2016-04-23 03:58:33 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2016-04-23 03:58:14 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2016-04-23 03:51:54 2596864 ----a-w- C:\Windows\System32\wininet.dll
2016-04-23 03:45:54 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2016-04-23 03:36:58 4611072 ----a-w- C:\Windows\SysWow64\jscript9.dll
2016-04-23 03:30:55 2056192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2016-04-23 03:30:34 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2016-04-23 03:12:38 2121216 ----a-w- C:\Windows\SysWow64\wininet.dll
2016-04-22 07:57:45 453288 ------w- C:\Windows\System32\MpSigStub.exe
2016-04-14 13:49:13 603648 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2016-04-14 13:21:17 647680 ----a-w- C:\Windows\System32\d3d10level9.dll
2016-04-14 05:38:19 56384 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
2016-04-14 05:38:11 113216 ----a-w- C:\Windows\System32\nvaudcap64v.dll
2016-04-14 05:38:09 102976 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
2016-04-09 07:02:34 631176 ----a-w- C:\Windows\System32\winresume.efi
2016-04-09 07:01:44 706280 ----a-w- C:\Windows\System32\winload.efi
2016-04-09 07:01:43 5546216 ----a-w- C:\Windows\System32\ntoskrnl.exe
2016-04-09 07:01:42 95464 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2016-04-09 07:01:42 154344 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2016-04-09 07:01:41 986344 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2016-04-09 07:01:41 264936 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2016-04-09 06:59:48 3998952 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2016-04-09 06:59:48 3943144 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2016-04-09 06:59:27 1732864 ----a-w- C:\Windows\System32\ntdll.dll
2016-04-09 06:57:59 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2016-04-09 06:54:54 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2016-04-09 05:52:09 148480 ----a-w- C:\Windows\System32\appidpolicyconverter.exe
2016-04-09 05:52:04 62464 ----a-w- C:\Windows\System32\drivers\appid.sys
2016-04-09 05:52:04 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
2016-04-09 05:51:21 64000 ----a-w- C:\Windows\System32\auditpol.exe
2016-04-09 05:49:33 3217408 ----a-w- C:\Windows\System32\win32k.sys
2016-04-09 05:48:16 338432 ----a-w- C:\Windows\System32\conhost.exe
2016-04-09 05:47:23 296960 ----a-w- C:\Windows\System32\rstrui.exe
2016-04-09 05:44:39 159744 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2016-04-09 05:44:06 291328 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2016-04-09 05:44:03 129536 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2016-04-09 05:43:20 30720 ----a-w- C:\Windows\System32\lsass.exe
2016-04-09 05:43:17 112640 ----a-w- C:\Windows\System32\smss.exe
2016-04-09 05:42:19 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2016-04-09 05:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2016-04-09 05:38:24 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2016-04-09 05:38:24 2048 ----a-w- C:\Windows\SysWow64\user.exe
2016-04-09 05:38:24 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2016-04-09 05:37:37 36352 ----a-w- C:\Windows\SysWow64\cryptbase.dll
2016-04-09 05:37:29 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2016-04-09 05:37:29 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-09 05:37:29 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2016-04-09 05:37:29 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2016-04-09 04:20:04 1230848 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2016-04-09 03:52:25 1424896 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2016-04-06 15:27:53 24576 ----a-w- C:\Windows\System32\jnwmon.dll
2016-04-04 18:14:06 38120 ----a-w- C:\Windows\System32\CompatTelRunner.exe
2016-04-04 18:02:17 1169408 ----a-w- C:\Windows\System32\aeinv.dll
2016-04-02 13:08:13 1386496 ----a-w- C:\Windows\System32\appraiser.dll
2016-03-23 14:02:01 215040 ----a-w- C:\Windows\System32\aepic.dll
2016-03-17 22:56:24 2084864 ----a-w- C:\Windows\System32\ole32.dll
2016-03-17 22:28:21 1414144 ----a-w- C:\Windows\SysWow64\ole32.dll
2016-03-17 18:04:39 698368 ----a-w- C:\Windows\System32\generaltel.dll
2016-03-17 18:04:39 499200 ----a-w- C:\Windows\System32\devinv.dll
2016-03-17 18:04:39 279040 ----a-w- C:\Windows\System32\invagent.dll
2016-03-17 18:04:38 76800 ----a-w- C:\Windows\System32\acmigration.dll
2016-03-16 18:50:06 156672 ----a-w- C:\Windows\System32\mtxoci.dll
2016-03-16 18:28:15 111616 ----a-w- C:\Windows\SysWow64\mtxoci.dll
2016-03-16 18:28:12 176128 ----a-w- C:\Windows\SysWow64\msorcl32.dll
.
============= FINISH: 12:23:33.82 ===============
Ad-aware anti virus and Microsoft Security Essentials are both antivirus programs.
We need to remove one, your choice of course or, we'll run into problems trying to continue.
Please back up your registry!
Backup the Registry:
Credit: Dakeyras
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.
Please download the installer for Registry Backup from here (http://www.bleepingcomputer.com/download/registry-backup/) or here (http://www.tweaking.com/files/setups/tweaking.com_registry_backup_setup.exe) and save to your desktop.
Right-click on tweaking.com_registry_backup_setup.exe and select Run as Administrator >> Follow the prompts for a default installation
Ensure the option Open "Tweaking.com - Registry Backup" When Install Completes is selected >> Next > >> Finish
Once the GUI(graphical user interface) has appeared/loaded:-
http://i280.photobucket.com/albums/kk173/Dakeyras_album2/TCRB-1.jpg
Click on Backup Now >> once the process is complete the below will be displayed in the GUI:-
http://i280.photobucket.com/albums/kk173/Dakeyras_album2/TBRB-2.jpg
Close Tweaking.com - Registry Backup
Note: There will now be a folder at the root of the Hard-Drive named C:\RegBackup, do not delete this as it is the actual backup just created.
A tutorial for Registry Backup explaining the various features be viewed HERE (http://www.malwareremoval.com/forum/viewtopic.php?f=4&t=61325)
``````````````````````````````````````````````````````
Instruction for producing the Farbar Recovery Scan Tool (FRST) and aswMBR logs
Farbar Log
Please download Farbar Recovery Scan Tool (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/) and save it to your desktop.
Note:
You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
(A simple way to check your system: Start --> Computer (right click) --> Properties
How to determine whether a computer is running a 32-bit version or 64-bit version (http://support.microsoft.com/kb/827218)of the Windows operating system
Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Please make sure All Users is checked
Do not check
*List BCD
*Drivers MD5
*Shortcut txt
Or your logs will be too long to post.
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please don't run the Farbar Recovery Scan Tool (FRST.txt) from your "Downloads" folder or from "Temporary Internet Files"
Please copy and paste log into your topic.
The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please attach that along with the FRST.txt into your reply.
aswMBR Log
Important! Please do NOT perform any fix options offered in aswMBR, we just need to see the report.
Please download aswMBR (http://public.avast.com/%7Egmerek/aswMBR.exe) to your desktop.
Double click the aswMBR icon to run it.
If a prompt stating: The computer supports "Virtualization Technology" appears select Yes
Click the Scan button to start scan.
If you are asked to update the Avast Virus database please allow it to do so.
When it finishes, press the Save Log button, save the logfile to your desktop and post its contents in your reply with the Farbar (FRST) log.
Hi Juliet
Thanks for prompt reply. Ad-aware has been removed from PC and the rest of your instructions followed. All results below. There has been a MBR.dat file placed on my desktop, but I am unable to open. Hope you don't need that file.
Kind Regards
Hissy1
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2016
Ran by Peter (administrator) on PETER-PC (15-06-2016 12:55:28)
Running from C:\Users\Peter\Desktop
Loaded Profiles: Peter (Available Profiles: Peter)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
() C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7640944 2014-09-29] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-05-02] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [293872 2014-08-25] (Intel Corporation)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2546382144-2696063910-1601117367-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8722136 2016-06-01] (Piriform Ltd)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{47DE1C02-8429-442B-A30F-C61E85BAA717}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKU\S-1-5-21-2546382144-2696063910-1601117367-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE07&ocid=UE07DHP
HKU\S-1-5-21-2546382144-2696063910-1601117367-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-gb/?pc=UE07&ocid=UE07DHP
SearchScopes: HKLM -> DefaultScope {815F01B9-B66F-4471-AF07-A4CF73FA1179} URL = hxxp://uk.yhs4.search.yahoo.com/yhs/search?hspart=appattach&hsimp=yhs-appattach&type=493&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {815F01B9-B66F-4471-AF07-A4CF73FA1179} URL = hxxp://uk.yhs4.search.yahoo.com/yhs/search?hspart=appattach&hsimp=yhs-appattach&type=493&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {815F01B9-B66F-4471-AF07-A4CF73FA1179} URL = hxxp://uk.yhs4.search.yahoo.com/yhs/search?hspart=appattach&hsimp=yhs-appattach&type=493&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {815F01B9-B66F-4471-AF07-A4CF73FA1179} URL = hxxp://uk.yhs4.search.yahoo.com/yhs/search?hspart=appattach&hsimp=yhs-appattach&type=493&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2546382144-2696063910-1601117367-1000 -> {815F01B9-B66F-4471-AF07-A4CF73FA1179} URL =
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-04-30] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-04-30] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-05-20] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-05-20] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-19]
CHR Extension: (Google Docs) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-19]
CHR Extension: (Google Drive) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-19]
CHR Extension: (YouTube) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-19]
CHR Extension: (Google Search) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-19]
CHR Extension: (Google Sheets) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-19]
CHR Extension: (Google Docs Offline) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Extension: (Gmail) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-19]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2014-01-28] ()
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1165368 2016-05-02] (NVIDIA Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [28552 2016-04-26] (Hewlett-Packard Company)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-02-01] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-04-30] (Intel Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-05-02] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-05-02] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-05-02] (NVIDIA Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-08-30] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AFXfilt; C:\Windows\System32\drivers\AFXfilt.sys [25088 2013-06-04] (Creative Technology Ltd.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-01-28] ()
R3 cthdb; C:\Windows\System32\DRIVERS\cthdb.sys [25088 2013-07-03] (Creative Technology Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2014-05-02] (Intel Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [118272 2014-04-30] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-05-02] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-06-15 12:55 - 2016-06-15 12:55 - 00011842 _____ C:\Users\Peter\Desktop\FRST.txt
2016-06-15 12:54 - 2016-06-15 12:55 - 00000000 ____D C:\FRST
2016-06-15 12:50 - 2016-06-15 12:49 - 02385920 _____ (Farbar) C:\Users\Peter\Desktop\FRST64.exe
2016-06-15 12:49 - 2016-06-15 12:49 - 02385920 _____ (Farbar) C:\Users\Peter\Downloads\FRST64.exe
2016-06-15 12:48 - 2016-06-15 12:48 - 00000207 _____ C:\Windows\tweaking.com-regbackup-PETER-PC-Windows-7-Home-Premium-(64-bit).dat
2016-06-15 12:48 - 2016-06-15 12:48 - 00000000 ____D C:\RegBackup
2016-06-15 12:47 - 2016-06-15 12:48 - 00017985 _____ C:\Windows\Tweaking.com - Registry Backup Setup Log.txt
2016-06-15 12:47 - 2016-06-15 12:47 - 00002246 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2016-06-15 12:47 - 2016-06-15 12:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2016-06-15 12:47 - 2016-06-15 12:47 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2016-06-15 12:44 - 2016-06-15 12:44 - 05523840 _____ (Tweaking.com) C:\Users\Peter\Desktop\tweaking.com_registry_backup_setup.exe
2016-06-15 09:33 - 2016-06-06 17:58 - 00041704 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-06-15 09:33 - 2016-06-06 17:50 - 01204224 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-06-15 09:33 - 2016-06-03 14:05 - 01413120 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-06-15 09:33 - 2016-05-27 14:06 - 00569856 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-06-15 09:33 - 2016-05-27 14:06 - 00544256 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-06-15 09:33 - 2016-05-27 14:06 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-06-15 09:33 - 2016-05-27 14:06 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-06-15 09:33 - 2016-05-24 00:37 - 00394960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-06-15 09:33 - 2016-05-23 23:54 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-06-15 09:33 - 2016-05-22 14:06 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-06-15 09:33 - 2016-05-21 18:28 - 25802752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-06-15 09:33 - 2016-05-21 17:57 - 20341248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-06-15 09:33 - 2016-05-20 23:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-06-15 09:33 - 2016-05-20 23:27 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-06-15 09:33 - 2016-05-20 23:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-06-15 09:33 - 2016-05-20 23:10 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-06-15 09:33 - 2016-05-20 23:09 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-06-15 09:33 - 2016-05-20 23:09 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-06-15 09:33 - 2016-05-20 23:09 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-06-15 09:33 - 2016-05-20 23:08 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-06-15 09:33 - 2016-05-20 23:08 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-06-15 09:33 - 2016-05-20 23:02 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-06-15 09:33 - 2016-05-20 23:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-06-15 09:33 - 2016-05-20 22:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-06-15 09:33 - 2016-05-20 22:57 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-06-15 09:33 - 2016-05-20 22:57 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-06-15 09:33 - 2016-05-20 22:57 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-06-15 09:33 - 2016-05-20 22:56 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-06-15 09:33 - 2016-05-20 22:56 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-06-15 09:33 - 2016-05-20 22:55 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-06-15 09:33 - 2016-05-20 22:54 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-06-15 09:33 - 2016-05-20 22:54 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-06-15 09:33 - 2016-05-20 22:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-06-15 09:33 - 2016-05-20 22:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-06-15 09:33 - 2016-05-20 22:50 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-06-15 09:33 - 2016-05-20 22:49 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-06-15 09:33 - 2016-05-20 22:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-06-15 09:33 - 2016-05-20 22:45 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-06-15 09:33 - 2016-05-20 22:45 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-06-15 09:33 - 2016-05-20 22:44 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-06-15 09:33 - 2016-05-20 22:44 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-06-15 09:33 - 2016-05-20 22:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-06-15 09:33 - 2016-05-20 22:41 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-06-15 09:33 - 2016-05-20 22:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-06-15 09:33 - 2016-05-20 22:33 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-06-15 09:33 - 2016-05-20 22:32 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-06-15 09:33 - 2016-05-20 22:29 - 13815808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-06-15 09:33 - 2016-05-20 22:28 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-06-15 09:33 - 2016-05-20 22:27 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-06-15 09:33 - 2016-05-20 22:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-06-15 09:33 - 2016-05-20 22:26 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-06-15 09:33 - 2016-05-20 22:25 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-06-15 09:33 - 2016-05-20 22:23 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-06-15 09:33 - 2016-05-20 22:23 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-06-15 09:33 - 2016-05-20 22:22 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-06-15 09:33 - 2016-05-20 22:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-06-15 09:33 - 2016-05-20 22:19 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-06-15 09:33 - 2016-05-20 22:14 - 04610048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-06-15 09:33 - 2016-05-20 22:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-06-15 09:33 - 2016-05-20 22:11 - 15420928 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-06-15 09:33 - 2016-05-20 22:11 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-06-15 09:33 - 2016-05-20 22:09 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-06-15 09:33 - 2016-05-20 22:09 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-06-15 09:33 - 2016-05-20 22:08 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-06-15 09:33 - 2016-05-20 22:08 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-06-15 09:33 - 2016-05-20 22:07 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-06-15 09:33 - 2016-05-20 22:07 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-06-15 09:33 - 2016-05-20 22:06 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-06-15 09:33 - 2016-05-20 21:46 - 02597888 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-06-15 09:33 - 2016-05-20 21:42 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-06-15 09:33 - 2016-05-20 21:38 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-06-15 09:33 - 2016-05-20 21:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-06-15 09:33 - 2016-05-20 21:34 - 01544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-06-15 09:33 - 2016-05-20 21:23 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-06-15 09:33 - 2016-05-18 17:10 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-06-15 09:33 - 2016-05-18 17:09 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-06-15 09:33 - 2016-05-13 23:15 - 00382184 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-06-15 09:33 - 2016-05-13 23:09 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-06-15 09:33 - 2016-05-13 23:09 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-06-15 09:33 - 2016-05-13 23:09 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-06-15 09:33 - 2016-05-13 23:09 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-06-15 09:33 - 2016-05-13 22:54 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-06-15 09:33 - 2016-05-13 22:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-06-15 09:33 - 2016-05-13 22:49 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-06-15 09:33 - 2016-05-13 22:49 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-06-15 09:33 - 2016-05-13 22:27 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-06-15 09:33 - 2016-05-12 18:20 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-06-15 09:33 - 2016-05-12 18:20 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-06-15 09:33 - 2016-05-12 18:15 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-06-15 09:33 - 2016-05-12 18:15 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-06-15 09:33 - 2016-05-12 18:15 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\winipsec.dll
2016-06-15 09:33 - 2016-05-12 18:15 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-06-15 09:33 - 2016-05-12 18:15 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-06-15 09:33 - 2016-05-12 18:15 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-06-15 09:33 - 2016-05-12 18:14 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-06-15 09:33 - 2016-05-12 18:14 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-06-15 09:33 - 2016-05-12 18:14 - 00794624 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2016-06-15 09:33 - 2016-05-12 18:14 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-06-15 09:33 - 2016-05-12 18:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-06-15 09:33 - 2016-05-12 18:14 - 00502272 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2016-06-15 09:33 - 2016-05-12 18:14 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-06-15 09:33 - 2016-05-12 18:14 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2016-06-15 09:33 - 2016-05-12 18:14 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-06-15 09:33 - 2016-05-12 18:14 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-06-15 09:33 - 2016-05-12 18:14 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-06-15 09:33 - 2016-05-12 18:14 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-06-15 09:33 - 2016-05-12 18:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-06-15 09:33 - 2016-05-12 18:14 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2016-06-15 09:33 - 2016-05-12 18:14 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2016-06-15 09:33 - 2016-05-12 18:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-06-15 09:33 - 2016-05-12 18:14 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-06-15 09:33 - 2016-05-12 18:14 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-06-15 09:33 - 2016-05-12 18:14 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-06-15 09:33 - 2016-05-12 16:18 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-06-15 09:33 - 2016-05-12 16:18 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-06-15 09:33 - 2016-05-12 16:18 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-06-15 09:33 - 2016-05-12 16:18 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-06-15 09:33 - 2016-05-12 16:18 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll
2016-06-15 09:33 - 2016-05-12 16:18 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-06-15 09:33 - 2016-05-12 16:18 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-06-15 09:33 - 2016-05-12 16:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-06-15 09:33 - 2016-05-12 16:18 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-06-15 09:33 - 2016-05-12 16:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-06-15 09:33 - 2016-05-12 16:18 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-06-15 09:33 - 2016-05-12 16:18 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-06-15 09:33 - 2016-05-12 16:18 - 00079360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2016-06-15 09:33 - 2016-05-12 16:18 - 00070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winipsec.dll
2016-06-15 09:33 - 2016-05-12 16:18 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-06-15 09:33 - 2016-05-12 16:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-06-15 09:33 - 2016-05-12 16:18 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
2016-06-15 09:33 - 2016-05-12 16:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-06-15 09:33 - 2016-05-12 16:18 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-06-15 09:33 - 2016-05-12 16:18 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-06-15 09:33 - 2016-05-12 16:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-06-15 09:33 - 2016-05-12 16:03 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-06-15 09:33 - 2016-05-12 15:58 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-06-15 09:33 - 2016-05-12 15:58 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-06-15 09:33 - 2016-05-12 15:58 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-06-15 09:33 - 2016-05-12 15:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-06-15 09:33 - 2016-05-12 15:58 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-06-15 09:33 - 2016-05-12 15:58 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-06-15 09:33 - 2016-05-12 15:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-06-15 09:33 - 2016-05-12 15:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-06-15 09:33 - 2016-05-12 15:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-06-15 09:33 - 2016-05-12 14:05 - 00459640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-06-15 09:33 - 2016-05-12 14:05 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-06-15 09:33 - 2016-05-12 14:04 - 00249352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-06-15 09:33 - 2016-05-11 18:02 - 00483840 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2016-06-15 09:33 - 2016-05-11 18:02 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-06-15 09:33 - 2016-05-11 18:02 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2016-06-15 09:33 - 2016-05-11 18:02 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2016-06-15 09:33 - 2016-05-11 16:19 - 00363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2016-06-15 09:33 - 2016-05-11 16:19 - 00351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-06-15 09:33 - 2016-05-11 16:19 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2016-06-15 09:33 - 2016-05-11 16:19 - 00206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2016-06-15 09:33 - 2016-05-11 16:11 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
2016-06-15 09:33 - 2016-05-11 16:01 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe
2016-06-15 09:33 - 2016-05-11 15:58 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2016-06-15 09:33 - 2016-04-14 17:46 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-06-15 09:33 - 2016-04-14 17:42 - 03243520 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-06-15 09:33 - 2016-04-14 17:42 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-06-15 09:33 - 2016-04-14 17:42 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-06-15 09:33 - 2016-04-14 17:42 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-06-15 09:33 - 2016-04-14 17:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-06-15 09:33 - 2016-04-14 16:33 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-06-15 09:33 - 2016-04-14 16:33 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-06-15 09:33 - 2016-04-14 16:33 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2016-06-15 09:33 - 2016-04-14 16:33 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2016-06-15 09:33 - 2016-04-14 16:19 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-06-15 09:33 - 2016-04-14 16:11 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2016-06-15 09:33 - 2016-04-09 07:58 - 14186496 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-06-15 09:33 - 2016-04-09 07:57 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-06-15 09:33 - 2016-04-09 07:54 - 12881408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-06-15 09:33 - 2016-04-09 07:54 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-06-15 09:33 - 2016-04-09 06:53 - 03231232 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-06-15 09:33 - 2016-04-09 06:44 - 02973184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-06-15 09:33 - 2016-03-09 20:00 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2016-06-15 09:33 - 2016-03-09 19:40 - 00316416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2016-06-14 12:23 - 2016-06-14 12:23 - 00019175 _____ C:\Users\Peter\Desktop\dds.txt
2016-06-14 12:23 - 2016-06-14 12:23 - 00003954 _____ C:\Users\Peter\Desktop\attach.txt
2016-06-11 16:49 - 2016-06-11 16:49 - 00688992 ____R (Swearware) C:\Users\Peter\Downloads\dds (1).scr
2016-06-11 16:36 - 2016-06-11 16:36 - 06893008 _____ (Piriform Ltd) C:\Users\Peter\Downloads\ccsetup518.exe
2016-06-11 16:36 - 2016-06-11 16:36 - 00002790 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-06-11 16:36 - 2016-06-11 16:36 - 00000829 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-06-11 16:36 - 2016-06-11 16:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-06-11 16:36 - 2016-06-11 16:36 - 00000000 ____D C:\Program Files\CCleaner
2016-06-11 16:29 - 2016-06-11 16:29 - 00000422 _____ C:\Users\Peter\Documents\cc_20160611_162924.reg
2016-06-11 16:12 - 2016-06-11 16:12 - 00000000 ____D C:\Program Files\Common Files\AV
2016-06-11 16:12 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2016-06-11 16:11 - 2016-06-11 16:11 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2016-06-11 16:10 - 2016-06-11 16:27 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-06-11 16:10 - 2016-06-11 16:13 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-06-11 16:10 - 2016-06-11 16:10 - 00001402 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-06-11 16:10 - 2016-06-11 16:10 - 00001390 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2016-06-11 16:10 - 2016-06-11 16:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-06-11 16:10 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2016-06-11 16:09 - 2016-06-11 16:09 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Peter\Downloads\spybot-2.4.exe
2016-06-10 12:58 - 2016-06-10 12:58 - 00388608 _____ (Trend Micro Inc.) C:\Users\Peter\Downloads\HijackThis.exe
2016-06-10 12:51 - 2016-06-10 12:55 - 00000000 ____D C:\Users\Peter\AppData\Roaming\WinPatrol
2016-06-10 12:50 - 2016-06-10 12:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2016-06-10 12:49 - 2016-06-10 12:49 - 01292424 _____ (Ruiware) C:\Users\Peter\Downloads\wpsetup.exe
2016-06-10 09:54 - 2016-06-10 09:54 - 00000000 ____D C:\Users\Peter\AppData\Roaming\Lavasoft
2016-06-10 09:46 - 2016-06-10 09:46 - 00000000 ____D C:\Users\Peter\AppData\Roaming\LavasoftStatistics
2016-06-10 09:46 - 2016-06-10 09:46 - 00000000 ____D C:\Program Files\Lavasoft
2016-06-10 09:44 - 2016-06-10 09:44 - 02085168 _____ C:\Users\Peter\Downloads\Adaware_Installer.exe
2016-06-10 09:44 - 2016-06-10 09:44 - 00000000 ____D C:\ProgramData\Lavasoft
2016-06-02 12:17 - 2016-06-02 12:17 - 00001030 _____ C:\Users\Peter\Documents\cc_20160602_121726.reg
2016-05-27 18:43 - 2016-05-27 18:43 - 00000000 ____D C:\Program Files (x86)\Microsoft ASP.NET
2016-05-26 13:38 - 2016-05-26 13:38 - 00001388 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2016-05-26 13:33 - 2016-05-26 13:38 - 00000000 ____D C:\Users\Peter\AppData\Local\NVIDIA Corporation
2016-05-26 13:32 - 2016-05-26 13:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-05-26 13:32 - 2016-05-02 06:39 - 01377800 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2016-05-26 13:32 - 2016-05-02 06:39 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2016-05-26 13:32 - 2016-05-02 06:38 - 01767944 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2016-05-26 13:32 - 2016-05-02 06:38 - 01756608 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2016-05-26 13:32 - 2016-05-02 06:38 - 00112032 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2016-05-26 13:31 - 2016-05-20 03:11 - 00531904 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2016-05-26 13:31 - 2016-05-20 03:11 - 00083512 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2016-05-26 13:31 - 2016-05-20 02:45 - 00113208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2016-05-26 13:30 - 2016-05-26 13:31 - 00000000 ____D C:\ProgramData\Package Cache
2016-05-26 13:30 - 2016-05-21 22:10 - 01581624 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco64.dll
2016-05-26 13:30 - 2016-05-21 22:10 - 00141256 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2016-05-26 13:30 - 2016-05-21 22:10 - 00046024 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2016-05-26 13:30 - 2016-05-20 08:01 - 39979576 _____ C:\Windows\system32\nvcompiler.dll
2016-05-26 13:30 - 2016-05-20 08:01 - 35117112 _____ C:\Windows\SysWOW64\nvcompiler.dll
2016-05-26 13:30 - 2016-05-20 08:01 - 31600696 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2016-05-26 13:30 - 2016-05-20 08:01 - 25372096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2016-05-26 13:30 - 2016-05-20 08:01 - 21794064 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2016-05-26 13:30 - 2016-05-20 08:01 - 21336720 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2016-05-26 13:30 - 2016-05-20 08:01 - 18138232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2016-05-26 13:30 - 2016-05-20 08:01 - 17732936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2016-05-26 13:30 - 2016-05-20 08:01 - 17236560 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2016-05-26 13:30 - 2016-05-20 08:01 - 16693208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2016-05-26 13:30 - 2016-05-20 08:01 - 14293592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2016-05-26 13:30 - 2016-05-20 08:01 - 13412408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2016-05-26 13:30 - 2016-05-20 08:01 - 10642728 _____ C:\Windows\system32\nvptxJitCompiler.dll
2016-05-26 13:30 - 2016-05-20 08:01 - 08733096 _____ C:\Windows\SysWOW64\nvptxJitCompiler.dll
2016-05-26 13:30 - 2016-05-20 08:01 - 03825384 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2016-05-26 13:30 - 2016-05-20 08:01 - 03447232 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2016-05-26 13:30 - 2016-05-20 08:01 - 03383448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2016-05-26 13:30 - 2016-05-20 08:01 - 03001792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2016-05-26 13:30 - 2016-05-20 08:01 - 01922496 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6436822.dll
2016-05-26 13:30 - 2016-05-20 08:01 - 01573432 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6436822.dll
2016-05-26 13:30 - 2016-05-20 08:01 - 00984512 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2016-05-26 13:30 - 2016-05-20 08:01 - 00911416 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2016-05-26 13:30 - 2016-05-20 08:01 - 00770496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2016-05-26 13:30 - 2016-05-20 08:01 - 00708032 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2016-05-26 13:30 - 2016-05-20 08:01 - 00669952 _____ C:\Windows\system32\nvfatbinaryLoader.dll
2016-05-26 13:30 - 2016-05-20 08:01 - 00565392 _____ C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2016-05-26 13:30 - 2016-05-20 08:01 - 00501384 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2016-05-26 13:30 - 2016-05-20 08:01 - 00476848 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2016-05-26 13:30 - 2016-05-20 08:01 - 00423360 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2016-05-26 13:30 - 2016-05-20 08:01 - 00422240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2016-05-26 13:30 - 2016-05-20 08:01 - 00394912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2016-05-26 13:30 - 2016-05-20 08:01 - 00379448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2016-05-26 13:30 - 2016-05-20 08:01 - 00177952 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2016-05-26 13:30 - 2016-05-20 08:01 - 00155768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2016-05-26 13:30 - 2016-05-20 08:01 - 00153232 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2016-05-26 13:30 - 2016-05-20 08:01 - 00131584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2016-05-26 13:30 - 2016-05-20 08:01 - 00000594 _____ C:\Windows\SysWOW64\nv-vk32.json
2016-05-26 13:30 - 2016-05-20 08:01 - 00000594 _____ C:\Windows\system32\nv-vk64.json
2016-05-26 13:30 - 2016-04-14 06:38 - 00113216 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2016-05-26 13:30 - 2016-04-14 06:38 - 00102976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2016-05-26 13:30 - 2016-04-14 06:38 - 00056384 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2016-05-26 13:21 - 2016-05-26 13:26 - 366084144 _____ (NVIDIA Corporation) C:\Users\Peter\Downloads\368.22-desktop-win8-win7-winvista-64bit-international-whql.exe
2016-05-26 13:19 - 2016-05-26 13:38 - 00000000 ____D C:\Users\Peter\AppData\Local\NVIDIA
2016-05-26 12:32 - 2015-11-10 02:52 - 00121488 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2016-05-26 12:32 - 2015-11-10 02:52 - 00113808 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2016-05-26 12:24 - 2016-05-26 12:24 - 00000000 ____D C:\Windows\SysWOW64\GWX
2016-05-26 12:24 - 2016-05-26 12:24 - 00000000 ____D C:\Windows\system32\GWX
2016-05-22 12:29 - 2016-05-22 12:29 - 00000168 _____ C:\Users\Peter\Downloads\ATT00001.htm
2016-05-22 12:28 - 2016-05-22 12:29 - 01427487 _____ C:\Users\Peter\Downloads\H16ASTR-2696662.pdf
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-06-15 12:50 - 2009-07-14 05:45 - 00021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-15 12:50 - 2009-07-14 05:45 - 00021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-15 12:48 - 2009-07-14 06:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-15 12:48 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-06-15 12:42 - 2015-12-19 12:08 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-15 12:42 - 2015-12-16 01:47 - 00000000 ____D C:\ProgramData\NVIDIA
2016-06-15 12:42 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-15 12:35 - 2015-12-19 13:54 - 00000000 ____D C:\Windows\system32\appraiser
2016-06-15 12:35 - 2009-07-14 05:45 - 00272016 _____ C:\Windows\system32\FNTCACHE.DAT
2016-06-15 11:02 - 2015-12-19 13:33 - 00000000 ____D C:\Windows\system32\MRT
2016-06-15 11:01 - 2015-12-19 13:33 - 142482544 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-06-15 10:25 - 2015-12-19 12:08 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-10 12:59 - 2015-12-19 11:20 - 00000000 ____D C:\Users\Peter\AppData\Local\VirtualStore
2016-06-07 09:26 - 2015-12-19 12:09 - 00002202 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-07 09:26 - 2015-12-19 12:09 - 00002190 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-02 09:38 - 2015-12-21 16:45 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-05-26 13:38 - 2015-12-16 01:47 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-05-26 13:32 - 2015-12-16 01:49 - 00000000 ____D C:\temp
2016-05-26 13:32 - 2015-12-16 01:47 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-05-26 13:32 - 2015-12-16 01:47 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-05-20 08:01 - 2015-12-15 17:38 - 19110968 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2016-05-20 08:01 - 2015-12-15 17:38 - 00039124 _____ C:\Windows\system32\nvinfo.pb
2016-05-20 03:11 - 2015-12-16 01:47 - 06346688 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2016-05-20 03:11 - 2015-12-16 01:47 - 02454976 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2016-05-20 03:11 - 2015-12-16 01:47 - 01762752 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2016-05-20 03:11 - 2015-12-16 01:47 - 01352760 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2016-05-20 03:11 - 2015-12-16 01:47 - 00393784 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2016-05-20 03:11 - 2015-12-16 01:47 - 00069568 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2016-05-19 11:35 - 2009-07-14 06:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-05-19 00:25 - 2015-12-16 01:47 - 06448223 _____ C:\Windows\system32\nvcoproc.bin
==================== Files in the root of some directories =======
2016-02-13 18:34 - 2016-02-13 18:35 - 0000000 _____ () C:\Users\Peter\AppData\Local\{39CEE1D4-A35F-457C-A11E-B0524445C792}
2015-12-22 12:27 - 2015-12-22 12:27 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-12-16 01:47 - 2015-12-16 01:47 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-06-07 09:43
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-06-2016
Ran by Peter (2016-06-15 12:55:41)
Running from C:\Users\Peter\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2015-12-19 10:20:38)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2546382144-2696063910-1601117367-500 - Administrator - Disabled)
Guest (S-1-5-21-2546382144-2696063910-1601117367-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2546382144-2696063910-1601117367-1002 - Limited - Enabled)
Peter (S-1-5-21-2546382144-2696063910-1601117367-1000 - Administrator - Enabled) => C:\Users\Peter
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated)
CCleaner (HKLM\...\CCleaner) (Version: 5.18 - Piriform)
FINAL FANTASY XIV - A Realm Reborn (HKLM-x32\...\{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.84 - Google Inc.)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
HP Deskjet 3000 J310 series Basic Device Software (HKLM\...\{8D4C9954-7EFA-4BCD-8EA0-E654E7013A40}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Support Assistant (HKLM-x32\...\{78E2C850-ADA6-420D-BA35-2F4A9BE733CC}) (Version: 8.2.8.25 - HP)
HP Support Solutions Framework (HKLM-x32\...\{E2CB09C1-3C76-4395-BB47-50C066535CF8}) (Version: 12.4.18.7 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.2.1000 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.1.41 - Intel Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller Driver 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 368.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 368.22 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.3.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.3.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 368.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 368.22 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.14 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7354 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.3.5 - NVIDIA Corporation) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.4.1 - Tweaking.com)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0FC07478-0A68-4CED-B62C-08B4BD62B52D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {376F4CB7-F942-4C90-B1D1-55B38192A53E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {4CF5C5AF-C1F2-4707-B4B9-89774B049F24} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {4D684C6C-987F-4638-970B-E934968B821F} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {61935A66-4C3C-4B1E-830D-E0BE2FB3CEC2} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {796DF25F-C191-403D-A1DC-10F7405F0A62} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-06-01] (Piriform Ltd)
Task: {80C0404A-C742-4812-A8F2-2A1B08F809CD} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {8B05AC6F-A0CE-4F2A-989C-A9CD1A4EF616} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {A65EC786-C86D-424F-B87E-005763E35891} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-19] (Google Inc.)
Task: {BB3F2C8B-6741-44CD-BDDD-01B433B83857} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {BB5EACAC-FB3A-4A8B-8A8E-585295408474} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {CD74B3B8-8B48-448E-B6A5-FE91E05FF1A0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard)
Task: {CD7C1AC6-193E-46E7-A3E2-8277CC9A7F59} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {CD7E2E2A-606E-462A-9F8E-A1F57F369CED} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-05-04] (Hewlett-Packard)
Task: {EB29E76C-80B4-466B-BBBA-67B48D09EFAB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-19] (Google Inc.)
Task: {F30BCA9C-7ADB-433A-8BC7-862912CBC111} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {F82AAE9A-10B9-41B7-A5EB-DD08E10E4B2F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2015-12-16 01:47 - 2016-05-20 03:11 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-12-16 01:47 - 2014-01-28 04:16 - 00936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
2016-05-26 13:32 - 2016-05-02 06:54 - 00369208 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-05-26 13:32 - 2016-05-02 06:54 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-05-26 13:32 - 2016-05-02 06:55 - 03613240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-05-26 13:32 - 2016-05-02 06:55 - 00289848 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-05-26 13:32 - 2016-05-02 06:55 - 02667576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-05-26 13:32 - 2016-05-02 06:55 - 01990200 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-05-26 13:32 - 2016-05-02 06:55 - 01842232 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-05-26 13:32 - 2016-05-02 06:55 - 00208952 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-05-26 13:32 - 2016-05-02 06:54 - 00035896 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-05-26 13:32 - 2016-05-02 06:54 - 00921656 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2015-12-16 01:47 - 2016-06-15 12:42 - 00034960 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\PEbiosinterface32.dll
2015-12-16 01:47 - 2014-01-28 04:16 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\ATKEX.dll
2016-06-11 16:10 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-06-11 16:10 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-06-11 16:10 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-06-11 16:10 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2016-06-11 16:10 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2016-05-26 13:32 - 2016-05-02 07:02 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2014-04-30 01:23 - 2014-04-30 01:23 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-2546382144-2696063910-1601117367-1000\...\square-enix.com -> hxxps://square-enix.com
IE trusted site: HKU\S-1-5-21-2546382144-2696063910-1601117367-1000\...\square-enix.com -> hxxp://square-enix.com
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2546382144-2696063910-1601117367-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: AdAwareTray => "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.11.898.9090\AdAwareTray.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: SpybotPostWindows10UpgradeReInstall => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{D00B400D-DCA5-4E45-8F3A-8EB27205B1B1}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{542E9AD8-5631-426F-9E3D-15CEC039DF52}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{F6D32CBC-E707-469A-A27F-06B530B92DC1}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe
FirewallRules: [{5990A8BB-9241-43C0-ADBC-DE1855847381}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe
FirewallRules: [{236BD0B2-DCF0-4A7F-A0F4-ADA0A7DCFEE6}] => (Allow) C:\Program Files\HP\HP Deskjet 3000 J310 series\Bin\DeviceSetup.exe
FirewallRules: [{EA7DAC72-153B-4D1C-BFF5-BD6608E2818D}] => (Allow) C:\Program Files\HP\HP Deskjet 3000 J310 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{BD6D2838-A964-4DB3-A41B-FD4E3B5F65D4}] => (Allow) C:\Program Files\HP\HP Deskjet 3000 J310 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{9BCECC0D-4090-4ED4-BC9C-3DB6D0A8C13A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{2E30602A-38D1-4367-AEBE-E77F73DC5BC5}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{C52A9957-A58D-4CF7-852E-4C419C42B7C2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{732FB025-4A5F-47B8-98B8-A99CC753CA7A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{F714D121-6063-4F7E-84CF-7B364F43D9A4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{9CF6B5B9-6548-48FE-9B25-3CF1DB70AA4D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{E7CD3ED0-98C8-4A51-AEA7-AB5B85B337D5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{661D1196-BB9D-4D34-925F-305ACD021C6B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Restore Points =========================
12-06-2016 09:19:21 Windows Update
15-06-2016 10:16:10 Windows Update
15-06-2016 10:58:49 Windows Update
15-06-2016 12:39:09 AA11
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/15/2016 12:42:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/15/2016 12:35:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/15/2016 08:45:03 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/14/2016 08:49:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/13/2016 10:56:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/13/2016 10:28:13 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/13/2016 10:24:50 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/13/2016 07:54:09 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/12/2016 09:08:43 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/11/2016 09:04:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (06/14/2016 08:58:44 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.
Error: (06/09/2016 09:16:56 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.223.1127.0).
Error: (06/09/2016 09:16:46 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.223.1093.0
Update Source: %NT AUTHORITY59
Update Stage: 4.9.0218.00
Source Path: 4.9.0218.01
Signature Type: %NT AUTHORITY602
Update Type: %NT AUTHORITY604
User: NT AUTHORITY\SYSTEM
Current Engine Version: %NT AUTHORITY605
Previous Engine Version: %NT AUTHORITY606
Error code: %NT AUTHORITY607
Error description: %NT AUTHORITY608
Error: (06/06/2016 05:20:44 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.
Error: (06/02/2016 12:44:29 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
An instance of the service is already running.
Error: (06/02/2016 12:43:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
Error: (06/02/2016 12:43:59 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.
Error: (05/26/2016 03:02:11 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.
Error: (05/26/2016 12:25:59 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
An instance of the service is already running.
Error: (05/26/2016 12:25:29 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-4790K CPU @ 4.00GHz
Percentage of memory in use: 27%
Total physical RAM: 16327.05 MB
Available physical RAM: 11820.17 MB
Total Virtual: 32652.28 MB
Available Virtual: 28033.88 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:105.93 GB) (Free:21.55 GB) NTFS
Drive e: () (Fixed) (Total:931.51 GB) (Free:898.87 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: BD913B68)
Partition 1: (Active) - (Size=5.9 GB) - (Type=27)
Partition 2: (Not Active) - (Size=105.9 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 7FC67238)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2016-06-15 13:14:37
-----------------------------
13:14:37.250 OS Version: Windows x64 6.1.7601 Service Pack 1
13:14:37.250 Number of processors: 8 586 0x3C03
13:14:37.250 ComputerName: PETER-PC UserName: Peter
13:14:37.437 Initialize success
13:14:37.437 VM: initialized successfully
13:14:37.437 VM: Intel CPU BiosDisabled
13:16:51.754 AVAST engine defs: 16061500
13:17:09.662 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000064
13:17:09.662 Disk 0 Vendor: KINGSTON SAFM Size: 114473MB BusType: 11
13:17:09.662 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000065
13:17:09.662 Disk 1 Vendor: WDC_____ 01.0 Size: 953869MB BusType: 11
13:17:09.662 Disk 0 MBR read successfully
13:17:09.662 Disk 0 MBR scan
13:17:09.678 Disk 0 Windows 7 default MBR code
13:17:09.678 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 6000 MB offset 2048
13:17:09.678 Disk 0 Boot: NTFS code=1
13:17:09.694 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 108471 MB offset 12290048
13:17:09.725 Disk 0 scanning C:\Windows\system32\drivers
13:17:13.313 Service scanning
13:17:22.798 Modules scanning
13:17:22.798 Disk 0 trace - called modules:
13:17:22.798 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStorF.sys storport.sys hal.dll iaStorA.sys
13:17:22.798 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800d341790]
13:17:22.798 3 CLASSPNP.SYS[fffff8800140143f] -> nt!IofCallDriver -> [0xfffffa800d17aab0]
13:17:22.798 5 iaStorF.sys[fffff88001801f84] -> nt!IofCallDriver -> \Device\00000064[0xfffffa800cc701d0]
13:17:22.985 AVAST engine scan C:\Windows
13:17:23.422 AVAST engine scan C:\Windows\system32
13:18:49.113 AVAST engine scan C:\Windows\system32\drivers
13:18:53.309 AVAST engine scan C:\Users\Peter
13:19:13.901 AVAST engine scan C:\ProgramData
13:19:20.281 Disk 0 statistics 3448795/0/0 @ 77.84 MB/s
13:19:20.281 Scan finished successfully
13:19:27.270 Disk 0 MBR has been saved successfully to "C:\Users\Peter\Desktop\MBR.dat"
13:19:27.286 The log file has been saved successfully to "C:\Users\Peter\Desktop\aswMBR.txt"
Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)
https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG
start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2546382144-2696063910-1601117367-1000 -> {815F01B9-B66F-4471-AF07-A4CF73FA1179} URL =
Task: {4CF5C5AF-C1F2-4707-B4B9-89774B049F24} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {4D684C6C-987F-4638-970B-E934968B821F} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {61935A66-4C3C-4B1E-830D-E0BE2FB3CEC2} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {80C0404A-C742-4812-A8F2-2A1B08F809CD} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {BB3F2C8B-6741-44CD-BDDD-01B433B83857} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {BB5EACAC-FB3A-4A8B-8A8E-585295408474} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {F30BCA9C-7ADB-433A-8BC7-862912CBC111} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {F82AAE9A-10B9-41B7-A5EB-DD08E10E4B2F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
EmptyTemp:
End
Open FRST/FRST64 and press the > Fix < button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
****************
http://i.imgur.com/BY4dvz9.png AdwCleaner
Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/dl/125/) and save the file to your Desktop.
Right-click AdwCleaner.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Follow the prompts.
Click http://i.imgur.com/A49sxPr.png Scan.
Upon completion, click http://i.imgur.com/6cyn5v5.png Logfile. A log (AdwCleaner[S1].txt) will open. Briefly check the log for anything you know to be legitimate.
Return to AdwCleaner. Ensure anything you know to be legitimate does not have a checkmark under the corresponding tab.
Click http://i.imgur.com/MqHawIb.png Clean.
Follow the prompts and allow your computer to reboot.
After the reboot, a log (AdwCleaner[C1].txt) will open. Copy the contents of the log and paste in your next reply.
-- File and folder backups are made for items removed using this programme. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[C1].txt.
======================================================
Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/)
or from here http://downloads.malwarebytes.org/file/jrt
to your desktop.
Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.
********
please post
Fixlog.txt
AdwCleaner[C1].txt
JRT.txt
Hi Juliet
Please find following:Fixlog.txt, AdwCleaner [S1], JRT.txt
Kind Regards
Hissy1
Fix result of Farbar Recovery Scan Tool (x64) Version:15-06-2016
Ran by Peter (2016-06-15 18:08:52) Run:1
Running from C:\Users\Peter\Desktop
Loaded Profiles: Peter (Available Profiles: Peter)
Boot Mode: Normal
==============================================
fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2546382144-2696063910-1601117367-1000 -> {815F01B9-B66F-4471-AF07-A4CF73FA1179} URL =
Task: {4CF5C5AF-C1F2-4707-B4B9-89774B049F24} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {4D684C6C-987F-4638-970B-E934968B821F} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {61935A66-4C3C-4B1E-830D-E0BE2FB3CEC2} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {80C0404A-C742-4812-A8F2-2A1B08F809CD} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {BB3F2C8B-6741-44CD-BDDD-01B433B83857} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {BB5EACAC-FB3A-4A8B-8A8E-585295408474} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {F30BCA9C-7ADB-433A-8BC7-862912CBC111} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {F82AAE9A-10B9-41B7-A5EB-DD08E10E4B2F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
EmptyTemp:
End
*****************
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKU\S-1-5-21-2546382144-2696063910-1601117367-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{815F01B9-B66F-4471-AF07-A4CF73FA1179}" => key removed successfully
HKCR\CLSID\{815F01B9-B66F-4471-AF07-A4CF73FA1179} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4CF5C5AF-C1F2-4707-B4B9-89774B049F24}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4CF5C5AF-C1F2-4707-B4B9-89774B049F24}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\rundetector" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4D684C6C-987F-4638-970B-E934968B821F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4D684C6C-987F-4638-970B-E934968B821F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{61935A66-4C3C-4B1E-830D-E0BE2FB3CEC2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{61935A66-4C3C-4B1E-830D-E0BE2FB3CEC2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{80C0404A-C742-4812-A8F2-2A1B08F809CD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{80C0404A-C742-4812-A8F2-2A1B08F809CD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BB3F2C8B-6741-44CD-BDDD-01B433B83857}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BB3F2C8B-6741-44CD-BDDD-01B433B83857}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BB5EACAC-FB3A-4A8B-8A8E-585295408474}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BB5EACAC-FB3A-4A8B-8A8E-585295408474}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F30BCA9C-7ADB-433A-8BC7-862912CBC111}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F30BCA9C-7ADB-433A-8BC7-862912CBC111}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F82AAE9A-10B9-41B7-A5EB-DD08E10E4B2F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F82AAE9A-10B9-41B7-A5EB-DD08E10E4B2F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
EmptyTemp: => 523.1 MB temporary data Removed.
The system needed a reboot.
==== End of Fixlog 18:08:59 ====
AdwCleaner S1.txt
# AdwCleaner v5.200 - Logfile created 15/06/2016 at 18:10:52
# Updated 14/06/2016 by ToolsLib
# Database : 2016-06-15.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Peter - PETER-PC
# Running from : C:\Users\Peter\Desktop\AdwCleaner.exe
# Option : Scan
# Support : https://toolslib.net/forum
***** [ Services ] *****
***** [ Folders ] *****
***** [ Files ] *****
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
***** [ Registry ] *****
Key Found : HKCU\Software\AppDataLow\Software\adawarebp
Key Found : HKU\S-1-5-21-2546382144-2696063910-1601117367-1000\Software\AppDataLow\Software\adawarebp
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{815F01B9-B66F-4471-AF07-A4CF73FA1179}
Data Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - {815F01B9-B66F-4471-AF07-A4CF73FA1179}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{815F01B9-B66F-4471-AF07-A4CF73FA1179}
Data Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - {815F01B9-B66F-4471-AF07-A4CF73FA1179}
***** [ Web browsers ] *****
[C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : uk.ask.com
*************************
C:\AdwCleaner\AdwCleaner[S1].txt - [1379 bytes] - [15/06/2016 18:10:52]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1452 bytes] ##########
JRT.txt
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 7 Home Premium x64
Ran by Peter (Administrator) on 15/06/2016 at 20:22:21.16
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 8
Successfully deleted: C:\Users\Peter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0N5R8GYI (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Peter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M6VVV9OB (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Peter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TXDCJQ6Q (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Peter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XXOKP1IP (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0N5R8GYI (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M6VVV9OB (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TXDCJQ6Q (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XXOKP1IP (Temporary Internet Files Folder)
Registry: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15/06/2016 at 20:23:03.03
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Please run AdwCleaner again, allow it to remove what is found.
~~~~~~~~~~~~~~~~~~~`
Please download the Malwarebytes Anti-Malware (https://downloads.malwarebytes.org/file/mbam) setup file to your Desktop.
OR from this location Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php)
Open mbam-setup.x.x.xxxx.exe (x represents the version #) and follow the prompts to install the programme.
On the Dashboard click on Update Now
Go to the Setting Tab
Under Setting go to Detection and Protection
Under PUP and PUM make sure both are set to show Treat Detections as Malware
Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
Then on the Dashboard click on Scan
Make sure to select THREAT SCAN
Then click on Scan
Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards.
If threats are detected, click Remove Selected. If you are prompted to reboot, click Yes.
Upon completion of the scan (or after the reboot), click the History tab.
Click Application Logs, followed by the first Scan Log.
Click Export, followed by Copy to Clipboard. Paste the log in your next reply.
Please post these 2 logs when finished.
Can you tell me what the computer is doing now.
Hi Juliet
I have ran Adwcleaner again as instructed. I d/l Malware Anti-Malware setup and installed and ran program. I followed your instructions and exported and copied results to clipboard. I have a couple of question for you. How do I access Windows 7 clipboard to retrieve so I can copy and paste in my reply? and which are the two files you want in reply, Adaware log and Malwarebytes log? Sorry for my confusion.
Kind Regards
Hissy1
Hi Juliet
I think I have managed to get the two logs you wanted although saved in Notepad. Hard to tell yet just how PC is performing:-
Kind Regards
Hissy1
# AdwCleaner v5.200 - Logfile created 16/06/2016 at 09:55:42
# Updated 14/06/2016 by ToolsLib
# Database : 2016-06-15.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Peter - PETER-PC
# Running from : C:\Users\Peter\Desktop\AdwCleaner.exe
# Option : Clean
# Support : https://toolslib.net/forum
***** [ Services ] *****
***** [ Folders ] *****
***** [ Files ] *****
***** [ DLLs ] *****
***** [ WMI ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
***** [ Registry ] *****
***** [ Web browsers ] *****
[-] [C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : uk.ask.com
*************************
:: "Tracing" keys deleted
:: Winsock settings cleared
*************************
C:\AdwCleaner\AdwCleaner[C1].txt - [1554 bytes] - [15/06/2016 18:15:03]
C:\AdwCleaner\AdwCleaner[C2].txt - [1288 bytes] - [16/06/2016 07:52:02]
C:\AdwCleaner\AdwCleaner[C3].txt - [992 bytes] - [16/06/2016 09:55:42]
C:\AdwCleaner\AdwCleaner[S1].txt - [1539 bytes] - [15/06/2016 18:10:52]
C:\AdwCleaner\AdwCleaner[S2].txt - [937 bytes] - [15/06/2016 20:11:57]
C:\AdwCleaner\AdwCleaner[S3].txt - [1120 bytes] - [16/06/2016 07:51:01]
C:\AdwCleaner\AdwCleaner[S4].txt - [1267 bytes] - [16/06/2016 09:55:19]
########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [1355 bytes] ##########
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 16/06/2016
Scan Time: 09:57
Logfile: Scanning History Log.txt
Administrator: Yes
Version: 2.2.1.1043
Malware Database: v2016.06.16.01
Rootkit Database: v2016.05.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Peter
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 273539
Time Elapsed: 2 min, 15 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
Sorry for the confusion.
What we can do now is run an online scan with Eset, a good trusted scanner, reliable and thorough.
The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
This scanner can take quite a bit of time to run, depending of course how full your computer is.
http://i.imgur.com/GzlsbnV.png ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.
Please download ESET Online Scan (http://download.eset.com/special/eos/esetsmartinstaller_enu.exe) and save the file to your Desktop.
Temporarily disable your anti-virus software. For instructions, please refer to the following link (http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/).
Double-click esetsmartinstaller_enu.exe to run the programme.
Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
Agree to the Terms of Use once more and click Start. Allow components to download.
Place a checkmark next to Enable detection of potentially unwanted applications.
Click Advanced settings. Place a checkmark next to:
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology
Ensure Remove found threats is unchecked.
Click Start.
Wait for the scan to finish. Please be patient as this can take some time.
Upon completion, click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png. If no threats were found, skip the next two bullet points.
Click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png and save the file to your Desktop, naming it something such as "MyEsetScan".
Push the Back button.
Place a checkmark next to http://i.imgur.com/KN1w2nv.png and click http://i.imgur.com/SzOC1p0.png.
Re-enable your anti-virus software.
Copy the contents of the log and paste in your next reply.
Hi Juliet
Please find Eset Scan results
Kind Regards
Hissy1
MyEsetScan
C:\Users\Peter\Downloads\ccsetup512.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Peter\Downloads\ccsetup518.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
What was found isn't anything to worry over.
How is your computer now?
Hi Juliet
I haven't been on the PC for a couple of days, however I will try it out over the next few hours. For what little time I have used it, it seems to be a lot better than it was. Is it ok if I post back in say 3/4 hours?
Thank you very much for all your help on the problem I have been getting.
Hissy1
Is it ok if I post back in say 3/4 hours?
Of course.
Hi Juliet
I spent a little more than 3 hrs on PC yesterday. It does seem a lot better than it was. The only thing I noticed is when I booted PC up this am, it seemed to take an age to get into my email program Gmail (buffering). Your thoughts would be much appreciated.
Kind Regards
Hissy1
Different apps could be updating, your antivirus could be scanning out mail folders....
What I think you should do, When you note it has become sluggish, open task manager and look for a exe or tool thats using more then normal CPU,
keep using the computer the same way you normally do and look for pop ups or signs of alert.
If all is well today we'll remove tools used and quarantine folders.
Hi Juliet
Thanks for your reply. I will monitor PC throughout the following day or so and do what you have suggested. I haven,t removed any of the testing programs you asked me to d/l. I will post a further reply later.
Kind Regards
Hissy1
Hi Juliet
I have monitored the performance of PC and it is definitely better than it was. It has not gone sluggish and task manager does not show any cpu high usage showing, nor has there been any pop-ups, so I await your reply for any removals you want me to carry out.
Once again my kind regards
Hissy1
DelFix
Please download DelFix (http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/9-delfix) or from Here (http://www.bleepingcomputer.com/download/delfix/) and save the file to your Desktop.
Double-click DelFix.exe to run the programme.
Place a checkmark next to the following items:
Activate UAC
Remove disinfection tools
Click the Run button.
-- This will remove the specialized tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).
***************************
Answers to common security questions - Best Practices (http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/) by quietman7, MVP
How Malware Spreads - How did I get infected? (http://www.bleepingcomputer.com/forums/t/287710/how-malware-spreads-how-did-i-get-infected/) by quietman7, MVP
Simple and easy ways to keep your computer safe and secure on the Internet (http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/) by Lawrence Abrams, MVP
How to Prevent Malware (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html) by miekiemoes, MVP
How to backup and restore your data using Cobian Backup (http://www.bleepingcomputer.com/tutorials/backup-and-restore-data-with-cobian-backup/) by YourHighness
Slow Computer/browser? It May Not Be Malware (http://www.bleepingcomputer.com/forums/t/87058/slow-computerbrowser-check-here-first;-it-may-not-be-malware/) by quietman7, MVP
AdBlock (https://adblockplus.org/en/firefox) is a browser add-on that blocks annoying banners, pop-ups and video ads.
http://i.imgur.com/E8I37RF.pngCryptoPrevent (https://www.foolishit.com/) places policy restrictions on loading points for ransomware (eg. CryptoWall), helping prevent the execution of malware.
http://i.imgur.com/EG85Vjt.png Malwarebytes Anti-Exploit (https://www.malwarebytes.org/antiexploit/) (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
http://i.imgur.com/6YRrgUC.png Malwarebytes Anti-Malware Premium (https://www.malwarebytes.org/) (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
http://i.imgur.com/jv4nhMJ.png NoScript (http://noscript.net/) is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
http://i.imgur.com/3O8r9Uq.png (http://www.sandboxie.com/) Sandboxie (http://www.sandboxie.com/) isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
http://i.imgur.com/DgW1XL2.png Secunia PSI (http://secunia.com/vulnerability_scanning/personal/) will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
http://i.imgur.com/j1OLIec.png SpywareBlaster (https://www.brightfort.com/spywareblaster.html) is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
http://i.imgur.com/sHjS79L.png Unchecky (http://unchecky.com/) automatically removes checkmarks for bunlded software in programme installers; helping you avoid adware and PUPs.
http://i.imgur.com/JEP5iWI.png Web of Trust (https://www.mywot.com/) (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.
Glad we could help. :)http://i204.photobucket.com/albums/bb106/Juliet702/sparkle.gif
Since this issue appears resolved ... this Topic is closed.