Solved Unknown virus

M

max kragen

New member
Local time
10:28 AM
Messages
10
Hi. I don't know much about this stuff but I do know something is wrong. The three screenshots provided will give you an example of what is currently happening on my computer. The highlighted items in red are embedded on these pages and others and after running multiple malware and antivirus programs, the problem remains. Yes, I am guilty of running torrent sessions with utorrent but have now uninstalled and will never do it again. Thank you for any and all help.
 

Attachments

  • sample1.jpg
    sample1.jpg
    91.2 KB · Views: 3
  • sample2.jpg
    sample2.jpg
    152.8 KB · Views: 4
  • sample3.jpg
    sample3.jpg
    83.6 KB · Views: 4

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
HP
OS
Win7 x64
CPU
Intel Core 2 Duo E8400 @ 3ghz Wolfdale 45nm Technology
Motherboard
Hewlett-Packard 3647h (XU1 PROCESSOR)
Memory
6.00GB Dual-Channel DDR3 @ 532MHz (7-7-7-20)
Graphics Card(s)
DX-32L221A12 (1360x768@60Hz) 2048MB ATI AMD Radeon R9 360 (M
Hard Drives
WDC WD1600YS-18SHB2 ATA Device
Manufacturer Western Digital
Heads 16
Cylinders 19,452
Tracks 4,960,260
Sectors 312,496,380
SATA type SATA-II 3.0Gb/s
Device type Fixed
ATA Standard ATA/ATAPI-7
Serial Number WD-WCAP03381609
Firmware
Antivirus
Malwarebytes, Spywareblaster, Hitman Pro, Super AntiSpyware
Browser
Chrome
So what is it that you are concerned about?
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Dell
OS
Linux Mint 18.2 xfce 64-bit (VMWare host) / Windows 8.1 Pro 32-bit (VMWare guest)
CPU
Haswell
Memory
4 GB
Monitor(s) Displays
Acer 23"
Screen Resolution
1920 x 1080
Hard Drives
Two hard drives, 1TB each: One for Linux, one for my data.
Keyboard
IBM Model M
Antivirus
Sophos (Linux), Trend Micro (Windows)
Browser
Firefox, Opera
Other Info
I use Samba to share my data drive with the other computers at my house and with my guest session in VMWare Workstation Player.
Please download and save FRST 64bit or FRST 32 bit to your Desktop.

http://download.bleepingcomputer.com/farbar/FRST.exe

http://download.bleepingcomputer.com/farbar/FRST64.exe

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Make sure that Addition option is checked.
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back .
The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe).
 

My Computer

Computer type
PC/Desktop
OS
win 8 32 bit
sumeri Don't mean to sound rude because I do appreciate you trying to help but that program pulled a lot of personal info to be posting to a public board. Is there another way?
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
HP
OS
Win7 x64
CPU
Intel Core 2 Duo E8400 @ 3ghz Wolfdale 45nm Technology
Motherboard
Hewlett-Packard 3647h (XU1 PROCESSOR)
Memory
6.00GB Dual-Channel DDR3 @ 532MHz (7-7-7-20)
Graphics Card(s)
DX-32L221A12 (1360x768@60Hz) 2048MB ATI AMD Radeon R9 360 (M
Hard Drives
WDC WD1600YS-18SHB2 ATA Device
Manufacturer Western Digital
Heads 16
Cylinders 19,452
Tracks 4,960,260
Sectors 312,496,380
SATA type SATA-II 3.0Gb/s
Device type Fixed
ATA Standard ATA/ATAPI-7
Serial Number WD-WCAP03381609
Firmware
Antivirus
Malwarebytes, Spywareblaster, Hitman Pro, Super AntiSpyware
Browser
Chrome
Ita the top test to find virus and used by most groups
 

My Computer

Computer type
PC/Desktop
OS
win 8 32 bit
I'm ok now, I replaced personal info with 'x'. Sorry for the delay, here it is but I have to do it in two posts because it is too long.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-07-2017
Ran by Owner (administrator) on xxxxxx-PC (27-07-2017 18:37:32)
Running from C:\Users\Owner\Downloads
Loaded Profiles: Owner (Available Profiles: Owner & Twins & Administrator)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [GwxControlPanelMonitor] => C:\Users\Owner\Documents\GWX_control_panel.exe [4559944 2016-02-11] (UltimateOutsider)
HKLM\...\Run: [MouseDriver] => C:\windows\system32\TiltWheelMouse.exe [241152 2012-12-19] (Pixart Imaging Inc)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-12] (Oracle Corporation)
HKU\S-1-5-21-217011151-2072011241-3863041349-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-217011151-2072011241-3863041349-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-217011151-2072011241-3863041349-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-217011151-2072011241-3863041349-1001\...\MountPoints2: {ae9ca562-1bc8-11e7-80ef-f4ce462c004a} - E:\LG_PC_Programs.exe
GroupPolicy: Restriction - Chrome <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
GroupPolicyUsers\S-1-5-21-217011151-2072011241-3863041349-1004\User: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 75.75.76.76 75.75.76.76
Tcpip\..\Interfaces\{503FDFFA-D982-4EFB-B7A2-850941419CBC}: [DhcpNameServer] 75.75.75.75 75.75.76.76 75.75.76.76 75.75.76.76

Internet Explorer:
==================
HKU\S-1-5-21-217011151-2072011241-3863041349-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.accuweather.com/en/us/xxxxxxxxxxxxxxxxxxxx/weather-forecast/328763
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_141\bin\ssv.dll [2017-07-25] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-07-02] (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_141\bin\jp2ssv.dll [2017-07-25] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-07-02] (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\ssv.dll [2017-07-25] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-07-02] (Adobe Systems Incorporated)
BHO-x32: iSkysoft iMedia Converter Deluxe 5.1.0 -> {AEAF002F-E6D8-4A21-ABD3-2B309B79A6CE} -> C:\ProgramData\iSkysoft\Video Converter Ultimate\WSBrowserAppMgr.dll [2016-08-18] (Wondershare)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\jp2ssv.dll [2017-07-25] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-07-02] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-07-02] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-07-02] (Adobe Systems Incorporated)
Handler: WSISVCUchrome - {78A543EB-3A61-4ED3 - No File

FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat DC - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2017-07-20]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Ginger\Mozilla\[email protected]
FF Extension: (Ginger) - C:\Program Files (x86)\Ginger\Mozilla\[email protected] [2017-07-21] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\ProgramData\iSkysoft\Video Converter Ultimate\[email protected]_xpi
FF Extension: (iSkysoft iMedia Converter Deluxe) - C:\ProgramData\iSkysoft\Video Converter Ultimate\[email protected]_xpi [2017-07-23]
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_21_0_0_197.dll [2016-04-12] ()
FF Plugin: @java.com/DTPlugin,version=11.141.2 -> C:\Program Files\Java\jre1.8.0_141\bin\dtplugin\npDeployJava1.dll [2017-07-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.141.2 -> C:\Program Files\Java\jre1.8.0_141\bin\plugin2\npjp2.dll [2017-07-25] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_197.dll [2016-04-12] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.141.2 -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\dtplugin\npDeployJava1.dll [2017-07-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.141.2 -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\plugin2\npjp2.dll [2017-07-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2017-07-02] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-217011151-2072011241-3863041349-1001: gingersoftware.com/gingerPlugin -> C:\Program Files (x86)\Ginger\GingerServices\GingerServicesProxy.dll [2016-12-22] (Ginger Software)

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.accuweather.com/en/us/xxxxxxxxxxxxxxxxxxxx/weather-forecast/328763"
CHR NewTab: Default -> Not-active:"chrome-extension://bemcnncgpajfnogocmhahokbmkecgdlb/redirect.html", Not-active:"chrome-extension://kellhjpbhbklbappamhkdibfdookjaki/index.html", Not-active:"chrome-extension://miocdidnaandmhoncmppenehgcaiachi/newtab/newtab.html"
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default [2017-07-27]
CHR Extension: (Google Slides) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-06-08]
CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-08]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-08]
CHR Extension: (NewtabTV) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bemcnncgpajfnogocmhahokbmkecgdlb [2017-07-26]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-08]
CHR Extension: (Adblock Plus) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-07-12]
CHR Extension: (ICE Quick Stream) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpioikmjnfipgphjldakcaocbbpnfabl [2017-05-31]
CHR Extension: (Adobe Acrobat) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-03]
CHR Extension: (Spotflux Lite) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcakbkpmlidimpglgiaclbpgbedlmpfl [2017-07-23]
CHR Extension: (Google Sheets) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-08]
CHR Extension: (Full Screen Weather) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg [2016-06-09]
CHR Extension: (VideoCast (VLC/Chromecast)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gclhodkofgoighinmongpkpncdpalejb [2016-06-09]
CHR Extension: (Google Docs Offline) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-09]
CHR Extension: (Default) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kellhjpbhbklbappamhkdibfdookjaki [2017-07-26]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-04-09]
CHR Extension: (Dawn) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgepljiacclppkjddmfbhappionalhij [2016-07-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-08]
CHR Extension: (Chrome Media Router) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-13]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-217011151-2072011241-3863041349-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1517576 2017-03-20] ()
S2 GingerUpdateService; C:\Program Files (x86)\Ginger\GingerUpdateService\GingerUpdateService.exe [527872 2016-12-22] (Ginger Software) [File not signed]
S2 Intel(R) PROSet Monitoring Service; C:\windows\system32\IProsetMonitor.exe [505856 2017-02-10] (Intel Corporation) [File not signed]
S3 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2016-08-26] (Popcorn Time) [File not signed]
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\windows\System32\drivers\amdkmpfd.sys [31872 2012-02-02] (Advanced Micro Devices, Inc.)
R1 GizmoDrv; C:\Windows\System32\Drivers\GizmoDrv.sys [34704 2016-06-15] (Arainia Solutions LLC)
S3 MxEFLF; C:\windows\system32\drivers\MxEFLF64.sys [116224 2011-08-16] (Matrox Graphics Inc.)
S3 MxEFUF; C:\windows\system32\drivers\MxEFUF64.sys [157696 2011-08-16] (Matrox Graphics Inc.)
S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [28400 2016-12-18] () [File not signed]
S3 semav6msr64; C:\windows\system32\drivers\semav6msr64.sys [21984 2016-10-18] ()
R3 t_mouse.sys; C:\windows\System32\DRIVERS\t_mouse.sys [6144 2012-12-19] ()

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
HP
OS
Win7 x64
CPU
Intel Core 2 Duo E8400 @ 3ghz Wolfdale 45nm Technology
Motherboard
Hewlett-Packard 3647h (XU1 PROCESSOR)
Memory
6.00GB Dual-Channel DDR3 @ 532MHz (7-7-7-20)
Graphics Card(s)
DX-32L221A12 (1360x768@60Hz) 2048MB ATI AMD Radeon R9 360 (M
Hard Drives
WDC WD1600YS-18SHB2 ATA Device
Manufacturer Western Digital
Heads 16
Cylinders 19,452
Tracks 4,960,260
Sectors 312,496,380
SATA type SATA-II 3.0Gb/s
Device type Fixed
ATA Standard ATA/ATAPI-7
Serial Number WD-WCAP03381609
Firmware
Antivirus
Malwarebytes, Spywareblaster, Hitman Pro, Super AntiSpyware
Browser
Chrome
If you post the second file addition please
 

My Computer

Computer type
PC/Desktop
OS
win 8 32 bit
Sorry, I did post it but for some reason it did not get added. Something about a mod must approve it before posting...anyway;

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-27 18:37 - 2017-07-27 18:38 - 00015263 _____ C:\Users\Owner\Downloads\FRST.txt
2017-07-27 18:37 - 2017-07-27 18:37 - 00000000 ____D C:\FRST
2017-07-27 18:36 - 2017-07-27 18:37 - 02381824 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2017-07-27 12:05 - 2017-07-27 12:05 - 00065312 _____ C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2017-07-27 11:55 - 2017-07-27 11:55 - 06299336 _____ (Piriform Ltd) C:\Users\Owner\Downloads\spsetup131.exe
2017-07-27 11:43 - 2017-07-27 11:43 - 00294112 _____ C:\windows\system32\FNTCACHE.DAT
2017-07-27 11:40 - 2017-07-27 11:40 - 00012872 _____ (SurfRight B.V.) C:\windows\system32\bootdelete.exe
2017-07-27 11:35 - 2017-07-27 11:40 - 00000000 ____D C:\ProgramData\HitmanPro
2017-07-27 11:35 - 2017-07-27 11:35 - 11584088 _____ (SurfRight B.V.) C:\Users\Owner\Downloads\HitmanPro_x64.exe
2017-07-27 11:18 - 2017-07-27 11:18 - 00000000 ____D C:\SUPERDelete
2017-07-27 11:08 - 2017-07-27 14:31 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-07-27 11:07 - 2017-07-27 11:07 - 00000258 __RSH C:\ProgramData\ntuser.pol
2017-07-27 11:05 - 2017-07-27 11:05 - 04291320 _____ (BrightFort LLC ) C:\Users\Owner\Downloads\spywareblastersetup55.exe
2017-07-27 11:04 - 2017-07-27 11:07 - 00000000 ____D C:\ProgramData\TEMP
2017-07-27 11:04 - 2009-03-24 12:52 - 00129872 _____ (Microsoft Corporation) C:\windows\SysWOW64\MSSTDFMT.DLL
2017-07-27 10:37 - 2017-07-27 10:37 - 00030022 _____ C:\ProgramData\agent.uninstall.1501169816.bdinstall.bin
2017-07-27 09:53 - 2017-07-27 09:53 - 00029967 _____ C:\ProgramData\agent.update.1501167220.bdinstall.bin
2017-07-27 09:45 - 2017-07-27 09:45 - 00046848 _____ C:\ProgramData\agent.1501166741.bdinstall.bin
2017-07-26 23:44 - 2017-07-26 23:51 - 00002794 _____ C:\windows\System32\Tasks\CCleanerSkipUAC
2017-07-26 23:44 - 2017-07-26 23:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-07-26 23:44 - 2017-07-26 23:44 - 00000000 ____D C:\Program Files\CCleaner
2017-07-26 23:43 - 2017-07-26 23:43 - 00237056 _____ (Fix-KB) C:\Users\Owner\Downloads\DriveTidy.exe
2017-07-26 23:42 - 2017-07-26 23:42 - 09747512 _____ (Piriform Ltd) C:\Users\Owner\Downloads\ccsetup532.exe
2017-07-26 23:23 - 2017-07-26 23:23 - 00000000 ____D C:\ProgramData\Bitdefender
2017-07-26 23:22 - 2017-07-26 23:22 - 00000000 ____D C:\Users\Owner\AppData\Roaming\QuickScan
2017-07-26 23:21 - 2017-07-26 23:21 - 00046647 _____ C:\ProgramData\agent.1501129300.bdinstall.bin
2017-07-26 23:21 - 2017-07-26 23:21 - 00000000 ____D C:\ProgramData\Bitdefender Agent
2017-07-26 23:18 - 2017-07-26 23:18 - 64025992 _____ (Malwarebytes ) C:\Users\Owner\Downloads\mb3-setup-1879.1879-3.1.2.1733-1.0.139-1.0.2060.exe
2017-07-26 23:17 - 2017-07-26 23:17 - 08465984 _____ C:\Users\Owner\Downloads\bitdefender_online.exe
2017-07-26 22:45 - 2017-07-27 01:22 - 00000000 ____D C:\Users\Owner\AppData\Local\llssoft
2017-07-26 22:44 - 2017-07-27 02:01 - 00000000 ____D C:\Program Files (x86)\zyr1m3bxyfu
2017-07-26 22:44 - 2017-07-27 02:01 - 00000000 ____D C:\Program Files (x86)\bkp1zkncaay
2017-07-26 22:44 - 2017-07-26 22:44 - 00140800 _____ C:\Users\Owner\AppData\Local\installer.dat
2017-07-26 22:44 - 2017-07-26 22:44 - 00011568 _____ C:\Users\Owner\AppData\Local\InstallationConfiguration.xml
2017-07-26 22:39 - 2017-07-27 01:22 - 00000000 ____D C:\Users\Owner\AppData\Local\bxgdvj
2017-07-26 22:39 - 2017-07-26 22:39 - 00000000 ____D C:\Users\Owner\AppData\Roaming\c
2017-07-25 20:07 - 2017-07-25 20:06 - 00110144 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-64.dll
2017-07-23 17:27 - 2017-07-27 11:40 - 00000000 ____D C:\Users\Owner\AppData\Roaming\uTorrent
2017-07-23 16:49 - 2017-07-26 21:50 - 00000000 ____D C:\Users\Owner\AppData\Roaming\TunnelBear
2017-07-23 16:49 - 2017-07-23 16:49 - 00000000 ____D C:\Users\Owner\AppData\Local\IsolatedStorage
2017-07-23 00:27 - 2015-02-27 14:38 - 00721263 _____ () C:\windows\SysWOW64\ISCM64.dll
2017-07-23 00:27 - 2015-02-27 14:38 - 00214528 _____ () C:\windows\SysWOW64\ISCM32.dll
2017-07-23 00:25 - 2016-08-22 16:31 - 00204800 _____ C:\ProgramData\WS_Log.dll
2017-07-23 00:11 - 2017-07-23 00:11 - 00000000 ____D C:\ProgramData\iSkysoft Video Converter Ultimate
2017-07-23 00:10 - 2017-07-27 01:40 - 00000000 ____D C:\Users\Owner\AppData\Roaming\iSkysoft iMedia Converter Deluxe
2017-07-23 00:10 - 2017-07-23 00:10 - 00000000 ____D C:\Users\Owner\Documents\iSkysoft iMedia Converter Deluxe
2017-07-23 00:10 - 2017-07-23 00:10 - 00000000 ____D C:\Users\Owner\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}
2017-07-23 00:09 - 2017-07-27 01:40 - 00000000 ____D C:\ProgramData\iSkysoft iMedia Converter Deluxe
2017-07-23 00:09 - 2017-07-23 09:10 - 00000000 ____D C:\Program Files (x86)\iSkysoft
2017-07-23 00:09 - 2017-07-23 00:10 - 00000000 ____D C:\ProgramData\iSkysoft
2017-07-23 00:09 - 2017-07-23 00:09 - 00000000 ____D C:\Users\Owner\AppData\Local\iSkysoft
2017-07-23 00:09 - 2017-07-23 00:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iSkysoft
2017-07-22 23:34 - 2017-07-22 23:34 - 52545957 ____R C:\Users\Owner\Downloads\iSkysoft iMedia Converter Deluxe v8.8.0.1 Setup + Crack.zip
2017-07-22 22:58 - 2017-07-22 22:58 - 00000000 ____D C:\Users\Owner\AppData\Local\VideoEditor
2017-07-22 22:58 - 2017-07-22 22:58 - 00000000 ____D C:\Users\Owner\AppData\Local\Movavi
2017-07-22 22:57 - 2017-07-22 22:57 - 00005094 _____ C:\ProgramData\czchsjpj.srw
2017-07-22 22:57 - 2017-07-22 22:57 - 00000016 _____ C:\ProgramData\mntemp
2017-07-22 22:57 - 2017-07-22 22:57 - 00000000 ____D C:\ProgramData\Movavi Video Editor 12
2017-07-21 16:13 - 2017-07-21 16:13 - 00000000 ____D C:\Users\Owner\AppData\Roaming\PDAppFlex
2017-07-21 13:23 - 2017-07-27 00:11 - 00000000 ____D C:\Program Files (x86)\Ginger
2017-07-21 13:23 - 2017-07-21 13:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ginger
2017-07-20 21:27 - 2017-07-20 21:27 - 00153789 _____ C:\Users\Owner\Downloads\resume-xxxxxxxxxxxxx.pdf
2017-07-20 21:22 - 2017-07-20 21:22 - 00000000 ____D C:\Users\Owner\AppData\Roaming\SolidDocuments
2017-07-20 21:22 - 2017-07-20 21:22 - 00000000 ____D C:\ProgramData\SolidDocuments
2017-07-20 20:52 - 2017-07-20 20:52 - 00000040 ____H C:\71DCE2716838
2017-07-20 20:52 - 2017-07-20 20:52 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2017-07-20 20:51 - 2017-07-20 20:51 - 00002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2017-07-20 20:51 - 2017-07-20 20:51 - 00002044 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2017-07-12 17:22 - 2017-06-29 01:27 - 25734656 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2017-07-12 17:22 - 2017-06-29 00:44 - 05975552 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2017-07-12 17:22 - 2017-06-29 00:23 - 20270592 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2017-07-12 17:22 - 2017-06-28 23:58 - 15253504 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2017-07-12 17:22 - 2017-06-28 23:43 - 13663744 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2017-07-12 17:21 - 2017-06-29 23:15 - 00394448 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2017-07-12 17:21 - 2017-06-29 22:32 - 00346312 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2017-07-12 17:21 - 2017-06-29 21:57 - 02058240 _____ (Microsoft Corporation) C:\windows\system32\Query.dll
2017-07-12 17:21 - 2017-06-29 21:38 - 01363968 _____ (Microsoft Corporation) C:\windows\SysWOW64\Query.dll
2017-07-12 17:21 - 2017-06-29 01:19 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2017-07-12 17:21 - 2017-06-29 01:18 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2017-07-12 17:21 - 2017-06-29 01:04 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2017-07-12 17:21 - 2017-06-29 01:03 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2017-07-12 17:21 - 2017-06-29 01:03 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2017-07-12 17:21 - 2017-06-29 01:02 - 02899456 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2017-07-12 17:21 - 2017-06-29 01:02 - 00576512 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2017-07-12 17:21 - 2017-06-29 01:02 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2017-07-12 17:21 - 2017-06-29 00:55 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2017-07-12 17:21 - 2017-06-29 00:54 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2017-07-12 17:21 - 2017-06-29 00:51 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2017-07-12 17:21 - 2017-06-29 00:50 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2017-07-12 17:21 - 2017-06-29 00:50 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2017-07-12 17:21 - 2017-06-29 00:50 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2017-07-12 17:21 - 2017-06-29 00:50 - 00116224 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2017-07-12 17:21 - 2017-06-29 00:43 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2017-07-12 17:21 - 2017-06-29 00:39 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2017-07-12 17:21 - 2017-06-29 00:35 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2017-07-12 17:21 - 2017-06-29 00:31 - 00087552 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2017-07-12 17:21 - 2017-06-29 00:31 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2017-07-12 17:21 - 2017-06-29 00:30 - 00107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2017-07-12 17:21 - 2017-06-29 00:27 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2017-07-12 17:21 - 2017-06-29 00:26 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2017-07-12 17:21 - 2017-06-29 00:23 - 00499200 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2017-07-12 17:21 - 2017-06-29 00:23 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2017-07-12 17:21 - 2017-06-29 00:23 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2017-07-12 17:21 - 2017-06-29 00:23 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2017-07-12 17:21 - 2017-06-29 00:22 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2017-07-12 17:21 - 2017-06-29 00:22 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2017-07-12 17:21 - 2017-06-29 00:22 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2017-07-12 17:21 - 2017-06-29 00:19 - 02290176 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2017-07-12 17:21 - 2017-06-29 00:17 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2017-07-12 17:21 - 2017-06-29 00:16 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2017-07-12 17:21 - 2017-06-29 00:14 - 00476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2017-07-12 17:21 - 2017-06-29 00:13 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2017-07-12 17:21 - 2017-06-29 00:13 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2017-07-12 17:21 - 2017-06-29 00:13 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2017-07-12 17:21 - 2017-06-29 00:11 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2017-07-12 17:21 - 2017-06-29 00:09 - 00806912 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2017-07-12 17:21 - 2017-06-29 00:09 - 00725504 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2017-07-12 17:21 - 2017-06-29 00:08 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2017-07-12 17:21 - 2017-06-29 00:07 - 02132992 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2017-07-12 17:21 - 2017-06-29 00:05 - 00416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2017-07-12 17:21 - 2017-06-29 00:01 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-07-12 17:21 - 2017-06-29 00:00 - 00091136 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2017-07-12 17:21 - 2017-06-29 00:00 - 00073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
2017-07-12 17:21 - 2017-06-28 23:58 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2017-07-12 17:21 - 2017-06-28 23:56 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2017-07-12 17:21 - 2017-06-28 23:56 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2017-07-12 17:21 - 2017-06-28 23:54 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2017-07-12 17:21 - 2017-06-28 23:53 - 03240960 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2017-07-12 17:21 - 2017-06-28 23:52 - 04549632 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2017-07-12 17:21 - 2017-06-28 23:48 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2017-07-12 17:21 - 2017-06-28 23:47 - 00693248 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2017-07-12 17:21 - 2017-06-28 23:46 - 02057216 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2017-07-12 17:21 - 2017-06-28 23:46 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2017-07-12 17:21 - 2017-06-28 23:41 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2017-07-12 17:21 - 2017-06-28 23:29 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2017-07-12 17:21 - 2017-06-28 23:28 - 02767872 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2017-07-12 17:21 - 2017-06-28 23:24 - 01314816 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2017-07-12 17:21 - 2017-06-28 23:23 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2017-07-12 17:21 - 2017-06-22 09:58 - 03223040 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2017-07-12 17:21 - 2017-06-15 15:23 - 00753664 _____ (Microsoft Corporation) C:\windows\system32\Drivers\http.sys
2017-07-12 17:21 - 2017-06-12 17:54 - 00370920 _____ (Microsoft Corporation) C:\windows\system32\clfs.sys
2017-07-12 17:21 - 2017-06-12 17:54 - 00154856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2017-07-12 17:21 - 2017-06-12 17:54 - 00095464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2017-07-12 17:21 - 2017-06-12 17:49 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2017-07-12 17:21 - 2017-06-12 17:49 - 01363456 _____ (Microsoft Corporation) C:\windows\system32\wdc.dll
2017-07-12 17:21 - 2017-06-12 17:49 - 01212928 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2017-07-12 17:21 - 2017-06-12 17:49 - 00731648 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2017-07-12 17:21 - 2017-06-12 17:49 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2017-07-12 17:21 - 2017-06-12 17:49 - 00594432 _____ (Microsoft Corporation) C:\windows\system32\wvc.dll
2017-07-12 17:21 - 2017-06-12 17:49 - 00475136 _____ (Microsoft Corporation) C:\windows\system32\sysmon.ocx
2017-07-12 17:21 - 2017-06-12 17:49 - 00463872 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2017-07-12 17:21 - 2017-06-12 17:49 - 00345600 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2017-07-12 17:21 - 2017-06-12 17:49 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2017-07-12 17:21 - 2017-06-12 17:49 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2017-07-12 17:21 - 2017-06-12 17:49 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2017-07-12 17:21 - 2017-06-12 17:49 - 00190464 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
2017-07-12 17:21 - 2017-06-12 17:49 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2017-07-12 17:21 - 2017-06-12 17:49 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2017-07-12 17:21 - 2017-06-12 17:49 - 00123904 _____ (Microsoft Corporation) C:\windows\system32\bcrypt.dll
2017-07-12 17:21 - 2017-06-12 17:49 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2017-07-12 17:21 - 2017-06-12 17:49 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2017-07-12 17:21 - 2017-06-12 17:49 - 00058880 _____ (Microsoft Corporation) C:\windows\system32\pdhui.dll
2017-07-12 17:21 - 2017-06-12 17:49 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2017-07-12 17:21 - 2017-06-12 17:49 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2017-07-12 17:21 - 2017-06-12 17:49 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2017-07-12 17:21 - 2017-06-12 17:49 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2017-07-12 17:21 - 2017-06-12 17:29 - 01227264 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdc.dll
2017-07-12 17:21 - 2017-06-12 17:29 - 00666112 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2017-07-12 17:21 - 2017-06-12 17:29 - 00444928 _____ (Microsoft Corporation) C:\windows\SysWOW64\wvc.dll
2017-07-12 17:21 - 2017-06-12 17:29 - 00390144 _____ (Microsoft Corporation) C:\windows\SysWOW64\sysmon.ocx
2017-07-12 17:21 - 2017-06-12 17:29 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2017-07-12 17:21 - 2017-06-12 17:29 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2017-07-12 17:21 - 2017-06-12 17:29 - 00082944 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcrypt.dll
2017-07-12 17:21 - 2017-06-12 17:29 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2017-07-12 17:21 - 2017-06-12 17:28 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2017-07-12 17:21 - 2017-06-12 17:28 - 00554496 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2017-07-12 17:21 - 2017-06-12 17:28 - 00342528 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2017-07-12 17:21 - 2017-06-12 17:28 - 00261120 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2017-07-12 17:21 - 2017-06-12 17:28 - 00254464 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2017-07-12 17:21 - 2017-06-12 17:28 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2017-07-12 17:21 - 2017-06-12 17:28 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2017-07-12 17:21 - 2017-06-12 17:28 - 00141312 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpchttp.dll
2017-07-12 17:21 - 2017-06-12 17:28 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2017-07-12 17:21 - 2017-06-12 17:28 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\pdhui.dll
2017-07-12 17:21 - 2017-06-12 17:28 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2017-07-12 17:21 - 2017-06-12 17:28 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2017-07-12 17:21 - 2017-06-12 17:19 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2017-07-12 17:21 - 2017-06-12 17:14 - 00379392 _____ (Microsoft Corporation) C:\windows\system32\msinfo32.exe
2017-07-12 17:21 - 2017-06-12 17:14 - 00172544 _____ (Microsoft Corporation) C:\windows\system32\perfmon.exe
2017-07-12 17:21 - 2017-06-12 17:14 - 00103936 _____ (Microsoft Corporation) C:\windows\system32\resmon.exe
2017-07-12 17:21 - 2017-06-12 17:12 - 00291328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2017-07-12 17:21 - 2017-06-12 17:12 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2017-07-12 17:21 - 2017-06-12 17:12 - 00129536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2017-07-12 17:21 - 2017-06-12 17:11 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2017-07-12 17:21 - 2017-06-12 17:09 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2017-07-12 17:21 - 2017-06-12 17:06 - 00303616 _____ (Microsoft Corporation) C:\windows\SysWOW64\msinfo32.exe
2017-07-12 17:21 - 2017-06-12 17:06 - 00157184 _____ (Microsoft Corporation) C:\windows\SysWOW64\perfmon.exe
2017-07-12 17:21 - 2017-06-12 17:06 - 00103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\resmon.exe
2017-07-12 17:21 - 2017-06-12 17:05 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2017-07-12 17:21 - 2017-06-10 10:59 - 00313856 _____ (Microsoft Corporation) C:\windows\system32\Wldap32.dll
2017-07-12 17:21 - 2017-06-10 10:39 - 00271360 _____ (Microsoft Corporation) C:\windows\SysWOW64\Wldap32.dll
2017-07-12 17:21 - 2017-06-09 10:33 - 01680616 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2017-07-12 17:21 - 2017-06-06 10:30 - 01867264 _____ (Microsoft Corporation) C:\windows\system32\ExplorerFrame.dll
2017-07-12 17:21 - 2017-06-06 10:12 - 01499648 _____ (Microsoft Corporation) C:\windows\SysWOW64\ExplorerFrame.dll
2017-07-12 17:21 - 2017-05-29 23:56 - 01895656 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2017-07-12 17:21 - 2017-05-29 23:56 - 00377576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys
2017-07-12 17:21 - 2017-05-29 23:56 - 00287976 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS
2017-07-12 17:21 - 2017-05-20 23:24 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2017-07-12 17:21 - 2017-05-20 23:06 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2017-07-12 17:21 - 2017-05-16 10:35 - 00986856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2017-07-12 17:21 - 2017-05-16 10:35 - 00265448 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgmms1.sys
2017-07-12 17:21 - 2017-05-16 10:30 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\cdd.dll
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
HP
OS
Win7 x64
CPU
Intel Core 2 Duo E8400 @ 3ghz Wolfdale 45nm Technology
Motherboard
Hewlett-Packard 3647h (XU1 PROCESSOR)
Memory
6.00GB Dual-Channel DDR3 @ 532MHz (7-7-7-20)
Graphics Card(s)
DX-32L221A12 (1360x768@60Hz) 2048MB ATI AMD Radeon R9 360 (M
Hard Drives
WDC WD1600YS-18SHB2 ATA Device
Manufacturer Western Digital
Heads 16
Cylinders 19,452
Tracks 4,960,260
Sectors 312,496,380
SATA type SATA-II 3.0Gb/s
Device type Fixed
ATA Standard ATA/ATAPI-7
Serial Number WD-WCAP03381609
Firmware
Antivirus
Malwarebytes, Spywareblaster, Hitman Pro, Super AntiSpyware
Browser
Chrome
==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-27 18:26 - 2016-06-12 17:45 - 00000000 ____D C:\Program Files (x86)\Steam
2017-07-27 16:02 - 2016-06-17 01:45 - 00000000 ____D C:\Users\Owner\AppData\Local\DayZ
2017-07-27 14:32 - 2009-07-13 22:20 - 00000000 ____D C:\windows\inf
2017-07-27 11:54 - 2009-07-13 23:45 - 00021888 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-07-27 11:54 - 2009-07-13 23:45 - 00021888 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-07-27 11:49 - 2009-07-14 00:13 - 00752568 _____ C:\windows\system32\PerfStringBackup.INI
2017-07-27 11:43 - 2009-07-14 00:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2017-07-27 11:42 - 2016-06-09 11:30 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Wise Disk Cleaner
2017-07-27 11:42 - 2016-06-08 13:40 - 00065536 _____ C:\windows\system32\spu_storage.bin
2017-07-27 10:36 - 2017-04-08 23:43 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Opera Software
2017-07-27 10:36 - 2017-04-08 23:43 - 00000000 ____D C:\Users\Owner\AppData\Local\Opera Software
2017-07-27 10:36 - 2016-06-08 12:54 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Macromedia
2017-07-27 02:01 - 2017-05-31 18:06 - 00000000 ____D C:\Users\Twins
2017-07-27 02:01 - 2016-06-13 14:50 - 00000000 ____D C:\windows\Minidump
2017-07-27 02:01 - 2016-06-08 10:12 - 00000000 ____D C:\Program Files (x86)\Google
2017-07-27 02:01 - 2016-06-08 10:10 - 00000000 ____D C:\Users\Administrator
2017-07-27 02:01 - 2009-07-13 22:20 - 00000000 ____D C:\windows\registration
2017-07-27 00:11 - 2017-03-11 22:19 - 00000000 ____D C:\Program Files (x86)\Notepad++
2017-07-27 00:11 - 2017-03-09 12:32 - 00000000 ____D C:\ProgramData\IntelDLM
2017-07-27 00:11 - 2017-02-05 19:42 - 00000000 ____D C:\Users\Owner\AppData\Roaming\discord
2017-07-27 00:11 - 2017-02-05 19:41 - 00000000 ____D C:\Users\Owner\AppData\Local\SquirrelTemp
2017-07-27 00:11 - 2016-06-12 15:40 - 00000000 ____D C:\Users\Owner\.VirtualBox
2017-07-27 00:11 - 2016-06-12 15:13 - 00000000 ____D C:\Users\Owner\AppData\Local\Bluestacks
2017-07-27 00:11 - 2016-06-08 13:28 - 00000000 ____D C:\AMD
2017-07-27 00:11 - 2016-06-08 12:54 - 00000000 ____D C:\Users\Owner
2017-07-27 00:11 - 2009-07-13 22:20 - 00000000 ____D C:\windows\system32\Msdtc
2017-07-26 23:11 - 2016-09-24 19:32 - 00000000 ___RD C:\Users\Owner\Downloads\PopcornTime
2017-07-26 21:57 - 2016-07-02 23:59 - 00000019 _____ C:\END
2017-07-26 21:50 - 2016-06-08 13:30 - 00000000 ____D C:\ProgramData\Package Cache
2017-07-26 21:47 - 2016-09-01 03:10 - 00000000 ____D C:\Users\Owner\AppData\Roaming\vlc
2017-07-25 20:07 - 2016-06-08 10:14 - 00000000 ____D C:\ProgramData\Oracle
2017-07-25 20:07 - 2016-06-08 10:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-07-25 20:07 - 2016-06-08 10:14 - 00000000 ____D C:\Program Files (x86)\Java
2017-07-25 20:06 - 2016-06-08 10:19 - 00110144 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll
2017-07-25 20:06 - 2016-06-08 10:18 - 00000000 ____D C:\Program Files\Java
2017-07-25 20:05 - 2016-06-08 10:14 - 00097856 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2017-07-22 18:02 - 2016-04-12 17:02 - 00000892 _____ C:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2017-07-21 15:59 - 2016-10-11 13:48 - 00000000 ____D C:\Users\Owner\AppData\Local\Adobe
2017-07-21 15:56 - 2016-06-09 10:46 - 00000000 ____D C:\Program Files (x86)\Wise
2017-07-21 15:54 - 2016-12-18 19:10 - 00002904 _____ C:\windows\System32\Tasks\{32359A6E-A4B7-4B2C-AD54-4F9B1308A9FD}
2017-07-21 15:54 - 2016-12-18 19:07 - 00003036 _____ C:\windows\System32\Tasks\{4DF36FA8-4EF7-40E7-9609-CFBC9148B473}
2017-07-21 13:23 - 2016-06-08 13:13 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-07-20 20:55 - 2016-06-08 12:55 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Adobe
2017-07-20 20:54 - 2016-04-12 17:02 - 00004476 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2017-07-20 20:54 - 2016-04-12 17:01 - 00000000 ____D C:\ProgramData\Adobe
2017-07-20 20:49 - 2016-04-12 17:01 - 00000000 ____D C:\Program Files (x86)\Adobe
2017-07-16 12:48 - 2009-07-13 22:20 - 00000000 ____D C:\windows\system32\NDF
2017-07-12 18:27 - 2009-07-13 22:20 - 00000000 ____D C:\windows\rescache
2017-07-11 23:31 - 2016-06-08 10:22 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-06-27 21:36 - 2016-11-09 16:29 - 00002202 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-06-27 17:04 - 2016-06-08 12:55 - 00000000 ____D C:\Users\Owner\AppData\Local\Google

==================== Files in the root of some directories =======

2016-07-12 15:21 - 2016-07-13 02:27 - 0000096 _____ () C:\Users\Owner\AppData\Roaming\LauncherSettings_live.cfg
2017-04-16 11:07 - 2017-04-16 11:07 - 0004608 _____ () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-07-26 22:44 - 2017-07-26 22:44 - 0011568 _____ () C:\Users\Owner\AppData\Local\InstallationConfiguration.xml
2017-07-26 22:44 - 2017-07-26 22:44 - 0140800 _____ () C:\Users\Owner\AppData\Local\installer.dat
2017-05-17 11:32 - 2017-05-17 11:32 - 0125952 _____ () C:\Users\Owner\AppData\Local\report
2016-08-17 01:21 - 2017-03-31 20:46 - 0007600 _____ () C:\Users\Owner\AppData\Local\resmon.resmoncfg
2017-07-26 23:21 - 2017-07-26 23:21 - 0046647 _____ () C:\ProgramData\agent.1501129300.bdinstall.bin
2017-07-27 09:45 - 2017-07-27 09:45 - 0046848 _____ () C:\ProgramData\agent.1501166741.bdinstall.bin
2017-07-27 10:37 - 2017-07-27 10:37 - 0030022 _____ () C:\ProgramData\agent.uninstall.1501169816.bdinstall.bin
2017-07-27 09:53 - 2017-07-27 09:53 - 0029967 _____ () C:\ProgramData\agent.update.1501167220.bdinstall.bin
2017-07-22 22:57 - 2017-07-22 22:57 - 0005094 _____ () C:\ProgramData\czchsjpj.srw
2017-07-22 22:57 - 2017-07-22 22:57 - 0000016 _____ () C:\ProgramData\mntemp
2017-01-25 02:32 - 2017-06-16 19:10 - 0000060 _____ () C:\ProgramData\SoftwareUpdateTemp.xml
2017-07-23 00:25 - 2016-08-22 16:31 - 0204800 _____ () C:\ProgramData\WS_Log.dll

Files to move or delete:
====================
C:\ProgramData\WS_Log.dll


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-07-27 13:40

==================== End of FRST.txt ============================
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
HP
OS
Win7 x64
CPU
Intel Core 2 Duo E8400 @ 3ghz Wolfdale 45nm Technology
Motherboard
Hewlett-Packard 3647h (XU1 PROCESSOR)
Memory
6.00GB Dual-Channel DDR3 @ 532MHz (7-7-7-20)
Graphics Card(s)
DX-32L221A12 (1360x768@60Hz) 2048MB ATI AMD Radeon R9 360 (M
Hard Drives
WDC WD1600YS-18SHB2 ATA Device
Manufacturer Western Digital
Heads 16
Cylinders 19,452
Tracks 4,960,260
Sectors 312,496,380
SATA type SATA-II 3.0Gb/s
Device type Fixed
ATA Standard ATA/ATAPI-7
Serial Number WD-WCAP03381609
Firmware
Antivirus
Malwarebytes, Spywareblaster, Hitman Pro, Super AntiSpyware
Browser
Chrome
Sorry for the delay, this is it in it's entirety. Thank you for pursuing this.
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
HP
OS
Win7 x64
CPU
Intel Core 2 Duo E8400 @ 3ghz Wolfdale 45nm Technology
Motherboard
Hewlett-Packard 3647h (XU1 PROCESSOR)
Memory
6.00GB Dual-Channel DDR3 @ 532MHz (7-7-7-20)
Graphics Card(s)
DX-32L221A12 (1360x768@60Hz) 2048MB ATI AMD Radeon R9 360 (M
Hard Drives
WDC WD1600YS-18SHB2 ATA Device
Manufacturer Western Digital
Heads 16
Cylinders 19,452
Tracks 4,960,260
Sectors 312,496,380
SATA type SATA-II 3.0Gb/s
Device type Fixed
ATA Standard ATA/ATAPI-7
Serial Number WD-WCAP03381609
Firmware
Antivirus
Malwarebytes, Spywareblaster, Hitman Pro, Super AntiSpyware
Browser
Chrome
Hi max,
You seem to have a some odd programs with weird names

2017-07-26 22:44 - 2017-07-27 02:01 - 00000000 ____D C:\Program Files (x86)\zyr1m3bxyfu
2017-07-26 22:44 - 2017-07-27 02:01 - 00000000 ____D C:\Program Files (x86)\bkp1zkncaay
2017-07-22 22:57 - 2017-07-22 22:57 - 0005094 _____ () C:\ProgramData\czchsjpj.srw
2017-07-22 22:57 - 2017-07-22 22:57 - 0000016 _____ () C:\ProgramData\mntemp

on top of that you appear to be running a non-genuine program
2017-07-22 23:34 - 2017-07-22 23:34 - 52545957 ____R C:\Users\Owner\Downloads\iSkysoft iMedia Converter Deluxe v8.8.0.1 Setup + Crack.zip

According to your specs you have a HP system i can see no HP related programs.

Please remove any pirated programs on your system

i would also like to see the results of this tool, copy/paste the output
http://go.microsoft.com/fwlink/?LinkID=52012

There is NO need to change any data within it.

Roy
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
medionl/Aspire 6930G/acer x55a
OS
W7 home premium 32bit/W7HP 64bit/w10 tp insider ring
CPU
E5300 dual core
Motherboard
medion MS7366
Memory
3gb
Graphics Card(s)
Nvidia Geforce 7100 Nforce 630i
Monitor(s) Displays
avixc
Internet Speed
n (isp resticted to 72)
Antivirus
mse/pands
Browser
palemoon
Other Info
Belkin Fd7050 n USB using Railink RT2870 drivers, more upto date
Yes, I did have that converter on there. Thought I had removed it. Thanks you for spotting it. :o

Here is the result of what you asked me for (unedited);


Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-3PCF4-969VQ-XPJW2
Windows Product Key Hash: zIs+o9Tfq6WcJ9guPTa5C6awTpU=
Windows Product ID: 00359-OEM-0631031-18575
Windows Product ID Type: 3
Windows License Type: OEM System Builder
Windows OS version: 6.1.7601.2.00010300.1.0.003
ID: {11469584-9CDB-4006-BF65-C4C2926524E9}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Premium
Architecture: 0x00000009
Build lab: 7601.win7sp1_ldr.170512-0600
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{11469584-9CDB-4006-BF65-C4C2926524E9}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-XPJW2</PKey><PID>00359-OEM-0631031-18575</PID><PIDType>3</PIDType><SID>S-1-5-21-217011151-2072011241-3863041349</SID><SYSTEM><Manufacturer>Hewlett-Packard</Manufacturer><Model>HP Compaq 8000 Elite CMT PC</Model></SYSTEM><BIOS><Manufacturer>Hewlett-Packard</Manufacturer><Version>786G7 v01.02</Version><SMBIOSVersion major="2" minor="6"/><Date>20091022000000.000000+000</Date></BIOS><HWID>D0853A07018400F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>HPQOEM</OEMID><OEMTableID>SLIC-BPC</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, HomePremium edition
Description: Windows Operating System - Windows(R) 7, OEM_COA_NSLP channel
Activation ID: a63275f4-530c-48a7-b0d3-4f00d688d151
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00359-00212-310-318575-02-1033-7601.0000-1602016
Installation ID: 004212018313461682021994125496600386327456602654944584
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: XPJW2
License Status: Licensed
Remaining Windows rearm count: 2
Trusted time: 7/28/2017 8:14:45 PM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 6:16:2017 11:44
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: MgAAAAEABAABAAEAAAACAAAAAQABAAEAonZmIuZQyOsyuhQDfCJwwpy1ntRC2NhqRso=

OEM Activation 1.0 Data-->
N/A





OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC COMPAQ EAGLLAKE
FACP COMPAQ EAGLLAKE
HPET COMPAQ EAGLLAKE
MCFG COMPAQ EAGLLAKE
ASF! COMPAQ EAGLLAKE
TCPA COMPAQ EAGLLAKE
SLIC HPQOEM SLIC-BPC
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
HP
OS
Win7 x64
CPU
Intel Core 2 Duo E8400 @ 3ghz Wolfdale 45nm Technology
Motherboard
Hewlett-Packard 3647h (XU1 PROCESSOR)
Memory
6.00GB Dual-Channel DDR3 @ 532MHz (7-7-7-20)
Graphics Card(s)
DX-32L221A12 (1360x768@60Hz) 2048MB ATI AMD Radeon R9 360 (M
Hard Drives
WDC WD1600YS-18SHB2 ATA Device
Manufacturer Western Digital
Heads 16
Cylinders 19,452
Tracks 4,960,260
Sectors 312,496,380
SATA type SATA-II 3.0Gb/s
Device type Fixed
ATA Standard ATA/ATAPI-7
Serial Number WD-WCAP03381609
Firmware
Antivirus
Malwarebytes, Spywareblaster, Hitman Pro, Super AntiSpyware
Browser
Chrome
Did I do something wrong again? I didn't do that to the windows product key. This is all copy/pasta.
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
HP
OS
Win7 x64
CPU
Intel Core 2 Duo E8400 @ 3ghz Wolfdale 45nm Technology
Motherboard
Hewlett-Packard 3647h (XU1 PROCESSOR)
Memory
6.00GB Dual-Channel DDR3 @ 532MHz (7-7-7-20)
Graphics Card(s)
DX-32L221A12 (1360x768@60Hz) 2048MB ATI AMD Radeon R9 360 (M
Hard Drives
WDC WD1600YS-18SHB2 ATA Device
Manufacturer Western Digital
Heads 16
Cylinders 19,452
Tracks 4,960,260
Sectors 312,496,380
SATA type SATA-II 3.0Gb/s
Device type Fixed
ATA Standard ATA/ATAPI-7
Serial Number WD-WCAP03381609
Firmware
Antivirus
Malwarebytes, Spywareblaster, Hitman Pro, Super AntiSpyware
Browser
Chrome
Ok, guess it's too complicated. I will look for help elsewhere. Thanks for trying.
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
HP
OS
Win7 x64
CPU
Intel Core 2 Duo E8400 @ 3ghz Wolfdale 45nm Technology
Motherboard
Hewlett-Packard 3647h (XU1 PROCESSOR)
Memory
6.00GB Dual-Channel DDR3 @ 532MHz (7-7-7-20)
Graphics Card(s)
DX-32L221A12 (1360x768@60Hz) 2048MB ATI AMD Radeon R9 360 (M
Hard Drives
WDC WD1600YS-18SHB2 ATA Device
Manufacturer Western Digital
Heads 16
Cylinders 19,452
Tracks 4,960,260
Sectors 312,496,380
SATA type SATA-II 3.0Gb/s
Device type Fixed
ATA Standard ATA/ATAPI-7
Serial Number WD-WCAP03381609
Firmware
Antivirus
Malwarebytes, Spywareblaster, Hitman Pro, Super AntiSpyware
Browser
Chrome
Hi Max,

Asked for that report as some malware inserts data into what should be an empty file, in this case

Spsys.log Content: 0x80070002

the 0x8 code tells me its empty:D

The product key is fine, its not the original one or the back-up key on the COA sticker.
sometime in June last year it looks like you reinstalled your OS, with system builder retail/purchased media.
(Dont know why, i can see that the original install was prepped for W7, (W8/W10 or different version Pro?)

Theres nothing that particularly stands out as malware, the weird names possibly belong to a Samsung phone transfer program.

As for Yahoo appearing, if it does not happen in IE or FF, then it could be a prefference setting, in that case uninstall Google DO NOT save anything to re-import. start from scratch.

note whenever you install ANY new program choose the CUSTOM option and uncheck any extras.


Roy
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
medionl/Aspire 6930G/acer x55a
OS
W7 home premium 32bit/W7HP 64bit/w10 tp insider ring
CPU
E5300 dual core
Motherboard
medion MS7366
Memory
3gb
Graphics Card(s)
Nvidia Geforce 7100 Nforce 630i
Monitor(s) Displays
avixc
Internet Speed
n (isp resticted to 72)
Antivirus
mse/pands
Browser
palemoon
Other Info
Belkin Fd7050 n USB using Railink RT2870 drivers, more upto date
Ok. Yes had some problems and did a full wipe last year along with a video card and memory upgrade. Wow, very intelligent you are. Thank you very much for sharing this information. I really do appreciate it. I wish you the best sir. Thank you once again. I am very grateful for the time given to help me resolve this.
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
HP
OS
Win7 x64
CPU
Intel Core 2 Duo E8400 @ 3ghz Wolfdale 45nm Technology
Motherboard
Hewlett-Packard 3647h (XU1 PROCESSOR)
Memory
6.00GB Dual-Channel DDR3 @ 532MHz (7-7-7-20)
Graphics Card(s)
DX-32L221A12 (1360x768@60Hz) 2048MB ATI AMD Radeon R9 360 (M
Hard Drives
WDC WD1600YS-18SHB2 ATA Device
Manufacturer Western Digital
Heads 16
Cylinders 19,452
Tracks 4,960,260
Sectors 312,496,380
SATA type SATA-II 3.0Gb/s
Device type Fixed
ATA Standard ATA/ATAPI-7
Serial Number WD-WCAP03381609
Firmware
Antivirus
Malwarebytes, Spywareblaster, Hitman Pro, Super AntiSpyware
Browser
Chrome
You must log in or register to reply here.

Similar threads

This Place Becoming Like The Vista Forum
Replies
6
Views
2K
michael diemer
M
Why I Like Portable Apps
Replies
0
Views
123K
dg1261
D
How to remove all filtering from an Unreal 3 engine game ?
Replies
0
Views
7K
mulambo
M
Error Initializing XAudio2 + Directx Jun 2010 DXSETUP Error
Replies
1
Views
5K
torchwood
torchwood
Microsoft Edge gets new shopping features
Replies
0
Views
11K
Brink
Brink
Back
Top