Windows 7 advising to use basic graphic settings.
Hi
This is my first post in the forum and my PC has started to run really slow. I have run Ad-aware anti virus and spy-bot S&D and CCleaner, but the problem is still there, so much so that last Thursday Windows 7 triggered a recommendation to change my graphic settings to the basic settings due to the computer slow running. This problem is a bit beyond my computer savvy and I was advised to seek help from you guys. dds follows-
Thanks in anticipation and kind regards
Hissy1
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.18315
Run by Peter at 12:23:28 on 2016-06-14
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.16327.10635 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
SP: Microsoft Security Essentials *Enabled/Updated* {CDE0C533-D3CD-62A1-E772-AFADDF863628}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.11.898.9090\AdAwareService.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.11.898.9090\AdAwareTray.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = C:\Program Files\Internet Explorer\pcspecialist.html
mWinlogon: Userinit = userinit.exe
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
Trusted Zone: square-enix.com
Trusted Zone: square-enix.com
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{47DE1C02-8429-442B-A30F-C61E85BAA717} : DHCPNameServer = 192.168.0.1
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] "C:\Windows\System32\rundll32.exe" C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2015-12-15 672104]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2015-12-15 28008]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2015-4-22 20464]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2015-11-13 289120]
R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [2015-12-16 936728]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-14 27136]
R2 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2016-5-26 1165368]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [2015-12-20 28552]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2014-4-30 154584]
R2 LavasoftAdAwareService11;Ad-Aware Service 11;C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.11.898.9090\AdAwareService.exe [2016-6-10 730496]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2016-5-26 1881144]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2016-5-26 2522680]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2016-6-11 1738168]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2016-6-11 2088408]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2016-6-11 171928]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe [2016-5-26 426040]
R3 AFXfilt;AFXfilt;C:\Windows\System32\drivers\afxfilt.sys [2015-12-15 25088]
R3 cthdb;Sound Blaster Audio Controller Driver;C:\Windows\System32\drivers\cthdb.sys [2015-12-15 25088]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2015-4-22 383984]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2015-12-15 795120]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2015-3-4 133816]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2016-1-29 374344]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2016-5-26 28216]
R3 NvStreamNetworkSvc;NVIDIA Streamer Network Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [2016-5-26 3634232]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2016-5-26 56384]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2015-12-15 940760]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-12 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2016-5-11 114688]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2014-2-1 887232]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-8-23 19456]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2013-8-23 29696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-8-23 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-8-23 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2015-12-19 1255736]
.
=============== Created Last 30 ================
.
2016-06-13 09:39:23 11895896 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F124CD36-6A3F-401D-AD48-417E9E076E4D}\mpengine.dll
2016-06-13 09:39:11 11895896 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2016-06-11 15:36:27 -------- d-----w- C:\Program Files\CCleaner
2016-06-11 15:12:16 -------- d-----w- C:\Program Files\Common Files\AV
2016-06-11 15:10:37 21040 ----a-w- C:\Windows\System32\sdnclean64.exe
2016-06-11 15:10:36 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2016-06-11 15:10:33 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-06-11 15:09:50 -------- d-----w- C:\Users\Peter\AppData\Local\Programs
2016-06-11 08:05:03 -------- d-----w- C:\Program Files\Common Files\Lavasoft
2016-06-10 11:51:09 -------- d-----w- C:\Users\Peter\AppData\Roaming\WinPatrol
2016-06-10 08:46:58 -------- d-----w- C:\Users\Peter\AppData\Roaming\LavasoftStatistics
2016-06-10 08:46:22 -------- d-----w- C:\Program Files\Lavasoft
2016-05-27 17:43:50 -------- d-----w- C:\Program Files (x86)\Microsoft ASP.NET
2016-05-26 12:33:13 -------- d-----w- C:\Users\Peter\AppData\Local\NVIDIA Corporation
2016-05-26 12:32:09 1767944 ----a-w- C:\Windows\System32\nvspcap64.dll
2016-05-26 12:32:09 1756608 ----a-w- C:\Windows\System32\nvspbridge64.dll
2016-05-26 12:32:09 1377800 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2016-05-26 12:32:09 1316184 ----a-w- C:\Windows\SysWow64\nvspbridge.dll
2016-05-26 12:32:09 112032 ----a-w- C:\Windows\System32\NvRtmpStreamer64.dll
2016-05-26 12:31:45 113208 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2016-05-26 12:31:03 83512 ----a-w- C:\Windows\System32\nv3dappshextr.dll
2016-05-26 12:31:03 531904 ----a-w- C:\Windows\System32\nv3dappshext.dll
2016-05-26 12:19:45 -------- d-----w- C:\Users\Peter\AppData\Local\NVIDIA
2016-05-26 11:32:36 121488 ----a-w- C:\Windows\System32\OpenCL.dll
2016-05-26 11:32:36 113808 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2016-05-26 11:24:37 -------- d-----w- C:\Windows\SysWow64\GWX
2016-05-26 11:24:37 -------- d-----w- C:\Windows\System32\GWX
2016-05-22 08:58:13 1167568 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E082D2FA-12BA-45CE-99C0-8C350B1921B3}\gapaengine.dll
.
==================== Find3M ====================
.
2016-05-21 21:10:34 46024 ----a-w- C:\Windows\System32\nvhdap64.dll
2016-05-21 21:10:34 1581624 ----a-w- C:\Windows\System32\nvhdagenco64.dll
2016-05-21 21:10:34 141256 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2016-05-20 02:11:23 6346688 ----a-w- C:\Windows\System32\nvcpl.dll
2016-05-20 02:11:23 2454976 ----a-w- C:\Windows\System32\nvsvc64.dll
2016-05-20 02:11:21 69568 ----a-w- C:\Windows\System32\nvshext.dll
2016-05-20 02:11:21 393784 ----a-w- C:\Windows\System32\nvmctray.dll
2016-05-20 02:11:21 1762752 ----a-w- C:\Windows\System32\nvsvcr.dll
2016-05-20 02:11:21 1352760 ----a-w- C:\Windows\System32\nvvsvc.exe
2016-05-18 23:25:24 6448223 ----a-w- C:\Windows\System32\nvcoproc.bin
2016-04-28 16:20:32 485512 ----a-w- C:\Windows\System32\drivers\Trufos.sys
2016-04-23 05:16:10 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2016-04-23 05:16:00 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2016-04-23 05:01:23 66560 ----a-w- C:\Windows\System32\iesetup.dll
2016-04-23 05:00:39 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2016-04-23 05:00:32 417792 ----a-w- C:\Windows\System32\html.iec
2016-04-23 05:00:10 571904 ----a-w- C:\Windows\System32\vbscript.dll
2016-04-23 05:00:01 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2016-04-23 04:47:35 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2016-04-23 04:47:34 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2016-04-23 04:47:20 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2016-04-23 04:46:47 6052352 ----a-w- C:\Windows\System32\jscript9.dll
2016-04-23 04:40:13 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2016-04-23 04:29:15 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2016-04-23 04:20:51 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2016-04-23 04:08:47 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2016-04-23 04:08:47 497152 ----a-w- C:\Windows\SysWow64\vbscript.dll
2016-04-23 04:08:09 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2016-04-23 04:07:58 341504 ----a-w- C:\Windows\SysWow64\html.iec
2016-04-23 04:07:05 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2016-04-23 04:06:09 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2016-04-23 04:05:05 2131968 ----a-w- C:\Windows\System32\inetcpl.cpl
2016-04-23 03:58:33 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2016-04-23 03:58:14 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2016-04-23 03:51:54 2596864 ----a-w- C:\Windows\System32\wininet.dll
2016-04-23 03:45:54 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2016-04-23 03:36:58 4611072 ----a-w- C:\Windows\SysWow64\jscript9.dll
2016-04-23 03:30:55 2056192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2016-04-23 03:30:34 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2016-04-23 03:12:38 2121216 ----a-w- C:\Windows\SysWow64\wininet.dll
2016-04-22 07:57:45 453288 ------w- C:\Windows\System32\MpSigStub.exe
2016-04-14 13:49:13 603648 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2016-04-14 13:21:17 647680 ----a-w- C:\Windows\System32\d3d10level9.dll
2016-04-14 05:38:19 56384 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
2016-04-14 05:38:11 113216 ----a-w- C:\Windows\System32\nvaudcap64v.dll
2016-04-14 05:38:09 102976 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
2016-04-09 07:02:34 631176 ----a-w- C:\Windows\System32\winresume.efi
2016-04-09 07:01:44 706280 ----a-w- C:\Windows\System32\winload.efi
2016-04-09 07:01:43 5546216 ----a-w- C:\Windows\System32\ntoskrnl.exe
2016-04-09 07:01:42 95464 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2016-04-09 07:01:42 154344 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2016-04-09 07:01:41 986344 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2016-04-09 07:01:41 264936 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2016-04-09 06:59:48 3998952 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2016-04-09 06:59:48 3943144 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2016-04-09 06:59:27 1732864 ----a-w- C:\Windows\System32\ntdll.dll
2016-04-09 06:57:59 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2016-04-09 06:54:54 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2016-04-09 05:52:09 148480 ----a-w- C:\Windows\System32\appidpolicyconverter.exe
2016-04-09 05:52:04 62464 ----a-w- C:\Windows\System32\drivers\appid.sys
2016-04-09 05:52:04 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
2016-04-09 05:51:21 64000 ----a-w- C:\Windows\System32\auditpol.exe
2016-04-09 05:49:33 3217408 ----a-w- C:\Windows\System32\win32k.sys
2016-04-09 05:48:16 338432 ----a-w- C:\Windows\System32\conhost.exe
2016-04-09 05:47:23 296960 ----a-w- C:\Windows\System32\rstrui.exe
2016-04-09 05:44:39 159744 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2016-04-09 05:44:06 291328 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2016-04-09 05:44:03 129536 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2016-04-09 05:43:20 30720 ----a-w- C:\Windows\System32\lsass.exe
2016-04-09 05:43:17 112640 ----a-w- C:\Windows\System32\smss.exe
2016-04-09 05:42:19 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2016-04-09 05:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2016-04-09 05:38:24 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2016-04-09 05:38:24 2048 ----a-w- C:\Windows\SysWow64\user.exe
2016-04-09 05:38:24 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2016-04-09 05:37:37 36352 ----a-w- C:\Windows\SysWow64\cryptbase.dll
2016-04-09 05:37:29 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2016-04-09 05:37:29 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-09 05:37:29 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2016-04-09 05:37:29 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2016-04-09 04:20:04 1230848 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2016-04-09 03:52:25 1424896 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2016-04-06 15:27:53 24576 ----a-w- C:\Windows\System32\jnwmon.dll
2016-04-04 18:14:06 38120 ----a-w- C:\Windows\System32\CompatTelRunner.exe
2016-04-04 18:02:17 1169408 ----a-w- C:\Windows\System32\aeinv.dll
2016-04-02 13:08:13 1386496 ----a-w- C:\Windows\System32\appraiser.dll
2016-03-23 14:02:01 215040 ----a-w- C:\Windows\System32\aepic.dll
2016-03-17 22:56:24 2084864 ----a-w- C:\Windows\System32\ole32.dll
2016-03-17 22:28:21 1414144 ----a-w- C:\Windows\SysWow64\ole32.dll
2016-03-17 18:04:39 698368 ----a-w- C:\Windows\System32\generaltel.dll
2016-03-17 18:04:39 499200 ----a-w- C:\Windows\System32\devinv.dll
2016-03-17 18:04:39 279040 ----a-w- C:\Windows\System32\invagent.dll
2016-03-17 18:04:38 76800 ----a-w- C:\Windows\System32\acmigration.dll
2016-03-16 18:50:06 156672 ----a-w- C:\Windows\System32\mtxoci.dll
2016-03-16 18:28:15 111616 ----a-w- C:\Windows\SysWow64\mtxoci.dll
2016-03-16 18:28:12 176128 ----a-w- C:\Windows\SysWow64\msorcl32.dll
.
============= FINISH: 12:23:33.82 ===============
Windows 7 advising to use basic graphic settings.
Hi Juliet
Thanks for prompt reply. Ad-aware has been removed from PC and the rest of your instructions followed. All results below. There has been a MBR.dat file placed on my desktop, but I am unable to open. Hope you don't need that file.
Kind Regards
Hissy1
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2016
Ran by Peter (administrator) on PETER-PC (15-06-2016 12:55:28)
Running from C:\Users\Peter\Desktop
Loaded Profiles: Peter (Available Profiles: Peter)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
() C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7640944 2014-09-29] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-05-02] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [293872 2014-08-25] (Intel Corporation)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2546382144-2696063910-1601117367-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8722136 2016-06-01] (Piriform Ltd)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{47DE1C02-8429-442B-A30F-C61E85BAA717}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKU\S-1-5-21-2546382144-2696063910-1601117367-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE07&ocid=UE07DHP
HKU\S-1-5-21-2546382144-2696063910-1601117367-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-gb/?pc=UE07&ocid=UE07DHP
SearchScopes: HKLM -> DefaultScope {815F01B9-B66F-4471-AF07-A4CF73FA1179} URL = hxxp://uk.yhs4.search.yahoo.com/yhs/search?hspart=appattach&hsimp=yhs-appattach&type=493&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {815F01B9-B66F-4471-AF07-A4CF73FA1179} URL = hxxp://uk.yhs4.search.yahoo.com/yhs/search?hspart=appattach&hsimp=yhs-appattach&type=493&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {815F01B9-B66F-4471-AF07-A4CF73FA1179} URL = hxxp://uk.yhs4.search.yahoo.com/yhs/search?hspart=appattach&hsimp=yhs-appattach&type=493&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {815F01B9-B66F-4471-AF07-A4CF73FA1179} URL = hxxp://uk.yhs4.search.yahoo.com/yhs/search?hspart=appattach&hsimp=yhs-appattach&type=493&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2546382144-2696063910-1601117367-1000 -> {815F01B9-B66F-4471-AF07-A4CF73FA1179} URL =
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-04-30] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-04-30] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-05-20] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-05-20] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-19]
CHR Extension: (Google Docs) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-19]
CHR Extension: (Google Drive) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-19]
CHR Extension: (YouTube) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-19]
CHR Extension: (Google Search) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-19]
CHR Extension: (Google Sheets) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-19]
CHR Extension: (Google Docs Offline) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Extension: (Gmail) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-19]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2014-01-28] ()
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1165368 2016-05-02] (NVIDIA Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [28552 2016-04-26] (Hewlett-Packard Company)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-02-01] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-04-30] (Intel Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-05-02] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-05-02] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-05-02] (NVIDIA Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-08-30] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AFXfilt; C:\Windows\System32\drivers\AFXfilt.sys [25088 2013-06-04] (Creative Technology Ltd.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-01-28] ()
R3 cthdb; C:\Windows\System32\DRIVERS\cthdb.sys [25088 2013-07-03] (Creative Technology Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2014-05-02] (Intel Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [118272 2014-04-30] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-05-02] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-06-15 12:55 - 2016-06-15 12:55 - 00011842 _____ C:\Users\Peter\Desktop\FRST.txt
2016-06-15 12:54 - 2016-06-15 12:55 - 00000000 ____D C:\FRST
2016-06-15 12:50 - 2016-06-15 12:49 - 02385920 _____ (Farbar) C:\Users\Peter\Desktop\FRST64.exe
2016-06-15 12:49 - 2016-06-15 12:49 - 02385920 _____ (Farbar) C:\Users\Peter\Downloads\FRST64.exe
2016-06-15 12:48 - 2016-06-15 12:48 - 00000207 _____ C:\Windows\tweaking.com-regbackup-PETER-PC-Windows-7-Home-Premium-(64-bit).dat
2016-06-15 12:48 - 2016-06-15 12:48 - 00000000 ____D C:\RegBackup
2016-06-15 12:47 - 2016-06-15 12:48 - 00017985 _____ C:\Windows\Tweaking.com - Registry Backup Setup Log.txt
2016-06-15 12:47 - 2016-06-15 12:47 - 00002246 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2016-06-15 12:47 - 2016-06-15 12:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2016-06-15 12:47 - 2016-06-15 12:47 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2016-06-15 12:44 - 2016-06-15 12:44 - 05523840 _____ (Tweaking.com) C:\Users\Peter\Desktop\tweaking.com_registry_backup_setup.exe
2016-06-15 09:33 - 2016-06-06 17:58 - 00041704 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-06-15 09:33 - 2016-06-06 17:50 - 01204224 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-06-15 09:33 - 2016-06-03 14:05 - 01413120 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-06-15 09:33 - 2016-05-27 14:06 - 00569856 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-06-15 09:33 - 2016-05-27 14:06 - 00544256 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-06-15 09:33 - 2016-05-27 14:06 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-06-15 09:33 - 2016-05-27 14:06 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-06-15 09:33 - 2016-05-24 00:37 - 00394960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-06-15 09:33 - 2016-05-23 23:54 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-06-15 09:33 - 2016-05-22 14:06 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-06-15 09:33 - 2016-05-21 18:28 - 25802752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-06-15 09:33 - 2016-05-21 17:57 - 20341248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-06-15 09:33 - 2016-05-20 23:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-06-15 09:33 - 2016-05-20 23:27 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-06-15 09:33 - 2016-05-20 23:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-06-15 09:33 - 2016-05-20 23:10 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-06-15 09:33 - 2016-05-20 23:09 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-06-15 09:33 - 2016-05-20 23:09 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-06-15 09:33 - 2016-05-20 23:09 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-06-15 09:33 - 2016-05-20 23:08 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-06-15 09:33 - 2016-05-20 23:08 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-06-15 09:33 - 2016-05-20 23:02 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-06-15 09:33 - 2016-05-20 23:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-06-15 09:33 - 2016-05-20 22:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-06-15 09:33 - 2016-05-20 22:57 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-06-15 09:33 - 2016-05-20 22:57 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-06-15 09:33 - 2016-05-20 22:57 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-06-15 09:33 - 2016-05-20 22:56 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-06-15 09:33 - 2016-05-20 22:56 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-06-15 09:33 - 2016-05-20 22:55 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-06-15 09:33 - 2016-05-20 22:54 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-06-15 09:33 - 2016-05-20 22:54 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-06-15 09:33 - 2016-05-20 22:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-06-15 09:33 - 2016-05-20 22:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-06-15 09:33 - 2016-05-20 22:50 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-06-15 09:33 - 2016-05-20 22:49 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-06-15 09:33 - 2016-05-20 22:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-06-15 09:33 - 2016-05-20 22:45 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-06-15 09:33 - 2016-05-20 22:45 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-06-15 09:33 - 2016-05-20 22:44 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-06-15 09:33 - 2016-05-20 22:44 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-06-15 09:33 - 2016-05-20 22:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-06-15 09:33 - 2016-05-20 22:41 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-06-15 09:33 - 2016-05-20 22:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-06-15 09:33 - 2016-05-20 22:33 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-06-15 09:33 - 2016-05-20 22:32 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-06-15 09:33 - 2016-05-20 22:29 - 13815808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-06-15 09:33 - 2016-05-20 22:28 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-06-15 09:33 - 2016-05-20 22:27 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-06-15 09:33 - 2016-05-20 22:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-06-15 09:33 - 2016-05-20 22:26 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-06-15 09:33 - 2016-05-20 22:25 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-06-15 09:33 - 2016-05-20 22:23 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-06-15 09:33 - 2016-05-20 22:23 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-06-15 09:33 - 2016-05-20 22:22 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-06-15 09:33 - 2016-05-20 22:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-06-15 09:33 - 2016-05-20 22:19 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-06-15 09:33 - 2016-05-20 22:14 - 04610048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-06-15 09:33 - 2016-05-20 22:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-06-15 09:33 - 2016-05-20 22:11 - 15420928 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-06-15 09:33 - 2016-05-20 22:11 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-06-15 09:33 - 2016-05-20 22:09 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-06-15 09:33 - 2016-05-20 22:09 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-06-15 09:33 - 2016-05-20 22:08 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-06-15 09:33 - 2016-05-20 22:08 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-06-15 09:33 - 2016-05-20 22:07 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-06-15 09:33 - 2016-05-20 22:07 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-06-15 09:33 - 2016-05-20 22:06 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-06-15 09:33 - 2016-05-20 21:46 - 02597888 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-06-15 09:33 - 2016-05-20 21:42 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-06-15 09:33 - 2016-05-20 21:38 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-06-15 09:33 - 2016-05-20 21:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-06-15 09:33 - 2016-05-20 21:34 - 01544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-06-15 09:33 - 2016-05-20 21:23 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-06-15 09:33 - 2016-05-18 17:10 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-06-15 09:33 - 2016-05-18 17:09 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-06-15 09:33 - 2016-05-13 23:15 - 00382184 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-06-15 09:33 - 2016-05-13 23:09 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-06-15 09:33 - 2016-05-13 23:09 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-06-15 09:33 - 2016-05-13 23:09 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-06-15 09:33 - 2016-05-13 23:09 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-06-15 09:33 - 2016-05-13 22:54 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-06-15 09:33 - 2016-05-13 22:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-06-15 09:33 - 2016-05-13 22:49 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-06-15 09:33 - 2016-05-13 22:49 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-06-15 09:33 - 2016-05-13 22:27 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-06-15 09:33 - 2016-05-12 18:20 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-06-15 09:33 - 2016-05-12 18:20 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-06-15 09:33 - 2016-05-12 18:15 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-06-15 09:33 - 2016-05-12 18:15 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-06-15 09:33 - 2016-05-12 18:15 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\winipsec.dll
2016-06-15 09:33 - 2016-05-12 18:15 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-06-15 09:33 - 2016-05-12 18:15 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-06-15 09:33 - 2016-05-12 18:15 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-06-15 09:33 - 2016-05-12 18:14 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-06-15 09:33 - 2016-05-12 18:14 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-06-15 09:33 - 2016-05-12 18:14 - 00794624 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2016-06-15 09:33 - 2016-05-12 18:14 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-06-15 09:33 - 2016-05-12 18:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-06-15 09:33 - 2016-05-12 18:14 - 00502272 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2016-06-15 09:33 - 2016-05-12 18:14 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-06-15 09:33 - 2016-05-12 18:14 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2016-06-15 09:33 - 2016-05-12 18:14 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-06-15 09:33 - 2016-05-12 18:14 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-06-15 09:33 - 2016-05-12 18:14 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-06-15 09:33 - 2016-05-12 18:14 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-06-15 09:33 - 2016-05-12 18:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-06-15 09:33 - 2016-05-12 18:14 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2016-06-15 09:33 - 2016-05-12 18:14 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2016-06-15 09:33 - 2016-05-12 18:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-06-15 09:33 - 2016-05-12 18:14 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-06-15 09:33 - 2016-05-12 18:14 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-06-15 09:33 - 2016-05-12 18:14 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-06-15 09:33 - 2016-05-12 16:18 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-06-15 09:33 - 2016-05-12 16:18 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-06-15 09:33 - 2016-05-12 16:18 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-06-15 09:33 - 2016-05-12 16:18 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-06-15 09:33 - 2016-05-12 16:18 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll
2016-06-15 09:33 - 2016-05-12 16:18 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-06-15 09:33 - 2016-05-12 16:18 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-06-15 09:33 - 2016-05-12 16:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-06-15 09:33 - 2016-05-12 16:18 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-06-15 09:33 - 2016-05-12 16:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-06-15 09:33 - 2016-05-12 16:18 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-06-15 09:33 - 2016-05-12 16:18 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-06-15 09:33 - 2016-05-12 16:18 - 00079360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2016-06-15 09:33 - 2016-05-12 16:18 - 00070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winipsec.dll
2016-06-15 09:33 - 2016-05-12 16:18 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-06-15 09:33 - 2016-05-12 16:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-06-15 09:33 - 2016-05-12 16:18 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
2016-06-15 09:33 - 2016-05-12 16:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-06-15 09:33 - 2016-05-12 16:18 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-06-15 09:33 - 2016-05-12 16:18 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-06-15 09:33 - 2016-05-12 16:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-06-15 09:33 - 2016-05-12 16:03 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-06-15 09:33 - 2016-05-12 15:58 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-06-15 09:33 - 2016-05-12 15:58 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-06-15 09:33 - 2016-05-12 15:58 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-06-15 09:33 - 2016-05-12 15:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-06-15 09:33 - 2016-05-12 15:58 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-06-15 09:33 - 2016-05-12 15:58 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-06-15 09:33 - 2016-05-12 15:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-06-15 09:33 - 2016-05-12 15:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-06-15 09:33 - 2016-05-12 15:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-06-15 09:33 - 2016-05-12 14:05 - 00459640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-06-15 09:33 - 2016-05-12 14:05 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-06-15 09:33 - 2016-05-12 14:04 - 00249352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-06-15 09:33 - 2016-05-11 18:02 - 00483840 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2016-06-15 09:33 - 2016-05-11 18:02 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-06-15 09:33 - 2016-05-11 18:02 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2016-06-15 09:33 - 2016-05-11 18:02 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2016-06-15 09:33 - 2016-05-11 16:19 - 00363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2016-06-15 09:33 - 2016-05-11 16:19 - 00351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-06-15 09:33 - 2016-05-11 16:19 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2016-06-15 09:33 - 2016-05-11 16:19 - 00206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2016-06-15 09:33 - 2016-05-11 16:11 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
2016-06-15 09:33 - 2016-05-11 16:01 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe
2016-06-15 09:33 - 2016-05-11 15:58 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2016-06-15 09:33 - 2016-04-14 17:46 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-06-15 09:33 - 2016-04-14 17:42 - 03243520 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-06-15 09:33 - 2016-04-14 17:42 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-06-15 09:33 - 2016-04-14 17:42 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-06-15 09:33 - 2016-04-14 17:42 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-06-15 09:33 - 2016-04-14 17:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-06-15 09:33 - 2016-04-14 16:33 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-06-15 09:33 - 2016-04-14 16:33 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-06-15 09:33 - 2016-04-14 16:33 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2016-06-15 09:33 - 2016-04-14 16:33 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2016-06-15 09:33 - 2016-04-14 16:19 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-06-15 09:33 - 2016-04-14 16:11 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2016-06-15 09:33 - 2016-04-09 07:58 - 14186496 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-06-15 09:33 - 2016-04-09 07:57 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-06-15 09:33 - 2016-04-09 07:54 - 12881408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-06-15 09:33 - 2016-04-09 07:54 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-06-15 09:33 - 2016-04-09 06:53 - 03231232 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-06-15 09:33 - 2016-04-09 06:44 - 02973184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-06-15 09:33 - 2016-03-09 20:00 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2016-06-15 09:33 - 2016-03-09 19:40 - 00316416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2016-06-14 12:23 - 2016-06-14 12:23 - 00019175 _____ C:\Users\Peter\Desktop\dds.txt
2016-06-14 12:23 - 2016-06-14 12:23 - 00003954 _____ C:\Users\Peter\Desktop\attach.txt
2016-06-11 16:49 - 2016-06-11 16:49 - 00688992 ____R (Swearware) C:\Users\Peter\Downloads\dds (1).scr
2016-06-11 16:36 - 2016-06-11 16:36 - 06893008 _____ (Piriform Ltd) C:\Users\Peter\Downloads\ccsetup518.exe
2016-06-11 16:36 - 2016-06-11 16:36 - 00002790 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-06-11 16:36 - 2016-06-11 16:36 - 00000829 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-06-11 16:36 - 2016-06-11 16:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-06-11 16:36 - 2016-06-11 16:36 - 00000000 ____D C:\Program Files\CCleaner
2016-06-11 16:29 - 2016-06-11 16:29 - 00000422 _____ C:\Users\Peter\Documents\cc_20160611_162924.reg
2016-06-11 16:12 - 2016-06-11 16:12 - 00000000 ____D C:\Program Files\Common Files\AV
2016-06-11 16:12 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2016-06-11 16:11 - 2016-06-11 16:11 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2016-06-11 16:10 - 2016-06-11 16:27 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-06-11 16:10 - 2016-06-11 16:13 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-06-11 16:10 - 2016-06-11 16:10 - 00001402 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-06-11 16:10 - 2016-06-11 16:10 - 00001390 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2016-06-11 16:10 - 2016-06-11 16:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-06-11 16:10 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2016-06-11 16:09 - 2016-06-11 16:09 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Peter\Downloads\spybot-2.4.exe
2016-06-10 12:58 - 2016-06-10 12:58 - 00388608 _____ (Trend Micro Inc.) C:\Users\Peter\Downloads\HijackThis.exe
2016-06-10 12:51 - 2016-06-10 12:55 - 00000000 ____D C:\Users\Peter\AppData\Roaming\WinPatrol
2016-06-10 12:50 - 2016-06-10 12:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2016-06-10 12:49 - 2016-06-10 12:49 - 01292424 _____ (Ruiware) C:\Users\Peter\Downloads\wpsetup.exe
2016-06-10 09:54 - 2016-06-10 09:54 - 00000000 ____D C:\Users\Peter\AppData\Roaming\Lavasoft
2016-06-10 09:46 - 2016-06-10 09:46 - 00000000 ____D C:\Users\Peter\AppData\Roaming\LavasoftStatistics
2016-06-10 09:46 - 2016-06-10 09:46 - 00000000 ____D C:\Program Files\Lavasoft
2016-06-10 09:44 - 2016-06-10 09:44 - 02085168 _____ C:\Users\Peter\Downloads\Adaware_Installer.exe
2016-06-10 09:44 - 2016-06-10 09:44 - 00000000 ____D C:\ProgramData\Lavasoft
2016-06-02 12:17 - 2016-06-02 12:17 - 00001030 _____ C:\Users\Peter\Documents\cc_20160602_121726.reg
2016-05-27 18:43 - 2016-05-27 18:43 - 00000000 ____D C:\Program Files (x86)\Microsoft ASP.NET
2016-05-26 13:38 - 2016-05-26 13:38 - 00001388 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2016-05-26 13:33 - 2016-05-26 13:38 - 00000000 ____D C:\Users\Peter\AppData\Local\NVIDIA Corporation
2016-05-26 13:32 - 2016-05-26 13:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-05-26 13:32 - 2016-05-02 06:39 - 01377800 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2016-05-26 13:32 - 2016-05-02 06:39 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2016-05-26 13:32 - 2016-05-02 06:38 - 01767944 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2016-05-26 13:32 - 2016-05-02 06:38 - 01756608 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2016-05-26 13:32 - 2016-05-02 06:38 - 00112032 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2016-05-26 13:31 - 2016-05-20 03:11 - 00531904 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2016-05-26 13:31 - 2016-05-20 03:11 - 00083512 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2016-05-26 13:31 - 2016-05-20 02:45 - 00113208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2016-05-26 13:30 - 2016-05-26 13:31 - 00000000 ____D C:\ProgramData\Package Cache
2016-05-26 13:30 - 2016-05-21 22:10 - 01581624 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco64.dll
2016-05-26 13:30 - 2016-05-21 22:10 - 00141256 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2016-05-26 13:30 - 2016-05-21 22:10 - 00046024 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2016-05-26 13:30 - 2016-05-20 08:01 - 39979576 _____ C:\Windows\system32\nvcompiler.dll
2016-05-26 13:30 - 2016-05-20 08:01 - 35117112 _____ C:\Windows\SysWOW64\nvcompiler.dll
2016-05-26 13:30 - 2016-05-20 08:01 - 31600696 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2016-05-26 13:30 - 2016-05-20 08:01 - 25372096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2016-05-26 13:30 - 2016-05-20 08:01 - 21794064 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2016-05-26 13:30 - 2016-05-20 08:01 - 21336720 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2016-05-26 13:30 - 2016-05-20 08:01 - 18138232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2016-05-26 13:30 - 2016-05-20 08:01 - 17732936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2016-05-26 13:30 - 2016-05-20 08:01 - 17236560 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2016-05-26 13:30 - 2016-05-20 08:01 - 16693208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2016-05-26 13:30 - 2016-05-20 08:01 - 14293592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2016-05-26 13:30 - 2016-05-20 08:01 - 13412408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2016-05-26 13:30 - 2016-05-20 08:01 - 10642728 _____ C:\Windows\system32\nvptxJitCompiler.dll
2016-05-26 13:30 - 2016-05-20 08:01 - 08733096 _____ C:\Windows\SysWOW64\nvptxJitCompiler.dll
2016-05-26 13:30 - 2016-05-20 08:01 - 03825384 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2016-05-26 13:30 - 2016-05-20 08:01 - 03447232 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2016-05-26 13:30 - 2016-05-20 08:01 - 03383448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2016-05-26 13:30 - 2016-05-20 08:01 - 03001792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2016-05-26 13:30 - 2016-05-20 08:01 - 01922496 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6436822.dll
2016-05-26 13:30 - 2016-05-20 08:01 - 01573432 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6436822.dll
2016-05-26 13:30 - 2016-05-20 08:01 - 00984512 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2016-05-26 13:30 - 2016-05-20 08:01 - 00911416 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2016-05-26 13:30 - 2016-05-20 08:01 - 00770496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2016-05-26 13:30 - 2016-05-20 08:01 - 00708032 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2016-05-26 13:30 - 2016-05-20 08:01 - 00669952 _____ C:\Windows\system32\nvfatbinaryLoader.dll
2016-05-26 13:30 - 2016-05-20 08:01 - 00565392 _____ C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2016-05-26 13:30 - 2016-05-20 08:01 - 00501384 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2016-05-26 13:30 - 2016-05-20 08:01 - 00476848 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2016-05-26 13:30 - 2016-05-20 08:01 - 00423360 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2016-05-26 13:30 - 2016-05-20 08:01 - 00422240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2016-05-26 13:30 - 2016-05-20 08:01 - 00394912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2016-05-26 13:30 - 2016-05-20 08:01 - 00379448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2016-05-26 13:30 - 2016-05-20 08:01 - 00177952 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2016-05-26 13:30 - 2016-05-20 08:01 - 00155768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2016-05-26 13:30 - 2016-05-20 08:01 - 00153232 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2016-05-26 13:30 - 2016-05-20 08:01 - 00131584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2016-05-26 13:30 - 2016-05-20 08:01 - 00000594 _____ C:\Windows\SysWOW64\nv-vk32.json
2016-05-26 13:30 - 2016-05-20 08:01 - 00000594 _____ C:\Windows\system32\nv-vk64.json
2016-05-26 13:30 - 2016-04-14 06:38 - 00113216 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2016-05-26 13:30 - 2016-04-14 06:38 - 00102976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2016-05-26 13:30 - 2016-04-14 06:38 - 00056384 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2016-05-26 13:21 - 2016-05-26 13:26 - 366084144 _____ (NVIDIA Corporation) C:\Users\Peter\Downloads\368.22-desktop-win8-win7-winvista-64bit-international-whql.exe
2016-05-26 13:19 - 2016-05-26 13:38 - 00000000 ____D C:\Users\Peter\AppData\Local\NVIDIA
2016-05-26 12:32 - 2015-11-10 02:52 - 00121488 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2016-05-26 12:32 - 2015-11-10 02:52 - 00113808 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2016-05-26 12:24 - 2016-05-26 12:24 - 00000000 ____D C:\Windows\SysWOW64\GWX
2016-05-26 12:24 - 2016-05-26 12:24 - 00000000 ____D C:\Windows\system32\GWX
2016-05-22 12:29 - 2016-05-22 12:29 - 00000168 _____ C:\Users\Peter\Downloads\ATT00001.htm
2016-05-22 12:28 - 2016-05-22 12:29 - 01427487 _____ C:\Users\Peter\Downloads\H16ASTR-2696662.pdf
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-06-15 12:50 - 2009-07-14 05:45 - 00021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-15 12:50 - 2009-07-14 05:45 - 00021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-15 12:48 - 2009-07-14 06:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-15 12:48 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-06-15 12:42 - 2015-12-19 12:08 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-15 12:42 - 2015-12-16 01:47 - 00000000 ____D C:\ProgramData\NVIDIA
2016-06-15 12:42 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-15 12:35 - 2015-12-19 13:54 - 00000000 ____D C:\Windows\system32\appraiser
2016-06-15 12:35 - 2009-07-14 05:45 - 00272016 _____ C:\Windows\system32\FNTCACHE.DAT
2016-06-15 11:02 - 2015-12-19 13:33 - 00000000 ____D C:\Windows\system32\MRT
2016-06-15 11:01 - 2015-12-19 13:33 - 142482544 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-06-15 10:25 - 2015-12-19 12:08 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-10 12:59 - 2015-12-19 11:20 - 00000000 ____D C:\Users\Peter\AppData\Local\VirtualStore
2016-06-07 09:26 - 2015-12-19 12:09 - 00002202 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-07 09:26 - 2015-12-19 12:09 - 00002190 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-02 09:38 - 2015-12-21 16:45 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-05-26 13:38 - 2015-12-16 01:47 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-05-26 13:32 - 2015-12-16 01:49 - 00000000 ____D C:\temp
2016-05-26 13:32 - 2015-12-16 01:47 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-05-26 13:32 - 2015-12-16 01:47 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-05-20 08:01 - 2015-12-15 17:38 - 19110968 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2016-05-20 08:01 - 2015-12-15 17:38 - 00039124 _____ C:\Windows\system32\nvinfo.pb
2016-05-20 03:11 - 2015-12-16 01:47 - 06346688 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2016-05-20 03:11 - 2015-12-16 01:47 - 02454976 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2016-05-20 03:11 - 2015-12-16 01:47 - 01762752 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2016-05-20 03:11 - 2015-12-16 01:47 - 01352760 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2016-05-20 03:11 - 2015-12-16 01:47 - 00393784 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2016-05-20 03:11 - 2015-12-16 01:47 - 00069568 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2016-05-19 11:35 - 2009-07-14 06:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-05-19 00:25 - 2015-12-16 01:47 - 06448223 _____ C:\Windows\system32\nvcoproc.bin
==================== Files in the root of some directories =======
2016-02-13 18:34 - 2016-02-13 18:35 - 0000000 _____ () C:\Users\Peter\AppData\Local\{39CEE1D4-A35F-457C-A11E-B0524445C792}
2015-12-22 12:27 - 2015-12-22 12:27 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-12-16 01:47 - 2015-12-16 01:47 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-06-07 09:43
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-06-2016
Ran by Peter (2016-06-15 12:55:41)
Running from C:\Users\Peter\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2015-12-19 10:20:38)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2546382144-2696063910-1601117367-500 - Administrator - Disabled)
Guest (S-1-5-21-2546382144-2696063910-1601117367-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2546382144-2696063910-1601117367-1002 - Limited - Enabled)
Peter (S-1-5-21-2546382144-2696063910-1601117367-1000 - Administrator - Enabled) => C:\Users\Peter
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated)
CCleaner (HKLM\...\CCleaner) (Version: 5.18 - Piriform)
FINAL FANTASY XIV - A Realm Reborn (HKLM-x32\...\{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.84 - Google Inc.)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
HP Deskjet 3000 J310 series Basic Device Software (HKLM\...\{8D4C9954-7EFA-4BCD-8EA0-E654E7013A40}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Support Assistant (HKLM-x32\...\{78E2C850-ADA6-420D-BA35-2F4A9BE733CC}) (Version: 8.2.8.25 - HP)
HP Support Solutions Framework (HKLM-x32\...\{E2CB09C1-3C76-4395-BB47-50C066535CF8}) (Version: 12.4.18.7 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.2.1000 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.1.41 - Intel Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller Driver 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 368.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 368.22 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.3.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.3.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 368.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 368.22 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.14 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7354 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.3.5 - NVIDIA Corporation) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.4.1 - Tweaking.com)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0FC07478-0A68-4CED-B62C-08B4BD62B52D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {376F4CB7-F942-4C90-B1D1-55B38192A53E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {4CF5C5AF-C1F2-4707-B4B9-89774B049F24} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {4D684C6C-987F-4638-970B-E934968B821F} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {61935A66-4C3C-4B1E-830D-E0BE2FB3CEC2} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {796DF25F-C191-403D-A1DC-10F7405F0A62} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-06-01] (Piriform Ltd)
Task: {80C0404A-C742-4812-A8F2-2A1B08F809CD} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {8B05AC6F-A0CE-4F2A-989C-A9CD1A4EF616} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {A65EC786-C86D-424F-B87E-005763E35891} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-19] (Google Inc.)
Task: {BB3F2C8B-6741-44CD-BDDD-01B433B83857} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {BB5EACAC-FB3A-4A8B-8A8E-585295408474} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {CD74B3B8-8B48-448E-B6A5-FE91E05FF1A0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard)
Task: {CD7C1AC6-193E-46E7-A3E2-8277CC9A7F59} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {CD7E2E2A-606E-462A-9F8E-A1F57F369CED} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-05-04] (Hewlett-Packard)
Task: {EB29E76C-80B4-466B-BBBA-67B48D09EFAB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-19] (Google Inc.)
Task: {F30BCA9C-7ADB-433A-8BC7-862912CBC111} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {F82AAE9A-10B9-41B7-A5EB-DD08E10E4B2F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2015-12-16 01:47 - 2016-05-20 03:11 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-12-16 01:47 - 2014-01-28 04:16 - 00936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
2016-05-26 13:32 - 2016-05-02 06:54 - 00369208 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-05-26 13:32 - 2016-05-02 06:54 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-05-26 13:32 - 2016-05-02 06:55 - 03613240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-05-26 13:32 - 2016-05-02 06:55 - 00289848 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-05-26 13:32 - 2016-05-02 06:55 - 02667576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-05-26 13:32 - 2016-05-02 06:55 - 01990200 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-05-26 13:32 - 2016-05-02 06:55 - 01842232 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-05-26 13:32 - 2016-05-02 06:55 - 00208952 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-05-26 13:32 - 2016-05-02 06:54 - 00035896 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-05-26 13:32 - 2016-05-02 06:54 - 00921656 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2015-12-16 01:47 - 2016-06-15 12:42 - 00034960 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\PEbiosinterface32.dll
2015-12-16 01:47 - 2014-01-28 04:16 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\ATKEX.dll
2016-06-11 16:10 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-06-11 16:10 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-06-11 16:10 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-06-11 16:10 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2016-06-11 16:10 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2016-05-26 13:32 - 2016-05-02 07:02 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2014-04-30 01:23 - 2014-04-30 01:23 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-2546382144-2696063910-1601117367-1000\...\square-enix.com -> hxxps://square-enix.com
IE trusted site: HKU\S-1-5-21-2546382144-2696063910-1601117367-1000\...\square-enix.com -> hxxp://square-enix.com
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2546382144-2696063910-1601117367-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: AdAwareTray => "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.11.898.9090\AdAwareTray.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: SpybotPostWindows10UpgradeReInstall => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{D00B400D-DCA5-4E45-8F3A-8EB27205B1B1}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{542E9AD8-5631-426F-9E3D-15CEC039DF52}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{F6D32CBC-E707-469A-A27F-06B530B92DC1}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe
FirewallRules: [{5990A8BB-9241-43C0-ADBC-DE1855847381}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe
FirewallRules: [{236BD0B2-DCF0-4A7F-A0F4-ADA0A7DCFEE6}] => (Allow) C:\Program Files\HP\HP Deskjet 3000 J310 series\Bin\DeviceSetup.exe
FirewallRules: [{EA7DAC72-153B-4D1C-BFF5-BD6608E2818D}] => (Allow) C:\Program Files\HP\HP Deskjet 3000 J310 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{BD6D2838-A964-4DB3-A41B-FD4E3B5F65D4}] => (Allow) C:\Program Files\HP\HP Deskjet 3000 J310 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{9BCECC0D-4090-4ED4-BC9C-3DB6D0A8C13A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{2E30602A-38D1-4367-AEBE-E77F73DC5BC5}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{C52A9957-A58D-4CF7-852E-4C419C42B7C2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{732FB025-4A5F-47B8-98B8-A99CC753CA7A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{F714D121-6063-4F7E-84CF-7B364F43D9A4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{9CF6B5B9-6548-48FE-9B25-3CF1DB70AA4D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{E7CD3ED0-98C8-4A51-AEA7-AB5B85B337D5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{661D1196-BB9D-4D34-925F-305ACD021C6B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Restore Points =========================
12-06-2016 09:19:21 Windows Update
15-06-2016 10:16:10 Windows Update
15-06-2016 10:58:49 Windows Update
15-06-2016 12:39:09 AA11
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/15/2016 12:42:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/15/2016 12:35:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/15/2016 08:45:03 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/14/2016 08:49:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/13/2016 10:56:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/13/2016 10:28:13 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/13/2016 10:24:50 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/13/2016 07:54:09 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/12/2016 09:08:43 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/11/2016 09:04:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (06/14/2016 08:58:44 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.
Error: (06/09/2016 09:16:56 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.223.1127.0).
Error: (06/09/2016 09:16:46 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.223.1093.0
Update Source: %NT AUTHORITY59
Update Stage: 4.9.0218.00
Source Path: 4.9.0218.01
Signature Type: %NT AUTHORITY602
Update Type: %NT AUTHORITY604
User: NT AUTHORITY\SYSTEM
Current Engine Version: %NT AUTHORITY605
Previous Engine Version: %NT AUTHORITY606
Error code: %NT AUTHORITY607
Error description: %NT AUTHORITY608
Error: (06/06/2016 05:20:44 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.
Error: (06/02/2016 12:44:29 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
An instance of the service is already running.
Error: (06/02/2016 12:43:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
Error: (06/02/2016 12:43:59 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.
Error: (05/26/2016 03:02:11 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.
Error: (05/26/2016 12:25:59 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
An instance of the service is already running.
Error: (05/26/2016 12:25:29 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-4790K CPU @ 4.00GHz
Percentage of memory in use: 27%
Total physical RAM: 16327.05 MB
Available physical RAM: 11820.17 MB
Total Virtual: 32652.28 MB
Available Virtual: 28033.88 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:105.93 GB) (Free:21.55 GB) NTFS
Drive e: () (Fixed) (Total:931.51 GB) (Free:898.87 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: BD913B68)
Partition 1: (Active) - (Size=5.9 GB) - (Type=27)
Partition 2: (Not Active) - (Size=105.9 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 7FC67238)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2016-06-15 13:14:37
-----------------------------
13:14:37.250 OS Version: Windows x64 6.1.7601 Service Pack 1
13:14:37.250 Number of processors: 8 586 0x3C03
13:14:37.250 ComputerName: PETER-PC UserName: Peter
13:14:37.437 Initialize success
13:14:37.437 VM: initialized successfully
13:14:37.437 VM: Intel CPU BiosDisabled
13:16:51.754 AVAST engine defs: 16061500
13:17:09.662 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000064
13:17:09.662 Disk 0 Vendor: KINGSTON SAFM Size: 114473MB BusType: 11
13:17:09.662 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000065
13:17:09.662 Disk 1 Vendor: WDC_____ 01.0 Size: 953869MB BusType: 11
13:17:09.662 Disk 0 MBR read successfully
13:17:09.662 Disk 0 MBR scan
13:17:09.678 Disk 0 Windows 7 default MBR code
13:17:09.678 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 6000 MB offset 2048
13:17:09.678 Disk 0 Boot: NTFS code=1
13:17:09.694 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 108471 MB offset 12290048
13:17:09.725 Disk 0 scanning C:\Windows\system32\drivers
13:17:13.313 Service scanning
13:17:22.798 Modules scanning
13:17:22.798 Disk 0 trace - called modules:
13:17:22.798 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStorF.sys storport.sys hal.dll iaStorA.sys
13:17:22.798 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800d341790]
13:17:22.798 3 CLASSPNP.SYS[fffff8800140143f] -> nt!IofCallDriver -> [0xfffffa800d17aab0]
13:17:22.798 5 iaStorF.sys[fffff88001801f84] -> nt!IofCallDriver -> \Device\00000064[0xfffffa800cc701d0]
13:17:22.985 AVAST engine scan C:\Windows
13:17:23.422 AVAST engine scan C:\Windows\system32
13:18:49.113 AVAST engine scan C:\Windows\system32\drivers
13:18:53.309 AVAST engine scan C:\Users\Peter
13:19:13.901 AVAST engine scan C:\ProgramData
13:19:20.281 Disk 0 statistics 3448795/0/0 @ 77.84 MB/s
13:19:20.281 Scan finished successfully
13:19:27.270 Disk 0 MBR has been saved successfully to "C:\Users\Peter\Desktop\MBR.dat"
13:19:27.286 The log file has been saved successfully to "C:\Users\Peter\Desktop\aswMBR.txt"
Windows 7 advising to use basic graphic settings.
Hi Juliet
Please find following:Fixlog.txt, AdwCleaner [S1], JRT.txt
Kind Regards
Hissy1
Fix result of Farbar Recovery Scan Tool (x64) Version:15-06-2016
Ran by Peter (2016-06-15 18:08:52) Run:1
Running from C:\Users\Peter\Desktop
Loaded Profiles: Peter (Available Profiles: Peter)
Boot Mode: Normal
==============================================
fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2546382144-2696063910-1601117367-1000 -> {815F01B9-B66F-4471-AF07-A4CF73FA1179} URL =
Task: {4CF5C5AF-C1F2-4707-B4B9-89774B049F24} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {4D684C6C-987F-4638-970B-E934968B821F} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {61935A66-4C3C-4B1E-830D-E0BE2FB3CEC2} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {80C0404A-C742-4812-A8F2-2A1B08F809CD} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {BB3F2C8B-6741-44CD-BDDD-01B433B83857} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {BB5EACAC-FB3A-4A8B-8A8E-585295408474} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {F30BCA9C-7ADB-433A-8BC7-862912CBC111} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {F82AAE9A-10B9-41B7-A5EB-DD08E10E4B2F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
EmptyTemp:
End
*****************
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKU\S-1-5-21-2546382144-2696063910-1601117367-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{815F01B9-B66F-4471-AF07-A4CF73FA1179}" => key removed successfully
HKCR\CLSID\{815F01B9-B66F-4471-AF07-A4CF73FA1179} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4CF5C5AF-C1F2-4707-B4B9-89774B049F24}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4CF5C5AF-C1F2-4707-B4B9-89774B049F24}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\rundetector" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4D684C6C-987F-4638-970B-E934968B821F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4D684C6C-987F-4638-970B-E934968B821F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{61935A66-4C3C-4B1E-830D-E0BE2FB3CEC2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{61935A66-4C3C-4B1E-830D-E0BE2FB3CEC2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{80C0404A-C742-4812-A8F2-2A1B08F809CD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{80C0404A-C742-4812-A8F2-2A1B08F809CD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BB3F2C8B-6741-44CD-BDDD-01B433B83857}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BB3F2C8B-6741-44CD-BDDD-01B433B83857}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BB5EACAC-FB3A-4A8B-8A8E-585295408474}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BB5EACAC-FB3A-4A8B-8A8E-585295408474}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F30BCA9C-7ADB-433A-8BC7-862912CBC111}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F30BCA9C-7ADB-433A-8BC7-862912CBC111}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F82AAE9A-10B9-41B7-A5EB-DD08E10E4B2F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F82AAE9A-10B9-41B7-A5EB-DD08E10E4B2F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
EmptyTemp: => 523.1 MB temporary data Removed.
The system needed a reboot.
==== End of Fixlog 18:08:59 ====
AdwCleaner S1.txt
# AdwCleaner v5.200 - Logfile created 15/06/2016 at 18:10:52
# Updated 14/06/2016 by ToolsLib
# Database : 2016-06-15.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Peter - PETER-PC
# Running from : C:\Users\Peter\Desktop\AdwCleaner.exe
# Option : Scan
# Support : https://toolslib.net/forum
***** [ Services ] *****
***** [ Folders ] *****
***** [ Files ] *****
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
***** [ Registry ] *****
Key Found : HKCU\Software\AppDataLow\Software\adawarebp
Key Found : HKU\S-1-5-21-2546382144-2696063910-1601117367-1000\Software\AppDataLow\Software\adawarebp
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{815F01B9-B66F-4471-AF07-A4CF73FA1179}
Data Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - {815F01B9-B66F-4471-AF07-A4CF73FA1179}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{815F01B9-B66F-4471-AF07-A4CF73FA1179}
Data Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - {815F01B9-B66F-4471-AF07-A4CF73FA1179}
***** [ Web browsers ] *****
[C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : uk.ask.com
*************************
C:\AdwCleaner\AdwCleaner[S1].txt - [1379 bytes] - [15/06/2016 18:10:52]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1452 bytes] ##########
JRT.txt
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 7 Home Premium x64
Ran by Peter (Administrator) on 15/06/2016 at 20:22:21.16
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 8
Successfully deleted: C:\Users\Peter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0N5R8GYI (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Peter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M6VVV9OB (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Peter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TXDCJQ6Q (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Peter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XXOKP1IP (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0N5R8GYI (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M6VVV9OB (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TXDCJQ6Q (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XXOKP1IP (Temporary Internet Files Folder)
Registry: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15/06/2016 at 20:23:03.03
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Windows 7 advising to use basic graphic settings.
Hi Juliet
I have ran Adwcleaner again as instructed. I d/l Malware Anti-Malware setup and installed and ran program. I followed your instructions and exported and copied results to clipboard. I have a couple of question for you. How do I access Windows 7 clipboard to retrieve so I can copy and paste in my reply? and which are the two files you want in reply, Adaware log and Malwarebytes log? Sorry for my confusion.
Kind Regards
Hissy1
Windows 7 advising to use basic graphic settings.
Hi Juliet
I think I have managed to get the two logs you wanted although saved in Notepad. Hard to tell yet just how PC is performing:-
Kind Regards
Hissy1
# AdwCleaner v5.200 - Logfile created 16/06/2016 at 09:55:42
# Updated 14/06/2016 by ToolsLib
# Database : 2016-06-15.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Peter - PETER-PC
# Running from : C:\Users\Peter\Desktop\AdwCleaner.exe
# Option : Clean
# Support : https://toolslib.net/forum
***** [ Services ] *****
***** [ Folders ] *****
***** [ Files ] *****
***** [ DLLs ] *****
***** [ WMI ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
***** [ Registry ] *****
***** [ Web browsers ] *****
[-] [C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : uk.ask.com
*************************
:: "Tracing" keys deleted
:: Winsock settings cleared
*************************
C:\AdwCleaner\AdwCleaner[C1].txt - [1554 bytes] - [15/06/2016 18:15:03]
C:\AdwCleaner\AdwCleaner[C2].txt - [1288 bytes] - [16/06/2016 07:52:02]
C:\AdwCleaner\AdwCleaner[C3].txt - [992 bytes] - [16/06/2016 09:55:42]
C:\AdwCleaner\AdwCleaner[S1].txt - [1539 bytes] - [15/06/2016 18:10:52]
C:\AdwCleaner\AdwCleaner[S2].txt - [937 bytes] - [15/06/2016 20:11:57]
C:\AdwCleaner\AdwCleaner[S3].txt - [1120 bytes] - [16/06/2016 07:51:01]
C:\AdwCleaner\AdwCleaner[S4].txt - [1267 bytes] - [16/06/2016 09:55:19]
########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [1355 bytes] ##########
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 16/06/2016
Scan Time: 09:57
Logfile: Scanning History Log.txt
Administrator: Yes
Version: 2.2.1.1043
Malware Database: v2016.06.16.01
Rootkit Database: v2016.05.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Peter
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 273539
Time Elapsed: 2 min, 15 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
Windows 7 advising to use basic graphic settings.
Hi Juliet
Please find Eset Scan results
Kind Regards
Hissy1
MyEsetScan
C:\Users\Peter\Downloads\ccsetup512.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Peter\Downloads\ccsetup518.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application