Jump to content

Slow CPU and Chrome is hijacked


Recommended Posts

Malwarebytes is not resolving the issue (like it has in the past). Here are my logs. I uninstalled chrome for the mean time. The computer is running slow all together, when not in safe mode cpu is 50 to 100.

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-03-2017
Ran by Sherry (18-03-2017 08:47:26)
Running from C:\Users\Sherry\Downloads
Microsoft® Windows Vista™ Business  Service Pack 2 (X86) (2013-09-17 18:31:17)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-721660632-1228938937-4001266050-500 - Administrator - Disabled)
Guest (S-1-5-21-721660632-1228938937-4001266050-501 - Limited - Disabled)
Sherry (S-1-5-21-721660632-1228938937-4001266050-1000 - Administrator - Enabled) => C:\Users\Sherry

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adblock Plus for IE (32-bit) (HKLM\...\{E93152F1-E3AE-4B2A-9BAC-F770203F67E5}) (Version: 1.5 - Eyeo GmbH)
Adobe Reader 9.5.0 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.0 - Adobe Systems Incorporated)
AVS Video Editor 7.1 (HKLM\...\AVS Video Editor_is1) (Version: 7.1.4.264 - Online Media Technologies Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 5.28 - Piriform)
Chromium (HKU\.DEFAULT\...\Chromium) (Version: 46.0.2480.0 - Chromium)
Dell Resource CD (HKLM\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Dell Inc.)
Dolphin (HKLM\...\Dolphin) (Version: 4.0.2 - Dolphin Development Team)
FL Studio 9 (HKLM\...\FL Studio 9) (Version:  - Image-Line)
Free RAR Extract Frog (HKLM\...\Free RAR Extract Frog) (Version: 5.20 - Philipp Winterberg)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Gpg4win (2.3.2) (HKLM\...\GPG4Win) (Version: 2.3.2 - The Gpg4win Project)
Hardcore (HKLM\...\Hardcore) (Version:  - Image-Line)
IL Download Manager (HKLM\...\IL Download Manager) (Version:  - Image-Line)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.266.3 - McAfee, Inc.)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Reader (HKLM\...\{B6F7DBE7-2FE2-458F-A738-B10832746036}) (Version:  - )
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
MP3 To WAV Decoder version 1.0 r2 (HKLM\...\{05B3E767-B182-4279-A35A-A56810C77CFD}_is1) (Version: 1.0 r2 - )
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.3 - NVIDIA Corporation)
NVIDIA nView Desktop Manager (HKLM\...\nView Desktop Manager) (Version:  - )
NVIDIA Performance Drivers (HKLM\...\{4C0A8D65-4286-4B58-87FE-18AD24289285}) (Version: 1.0.0.2 - NVIDIA Corporation)
NVIDIA Performance Drivers (HKLM\...\{71807498-D8E2-41C6-84CD-8ED7A076B6EC}) (Version: 1.0.0.1 - NVIDIA Corporation)
Pdfedit (HKLM\...\{6C11089A-E23F-4E9B-B12C-316BF1A4376B}) (Version: 4.5.0.0 - PdfEdit team)
PoiZone (HKLM\...\PoiZone) (Version:  - Image-Line)
Sawer (HKLM\...\Sawer) (Version:  - Image-Line)
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.1.5491 - Analog Devices)
Spotify (HKU\S-1-5-21-721660632-1228938937-4001266050-1000\...\Spotify) (Version: 1.0.24.104.g92a22684 - Spotify AB)
StrongVPN Client (HKLM\...\{6EB6293C-9286-4981-8672-956E1A92F33B}_is1) (Version: 1.6.1 - Strong Technology, LLC)
Tixati (HKLM\...\tixati) (Version:  - )
Toxic Biohazard (HKLM\...\Toxic Biohazard) (Version:  - Image-Line)
VidCoder 1.5.34 (x86) (HKLM\...\VidCoder_is1) (Version: 1.5.34 - RandomEngy)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-721660632-1228938937-4001266050-1000_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-721660632-1228938937-4001266050-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-721660632-1228938937-4001266050-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-721660632-1228938937-4001266050-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-721660632-1228938937-4001266050-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-721660632-1228938937-4001266050-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-721660632-1228938937-4001266050-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-721660632-1228938937-4001266050-1000_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-721660632-1228938937-4001266050-1000_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-721660632-1228938937-4001266050-1000_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-721660632-1228938937-4001266050-1000_Classes\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-721660632-1228938937-4001266050-1000_Classes\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-721660632-1228938937-4001266050-1000_Classes\CLSID\{38911D8E-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-721660632-1228938937-4001266050-1000_Classes\CLSID\{38911D90-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-721660632-1228938937-4001266050-1000_Classes\CLSID\{38911D92-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-721660632-1228938937-4001266050-1000_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-721660632-1228938937-4001266050-1000_Classes\CLSID\{586A6352-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-721660632-1228938937-4001266050-1000_Classes\CLSID\{586A6353-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-721660632-1228938937-4001266050-1000_Classes\CLSID\{586A6354-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-721660632-1228938937-4001266050-1000_Classes\CLSID\{586A6355-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-721660632-1228938937-4001266050-1000_Classes\CLSID\{586A6356-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-721660632-1228938937-4001266050-1000_Classes\CLSID\{586A6357-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-721660632-1228938937-4001266050-1000_Classes\CLSID\{586A6359-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-721660632-1228938937-4001266050-1000_Classes\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-721660632-1228938937-4001266050-1000_Classes\CLSID\{B09DE715-87C1-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-721660632-1228938937-4001266050-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-721660632-1228938937-4001266050-1000_Classes\CLSID\{FE38753A-44A3-11D1-B5B7-0000C09000C4}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0CAB7B68-718C-40E0-B83B-89DDF7007DC8} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
Task: {4CCCD541-E3F2-4A03-9597-59A7C2BB06BE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-03-03] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Sherry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\FL Studio 9\Additional\SynthMaker website.lnk -> hxxp://www.synthmaker.co.uk

==================== Loaded Modules (Whitelisted) ==============

2016-07-05 06:50 - 2016-07-05 06:50 - 00216576 _____ () C:\Program Files\GNU\GnuPG\dirmngr.exe
2016-07-05 06:38 - 2016-07-05 06:38 - 00222720 _____ () C:\Program Files\GNU\GnuPG\libksba-8.dll
2016-07-05 06:32 - 2016-07-05 06:32 - 00103424 _____ () C:\Program Files\GNU\GnuPG\libgpg-error-0.dll
2016-07-05 06:27 - 2016-07-05 06:27 - 00050176 _____ () C:\Program Files\GNU\GnuPG\libw32pth-0.dll
2016-07-05 06:38 - 2016-07-05 06:38 - 00073728 _____ () C:\Program Files\GNU\GnuPG\libassuan-0.dll
2016-07-05 06:41 - 2016-07-05 06:41 - 00750592 _____ () C:\Program Files\GNU\GnuPG\libgcrypt-20.dll
2008-12-11 07:08 - 2008-12-11 07:08 - 03575808 _____ () C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
2009-01-18 16:50 - 2009-01-18 16:50 - 00417792 _____ () C:\Program Files\Adobe\Reader 9.0\Reader\adobexmp.dll
2007-11-16 17:02 - 2007-11-16 17:02 - 00401408 ____R () C:\Program Files\Adobe\Reader 9.0\Reader\cryptocme2.dll
2007-11-16 17:02 - 2007-11-16 17:02 - 00479232 ____R () C:\Program Files\Adobe\Reader 9.0\Reader\ccme_base.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Sherry\Desktop\01-Lyte-Who_The_censored_is_Lyte.mp3:TOC.WMV [130]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 06:23 - 2015-11-14 02:19 - 00000795 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost
0.0.0.1 mssplus.mcafee.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-721660632-1228938937-4001266050-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Sherry\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [SLSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\slsvc.exe
FirewallRules: [SLSVC-In-TCP] => (Allow) %SystemRoot%\system32\slsvc.exe
FirewallRules: [{BC4AE8CA-AA84-4DEA-820B-C74BD8716170}] => (Allow) LPort=80
FirewallRules: [{9FC0ED89-9E56-4C4B-9E89-5E8E3F32C37E}] => (Allow) LPort=80
FirewallRules: [{5AFEDC6C-0116-414B-9C09-B69D20BC979F}] => (Allow) LPort=80
FirewallRules: [{31B320F5-09DE-4E19-B4E0-B5DE8EA04C22}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [TCP Query User{4C93172B-742D-44C4-8AA9-13A1F79F8BAE}C:\users\sherry\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\sherry\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{C32A760E-2875-4AF1-BBAB-E75EF6C39630}C:\users\sherry\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\sherry\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{6B0E83F3-A88B-4CE8-996C-0479B2CAFFE5}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [UDP Query User{1F615E46-C766-4486-BF18-47520E9FC3B0}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [TCP Query User{9232BA41-0D0E-48B5-A7BD-A6D481196D36}C:\users\sherry\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\sherry\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{3F01B2DB-828C-482A-8C13-F72340D60B99}C:\users\sherry\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\sherry\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{50A86734-0ADF-41E3-BF9C-E030879624BA}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [UDP Query User{D974A020-BFE4-420E-AB63-27DA757D1084}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [{E50747FC-893D-4E28-B135-6CECEEA2EFBC}] => (Allow) C:\Users\Sherry\AppData\Local\Chromium\Application\chrome.exe

==================== Restore Points =========================

06-03-2017 03:44:56 Scheduled Checkpoint
07-03-2017 01:03:13 Scheduled Checkpoint
07-03-2017 03:09:13 Windows Update
09-03-2017 18:33:47 Scheduled Checkpoint
10-03-2017 04:59:58 Windows Update
11-03-2017 02:59:46 Scheduled Checkpoint
11-03-2017 20:53:19 Scheduled Checkpoint
12-03-2017 21:46:54 Scheduled Checkpoint
13-03-2017 13:41:27 Scheduled Checkpoint
14-03-2017 02:12:28 Scheduled Checkpoint
14-03-2017 02:22:22 Windows Update
14-03-2017 14:23:39 Scheduled Checkpoint
18-03-2017 02:15:42 Windows Update
18-03-2017 06:26:25 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/18/2017 07:49:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/18/2017 07:49:50 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\Dolphin\Dolphin.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/18/2017 07:18:43 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/18/2017 07:18:23 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\Dolphin\Dolphin.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/18/2017 07:01:02 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "PNRPsvc" in DLL "C:\Windows\system32\pnrpperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (03/18/2017 07:01:01 AM) (Source: Perflib) (EventID: 1010) (User: )
Description: The Collect Procedure for the "EmdCache" service in DLL "C:\Windows\system32\emdmgmt.dll" generated an exception or returned an invalid status. The performance data returned by the counter DLL will not be returned in the Perf Data Block. The first four bytes (DWORD) of the Data section contains the exception code or status code.

Error: (03/18/2017 06:36:16 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\Dolphin\Dolphin.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/18/2017 06:36:16 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\Dolphin\Dolphin.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/18/2017 06:36:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/18/2017 06:33:32 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\SHERRY\DESKTOP\MBAR\LANGUAGES\ENGLISH.LNG> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)


System errors:
=============
Error: (03/18/2017 07:47:23 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (03/18/2017 06:31:16 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (03/18/2017 06:31:15 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (03/18/2017 06:31:15 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Performance Driver Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (03/18/2017 06:31:15 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The DirMngr service terminated unexpectedly.  It has done this 1 time(s).

Error: (03/18/2017 06:31:15 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (03/18/2017 06:31:15 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Software Licensing service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (03/18/2017 06:31:15 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (03/18/2017 05:08:24 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (03/13/2017 03:00:15 PM) (Source: RasSstp) (EventID: 1) (User: )
Description: The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again.

The semaphore timeout period has expired.


CodeIntegrity:
===================================
  Date: 2017-03-18 08:16:54.817
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2017-03-18 08:16:54.317
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2017-03-18 08:16:54.049
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2017-03-18 08:16:53.656
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2017-03-18 08:16:53.297
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2017-03-18 08:16:52.827
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2017-03-18 07:48:47.151
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2017-03-18 07:18:03.372
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2017-03-18 06:35:38.109
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2017-03-18 06:01:41.598
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU E7300 @ 2.66GHz
Percentage of memory in use: 45%
Total physical RAM: 3324.71 MB
Available physical RAM: 1796.83 MB
Total Virtual: 6890.42 MB
Available Virtual: 5309.71 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:148.95 GB) (Free:23.2 GB) NTFS ==>[drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149 GB) (Disk ID: 83678367)
Partition 1: (Not Active) - (Size=63 MB) - (Type=DE)
Partition 2: (Active) - (Size=148.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-03-2017
Ran by Sherry (administrator) on SHERRY-PC (18-03-2017 08:47:06)
Running from C:\Users\Sherry\Downloads
Loaded Profiles: Sherry (Available Profiles: Sherry)
Platform: Microsoft® Windows Vista™ Business  Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files\GNU\GnuPG\dirmngr.exe
() C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Spotify Ltd) C:\Users\Sherry\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [nwiz] => nwiz.exe /install
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2012-01-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1282048 2007-08-01] (Analog Devices, Inc.)
HKU\S-1-5-21-721660632-1228938937-4001266050-1000\...\Run: [Spotify Web Helper] => C:\Users\Sherry\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1524848 2016-04-28] (Spotify Ltd)
HKU\S-1-5-21-721660632-1228938937-4001266050-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-721660632-1228938937-4001266050-1000\...\Run: [Spotify] => C:\Users\Sherry\AppData\Roaming\Spotify\Spotify.exe [6754928 2016-04-28] (Spotify Ltd)
HKU\S-1-5-21-721660632-1228938937-4001266050-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [7348440 2017-03-03] (Piriform Ltd)
HKU\S-1-5-21-721660632-1228938937-4001266050-1000\...\MountPoints2: {127e57a3-1fe0-11e3-a043-806e6f6e6963} - D:\autoRcd.exe
HKU\S-1-5-18\...\Run: [] => [X]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-11-14]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{12C2B74A-1492-4C27-BF9E-B45B99CE4124}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{6BC71AA0-542B-4FF6-BEA5-C7D8A1A5C4FE}: [NameServer] 199.127.248.21 199.127.248.22
Tcpip\..\Interfaces\{B16FDDBA-70F9-4548-B441-BA521E1AF8FE}: [DhcpNameServer] 68.68.32.123 207.204.224.10

Internet Explorer:
==================
HKU\S-1-5-21-721660632-1228938937-4001266050-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-721660632-1228938937-4001266050-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03] (Adobe Systems Incorporated)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-09-18] [not signed]
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2012-01-03] (Adobe Systems Inc.)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 DirMngr; C:\Program Files\GNU\GnuPG\dirmngr.exe [216576 2016-07-05] () [File not signed]
S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 NVIDIA Performance Driver Service; C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [3575808 2008-12-11] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24448 2016-03-10] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [53120 2016-03-10] (Malwarebytes Corporation)
R3 tapstrong; C:\Windows\System32\DRIVERS\tapstrong.sys [31128 2016-03-09] (The OpenVPN Project)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-18 08:47 - 2017-03-18 08:47 - 00007645 _____ C:\Users\Sherry\Downloads\FRST.txt
2017-03-18 08:47 - 2017-03-18 08:47 - 00000000 ____D C:\FRST
2017-03-18 07:48 - 2017-03-18 07:48 - 00000022 _____ C:\Windows\S.dirmngr
2017-03-18 07:46 - 2017-03-18 07:46 - 00000000 _____ C:\Users\Sherry\defogger_reenable
2017-03-18 07:44 - 2017-03-18 07:44 - 00050477 _____ C:\Users\Sherry\Desktop\Defogger.exe
2017-03-18 07:12 - 2017-03-18 07:12 - 00057890 _____ C:\Users\Sherry\Documents\cc_20170318_071219.reg
2017-03-18 07:01 - 2017-03-18 07:01 - 00000804 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-03-18 07:01 - 2017-03-18 07:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-03-18 07:01 - 2017-03-18 07:01 - 00000000 ____D C:\Program Files\CCleaner
2017-03-18 06:59 - 2017-03-18 07:01 - 09274608 _____ (Piriform Ltd) C:\Users\Sherry\Downloads\ccsetup528.exe
2017-03-18 06:56 - 2017-03-18 06:56 - 00000000 ____D C:\ProgramData\WindowsSearch
2017-03-18 06:29 - 2017-03-18 06:33 - 00000000 ____D C:\AdwCleaner
2017-03-18 06:28 - 2017-03-18 06:28 - 00003647 _____ C:\Users\Sherry\Desktop\JRT.txt
2017-03-18 06:17 - 2017-03-18 06:26 - 01663904 _____ (Malwarebytes) C:\Users\Sherry\Downloads\JRT.exe
2017-03-18 06:16 - 2017-03-18 06:29 - 04031440 _____ C:\Users\Sherry\Downloads\AdwCleaner.exe
2017-03-18 06:14 - 2017-03-18 06:14 - 01766912 _____ (Farbar) C:\Users\Sherry\Downloads\FRST.exe
2017-03-18 06:12 - 2017-03-18 06:12 - 48459472 _____ (Microsoft Corporation) C:\Users\Sherry\Downloads\Windows-KB890830-V5.46.exe
2017-03-18 05:28 - 2017-03-18 06:12 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-03-18 05:26 - 2017-03-18 08:16 - 00000000 ____D C:\Users\Sherry\Desktop\mbar
2017-03-18 05:25 - 2017-03-18 05:25 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Sherry\Desktop\mbar-1.09.3.1001.exe
2017-03-16 14:03 - 2017-03-16 14:03 - 00001674 _____ C:\Users\Public\Desktop\Microsoft Reader.lnk
2017-03-16 14:03 - 2017-03-16 14:03 - 00000655 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Reader.lnk
2017-03-16 14:03 - 2017-03-16 14:03 - 00000000 ____D C:\Program Files\Microsoft Reader
2017-03-16 14:03 - 2003-06-05 17:15 - 00057436 _____ (Microsoft Corporation) C:\Windows\DASShp.dll
2017-03-16 14:00 - 2017-03-16 14:00 - 03759800 _____ (Microsoft Corporation) C:\Users\Sherry\Downloads\MSReaderSetupUSA.exe
2017-03-16 13:57 - 2017-03-16 13:57 - 00000000 ____D C:\Users\Sherry\Downloads\tomdobebook
2017-03-16 13:56 - 2017-03-16 13:57 - 00950325 _____ C:\Users\Sherry\Downloads\tomdobebook.rar
2017-03-02 20:00 - 2017-03-02 20:00 - 00000104 _____ C:\Users\Sherry\Desktop\Internet - Shortcut.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-18 08:16 - 2014-10-24 01:29 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2017-03-18 07:55 - 2014-08-18 13:17 - 00000000 ____D C:\Users\Sherry\AppData\Roaming\Spotify
2017-03-18 07:55 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\inf
2017-03-18 07:55 - 2006-11-02 06:33 - 00758862 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-18 07:50 - 2014-10-24 01:29 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-03-18 07:50 - 2014-08-18 13:18 - 00000000 ____D C:\Users\Sherry\AppData\Local\Spotify
2017-03-18 07:48 - 2006-11-02 09:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-18 07:48 - 2006-11-02 08:47 - 00003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-18 07:48 - 2006-11-02 08:47 - 00003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-18 07:47 - 2006-11-02 09:01 - 00032622 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-03-18 07:46 - 2013-09-17 14:35 - 00000000 ____D C:\Users\Sherry
2017-03-18 07:05 - 2015-01-20 22:24 - 00000000 ____D C:\Windows\Minidump
2017-03-18 07:05 - 2013-09-17 18:28 - 00000000 ____D C:\Windows\Panther
2017-03-18 06:37 - 2006-11-02 06:24 - 135706696 ____C (Microsoft Corporation) C:\Windows\system32\mrt.exe
2017-03-18 06:11 - 2016-05-13 18:07 - 00000000 ____D C:\Users\Sherry\AppData\LocalLow\Adblock Plus for IE
2017-03-18 05:37 - 2013-10-07 18:40 - 00000000 ____D C:\Program Files\Google
2017-03-18 05:08 - 2013-10-07 18:39 - 00000000 ____D C:\Users\Sherry\AppData\Local\Google
2017-03-18 04:51 - 2014-10-24 01:29 - 00000899 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2017-03-18 04:51 - 2014-10-24 01:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2017-03-18 04:51 - 2014-10-24 01:29 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2017-03-18 00:58 - 2016-05-13 09:53 - 00000000 ____D C:\Users\Sherry\AppData\Roaming\.strongvpn
2017-03-17 00:26 - 2015-12-13 17:18 - 00000000 ____D C:\Users\Sherry\AppData\Roaming\gnupg
2017-03-16 16:28 - 2006-11-02 08:47 - 00240256 _____ C:\Windows\system32\FNTCACHE.DAT
2017-03-16 15:51 - 2013-09-17 14:36 - 00051672 _____ C:\Users\Sherry\AppData\Local\GDIPFONTCACHEV1.DAT
2017-03-16 14:03 - 2013-09-17 16:34 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2017-03-16 14:03 - 2006-11-02 07:18 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-03-16 14:00 - 2013-09-17 15:36 - 00000000 ____D C:\Program Files\Common Files\InstallShield
2017-03-01 22:41 - 2014-10-23 12:12 - 00000000 ____D C:\Users\Sherry\AppData\Roaming\tixati
2017-03-01 22:40 - 2014-11-21 14:27 - 00040448 _____ C:\Users\Sherry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-03-01 22:27 - 2015-04-02 10:58 - 00000000 ____D C:\Users\Sherry\Desktop\str8jaket
2017-03-01 22:26 - 2014-11-18 04:03 - 00000000 ____D C:\Users\Sherry\AppData\Roaming\vlc
2017-02-28 16:25 - 2015-07-12 21:04 - 00000000 ____D C:\Super Nintendo
2017-02-23 04:04 - 2013-09-18 09:47 - 00000000 ____D C:\Windows\system32\MRT

==================== Files in the root of some directories =======

2013-09-17 14:35 - 2013-10-07 18:21 - 0001356 _____ () C:\Users\Sherry\AppData\Local\d3d9caps.dat
2014-11-21 14:27 - 2017-03-01 22:40 - 0040448 _____ () C:\Users\Sherry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-08 19:52 - 2014-04-08 19:52 - 1278256 _____ (SC Labs) C:\Users\Sherry\AppData\Local\lLivelooknet.exe
2014-04-08 19:53 - 2014-04-08 19:53 - 0114688 _____ () C:\Users\Sherry\AppData\Local\wperfenhancer.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-18 07:58

==================== End of FRST.txt ============================

 

Edited by BobBarker
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.