Very slow responsive mouse and keyboard issue-Here We Go Again.

Started by Moses, October 19, 2017, 10:13:00 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Moses

After Corrine helped me extensively about 2 months ago, my mouse once again and typing on Word and anywhere else has become very sluggish. I even saw my mouse after moving it one inch and then stopping, it started to move a bit by itself.

I check my memory usage which was an issue previously. It seems ok. When no programs (almost) are running it is at about 46 % more or less.

I have done junk removal scans, malwarebyte scans, and nothing comes up.   Just yesterday I went back to a "restore" point since my anti virus  (avant free version) was not working.

Any help out there?   

Moses

Corrine

What is the brand of your mouse & keyboard?  Are they wired or Bluetooth? 


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Moses

The mouse is "Samsung" (a bit on the old side) and the keyboard is "Silver LIne"   not blue toothed.

Avant just showed a small pop up window that said :  Your system is running slow due to  "inefficient system settings, 1 GB junk and something about apps.....

Corrine

Something about apps...?  Perhaps it would be a good idea if you post FRST logs.  If you're willing, I'll then move this thread.  Log Posting Instructions


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Moses

Here is the FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-10-2017 01
Ran by Me (administrator) on PC-9898 (19-10-2017 20:48:58)
Running from C:\Users\Me\Desktop
Loaded Profiles: Me (Available Profiles: Me)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Microsoft Corp.) C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corp.) C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Eyeo GmbH) C:\Program Files\Adblock Plus for IE\AdblockPlusEngine.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16408320 2015-12-04] (Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [253344 2017-10-18] (AVAST Software)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2293580261-1291186321-2028678180-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832272 2017-08-25] (Skype Technologies S.A.)
Startup: C:\Users\Me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 6830.lnk [2017-10-19]
ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 6830.lnk -> C:\Program Files\HP\HP Officejet Pro 6830\Bin\HPStatusBL.dll (Hewlett-Packard Development Company, LP)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.100.102.1
Tcpip\..\Interfaces\{3E5A35ED-A886-497A-912D-9B4DCF9CE114}: [DhcpNameServer] 10.100.102.1

Internet Explorer:
==================
HKU\S-1-5-21-2293580261-1291186321-2028678180-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.co.il/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-10-18] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-09-06] (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2017-01-03] (Eyeo GmbH)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-10-18] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2011-05-13] (Microsoft Corporation)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-09-06] (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2017-01-03] (Eyeo GmbH)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-09-06] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-09-06] (McAfee, Inc.)

FireFox:
========
FF DefaultProfile: xcts0sai.default
FF ProfilePath: C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xcts0sai.default [2017-10-18]
FF Extension: (Avast SafePrice) - C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xcts0sai.default\Extensions\sp@avast.com.xpi [2017-10-18]
FF Extension: (Avast Online Security) - C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xcts0sai.default\Extensions\wrc@avast.com.xpi [2017-10-18]
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-07-20]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF Extension: (No Name) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [2017-09-23]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-08-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-08-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-10] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee&type=C210US91105D20170803&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mcafee
CHR Profile: C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default [2017-10-19]
CHR Extension: (Slides) - C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-18]
CHR Extension: (Docs) - C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-18]
CHR Extension: (Google Drive) - C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-08-02]
CHR Extension: (YouTube) - C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-02]
CHR Extension: (Adblock Plus) - C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-09-27]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2017-10-03]
CHR Extension: (Google Docs Offline) - C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-08-02]
CHR Extension: (Avast Online Security) - C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-10-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Gmail) - C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-08-02]
CHR Extension: (Chrome Media Router) - C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-10-18]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7446024 2017-10-18] (AVAST Software s.r.o.)
S2 AutoKMS; C:\Windows\AutoKMS\AutoKMS.exe [732160 2017-10-01] () [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [281416 2017-10-18] (AVAST Software)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-21] (Malwarebytes)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [590880 2017-09-06] (McAfee, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 wlcrasvc; C:\Program Files (x86)\Windows Live\Mesh\wlcrasvc.exe [57184 2010-09-22] (Microsoft Corporation)
R2 wlidsvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2292096 2011-03-28] (Microsoft Corp.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [321032 2017-10-08] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [198976 2017-10-08] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [343288 2017-10-08] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [57736 2017-10-08] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [47008 2017-10-08] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [147776 2017-10-08] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [110376 2017-10-08] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [84416 2017-10-08] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1020536 2017-10-08] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [587168 2017-10-08] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [201352 2017-10-08] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [363440 2017-10-08] (AVAST Software)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [30960 2015-05-29] (Intel Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [253888 2017-10-19] (Malwarebytes)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [180480 2015-10-08] (Intel Corporation)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [111608 2017-02-14] (McAfee, Inc.)
R3 Serenum; C:\Windows\System32\DRIVERS\nuvserenum.sys [23552 2014-01-12] (Windows (R) Win 7 DDK provider)
R3 Serial; C:\Windows\System32\DRIVERS\nuvserial.sys [86016 2014-01-12] (Nuvoton Technology Corp.)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [33960 2015-09-08] (Synaptics Incorporated)
S1 vcdrom; \??\C:\Users\Me\Desktop\virtualCD\VCdRom.sys [X]
S3 vdbus; system32\DRIVERS\vdbus.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-19 20:48 - 2017-10-19 20:49 - 000015300 _____ C:\Users\Me\Desktop\FRST.txt
2017-10-19 20:48 - 2017-10-19 20:48 - 000000000 ____D C:\ProgramData\SWCUTemp
2017-10-19 20:31 - 2017-10-19 20:31 - 002402816 _____ (Farbar) C:\Users\Me\Desktop\FRST64.exe
2017-10-19 17:31 - 2017-10-19 17:31 - 000654346 _____ C:\Users\Me\Desktop\Kesef.pdf
2017-10-19 14:08 - 2017-10-19 14:08 - 000000000 ____D C:\Users\Me\AppData\Local\{DE329C49-3362-4727-8BC7-03504F7766F8}
2017-10-19 12:44 - 2017-10-19 12:44 - 000000000 ____D C:\Users\Me\AppData\Local\{6A2D3112-E83E-47BF-9AD4-531F7ACD9984}
2017-10-19 11:12 - 2017-10-19 11:12 - 000000000 ____D C:\Users\Me\AppData\Local\{9E64DB82-0EB3-454A-9B5C-41EBEF36A028}
2017-10-19 10:58 - 2017-10-19 10:58 - 005590760 _____ (Dmitri Karshakevich ) C:\Users\Me\Downloads\EZContactBook_4_4_1_20_Setup.exe
2017-10-19 09:28 - 2017-10-19 09:28 - 000000000 ____D C:\Users\Me\AppData\Local\{A56C4516-9A77-4C4E-8F7D-5F996109B358}
2017-10-18 23:00 - 2017-10-18 23:00 - 000000000 ____D C:\Users\Me\AppData\Local\{E2910DBB-D984-4D5D-9739-8D8AD0643072}
2017-10-18 19:30 - 2017-10-18 19:30 - 126925120 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2017-10-18 19:26 - 2017-10-18 19:26 - 000000000 ____D C:\Users\Me\AppData\Local\{F7197AB9-84F2-47EB-AB76-E92E0166DDDF}
2017-10-18 18:40 - 2017-10-18 18:40 - 000001882 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2017-10-18 18:40 - 2017-10-18 18:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2017-10-18 18:37 - 2017-10-08 15:13 - 000401488 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-10-18 18:32 - 2017-10-18 18:32 - 006654960 _____ (AVAST Software) C:\Users\Me\Downloads\avast_free_antivirus_setup_online_cnet2.exe
2017-10-18 18:29 - 2017-10-18 18:32 - 007161304 _____ (AVAST Software) C:\Users\Me\Downloads\avast_free_antivirus_setup_online.exe
2017-10-18 18:24 - 2017-10-18 18:24 - 000000000 ____D C:\Users\Me\AppData\Local\{3BDBF714-5AD9-4FE4-9571-BB19B8D551C5}
2017-10-18 18:23 - 2017-10-18 18:23 - 000000000 _____ C:\Windows\SysWOW64\last.dump
2017-10-17 08:08 - 2017-10-17 08:11 - 000000000 ____D C:\Users\Me\Desktop\New Contact Book BackUp
2017-10-13 09:59 - 2017-10-19 11:08 - 000000000 ____D C:\Users\Me\Desktop\Wiper
2017-10-02 08:36 - 2017-10-02 08:35 - 000555072 _____ (AVAST Software) C:\Windows\system32\Drivers\asw751d1f5f7966388b.tmp
2017-10-01 11:40 - 2017-10-17 14:17 - 000000000 ____D C:\Users\Me\Desktop\Psak
2017-10-01 11:39 - 2017-10-01 11:39 - 000151552 _____ C:\Windows\KMSEmulator.exe
2017-10-01 11:38 - 2017-10-01 11:38 - 000002244 _____ C:\Windows\System32\Tasks\AutoKMSCustom
2017-10-01 11:38 - 2017-10-01 11:38 - 000000162 _____ C:\Windows\Tasks\AutoKMSCustom.job
2017-10-01 11:24 - 2017-10-01 11:24 - 000000000 ____D C:\Windows\AutoKMS
2017-09-26 13:32 - 2017-09-26 13:32 - 000284522 _____ C:\Users\Me\Desktop\t.z tofes.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-19 20:48 - 2017-08-07 19:05 - 000000000 ____D C:\FRST
2017-10-19 20:42 - 2017-08-02 18:35 - 000000000 ____D C:\Users\Me\AppData\Roaming\Skype
2017-10-19 20:39 - 2017-08-07 18:02 - 000000000 ____D C:\Users\Me\Desktop\Repair
2017-10-19 18:07 - 2009-07-14 07:45 - 000028928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-10-19 18:07 - 2009-07-14 07:45 - 000028928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-10-19 18:03 - 2009-07-14 08:13 - 000785366 _____ C:\Windows\system32\PerfStringBackup.INI
2017-10-19 18:03 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\inf
2017-10-19 17:59 - 2017-09-04 00:24 - 000253888 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-10-19 17:58 - 2009-07-14 08:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-10-19 17:56 - 2017-08-10 21:16 - 000000000 ____D C:\AdwCleaner
2017-10-19 17:48 - 2017-08-02 20:47 - 000000000 ____D C:\Users\Me\AppData\Roaming\E-Z Contact Book
2017-10-19 15:32 - 2017-09-08 15:11 - 000003910 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{4B34436C-8BF2-4114-BC0B-BCFE5E82BF54}
2017-10-19 13:07 - 2017-08-15 08:30 - 000000000 ____D C:\Users\Me\AppData\LocalLow\Adblock Plus for IE
2017-10-19 11:00 - 2017-08-03 16:00 - 000001107 _____ C:\Users\Public\Desktop\E-Z Contact Book.lnk
2017-10-19 11:00 - 2017-08-03 16:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\E-Z Contact Book
2017-10-19 11:00 - 2017-08-02 20:47 - 000000000 ____D C:\Program Files (x86)\E-Z Contact Book
2017-10-18 19:33 - 2017-07-31 17:00 - 000000000 ____D C:\Windows\system32\MRT
2017-10-18 19:30 - 2017-07-31 16:59 - 126925120 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-10-18 19:09 - 2017-08-02 09:52 - 000002189 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-10-18 19:09 - 2017-08-02 09:52 - 000002177 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-10-18 18:55 - 2017-09-12 14:13 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-10-18 18:55 - 2017-08-02 09:49 - 000000000 ____D C:\Users\Me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-10-18 18:55 - 2017-08-02 09:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-10-18 18:55 - 2017-08-02 09:49 - 000000000 ____D C:\Program Files\WinRAR
2017-10-18 18:40 - 2017-08-02 11:04 - 000003914 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-10-18 18:35 - 2017-08-03 08:32 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-10-18 18:35 - 2017-08-03 08:32 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-10-18 18:35 - 2017-08-03 08:32 - 000004324 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-10-18 18:34 - 2017-08-03 08:32 - 000000000 ____D C:\Windows\system32\Macromed
2017-10-18 18:34 - 2017-08-03 08:31 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-10-18 18:19 - 2017-07-31 15:37 - 000000000 ____D C:\Users\Me
2017-10-18 18:16 - 2009-07-14 06:20 - 000000000 __RSD C:\Windows\Media
2017-10-18 18:16 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\rescache
2017-10-18 18:16 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\PolicyDefinitions
2017-10-18 18:16 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\AppCompat
2017-10-18 18:16 - 2009-07-14 06:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2017-10-18 18:15 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\registration
2017-10-15 10:02 - 2017-08-02 14:38 - 000000000 ____D C:\Users\Me\Desktop\myHebrwCv
2017-10-10 15:06 - 2017-09-12 14:22 - 000000000 ____D C:\Users\Me\AppData\LocalLow\Mozilla
2017-10-10 14:10 - 2017-08-06 15:28 - 000000000 ____D C:\Users\Me\AppData\Local\ElevatedDiagnostics
2017-10-08 15:13 - 2017-08-02 11:08 - 000343288 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-10-08 15:13 - 2017-08-02 11:08 - 000321032 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-10-08 15:13 - 2017-08-02 11:08 - 000198976 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-10-08 15:13 - 2017-08-02 11:08 - 000057736 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-10-08 15:13 - 2017-08-02 11:04 - 001020536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-10-08 15:13 - 2017-08-02 11:04 - 000587168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-10-08 15:13 - 2017-08-02 11:04 - 000363440 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-10-08 15:13 - 2017-08-02 11:04 - 000201352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-10-08 15:13 - 2017-08-02 11:04 - 000147776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-10-08 15:13 - 2017-08-02 11:04 - 000110376 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-10-08 15:13 - 2017-08-02 11:04 - 000084416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-10-08 15:13 - 2017-08-02 11:04 - 000047008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-10-08 15:13 - 2017-08-02 10:10 - 000000000 ____D C:\ProgramData\AVAST Software
2017-10-02 08:39 - 2017-08-02 19:57 - 000000000 ____D C:\Users\Me\AppData\Local\Windows Live
2017-09-30 22:14 - 2017-08-03 16:20 - 000000000 ____D C:\Users\Me\Desktop\יוכבד
2017-09-25 19:02 - 2017-08-02 11:04 - 000361784 _____ (AVAST Software) C:\Windows\system32\Drivers\asw 13916a9fe5b4d77.tmp

==================== Files in the root of some directories =======

2017-08-15 11:49 - 2017-08-15 11:49 - 000003584 _____ () C:\Users\Me\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-08-02 22:46 - 2017-08-02 22:46 - 000000057 _____ () C:\ProgramData\Ament.ini

Some files in TEMP:
====================
2013-10-05 11:38 - 2013-10-05 11:38 - 000455328 _____ (Microsoft Corporation) C:\Users\Me\AppData\Local\Temp\msvcp120.dll
2013-10-05 11:38 - 2013-10-05 11:38 - 000970912 _____ (Microsoft Corporation) C:\Users\Me\AppData\Local\Temp\msvcr120.dll
2016-07-31 03:08 - 2016-07-31 03:08 - 003112960 _____ (Jason York) C:\Users\Me\AppData\Local\Temp\pc-decrapifier.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-10-10 12:59

==================== End of FRST.txt ============================

Moses

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-10-2017 01
Ran by Me (19-10-2017 20:50:17)
Running from C:\Users\Me\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2017-07-31 12:37:33)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2293580261-1291186321-2028678180-500 - Administrator - Disabled)
Guest (S-1-5-21-2293580261-1291186321-2028678180-501 - Limited - Disabled)
Me (S-1-5-21-2293580261-1291186321-2028678180-1000 - Administrator - Enabled) => C:\Users\Me

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Malwarebytes (Disabled - Out of date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 17.00 beta (x64) (HKLM\...\7-Zip) (Version: 17.00 beta - Igor Pavlov)
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{F6FCA281-09CC-4753-990C-937B93A52C94}) (Version: 1.6 - Eyeo GmbH)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe Flash Player 27 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 27.0.0.170 - Adobe Systems Incorporated)
Ashampoo Burning Studio FREE v.1.14.5 (HKLM-x32\...\{91B33C97-91F8-FFB3-581B-BC952C901685}_is1) (Version: 1.14.5 - Ashampoo GmbH & Co. KG)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.7.2314 - AVAST Software)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
E-Z Contact Book version 4.4.1.20 (HKLM-x32\...\{1B758D8A-B999-45AD-B7AA-14D10FDC19D2}_is1) (Version: 4.4.1.20 - Dmitri Karshakevich)
GeekBuddy (HKLM-x32\...\{DF554A50-ABE5-4091-A1E9-2D2E7E5254B7}) (Version: 4.18.122 - Comodo Security Solutions Inc)
Google Chrome (HKLM-x32\...\{A7A76FD6-91B5-3C7F-B37D-DFDA03F5FBAE}) (Version: 62.0.3202.62 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.115 - Google Inc.) Hidden
HP Officejet Pro 6830 Basic Device Software (HKLM\...\{98040AB6-D667-409C-81E7-DB65836B3EE0}) (Version: 33.1.73.49987 - Hewlett-Packard Co.)
HP Officejet Pro 6830 Help (HKLM-x32\...\{28693307-6F99-4B5D-9FA3-4D9132DDA716}) (Version: 34.0.0 - Hewlett Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 20.4 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 13.3.3 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 13.3.3 - KLCP)
Malwarebytes version 3.2.2.2018 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2018 - Malwarebytes)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.161 - McAfee, Inc.)
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (HKLM-x32\...\{50816F92-1652-4A7C-B9BC-48F682742C4B}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 56.0 (x64 en-US) (HKLM\...\Mozilla Firefox 56.0 (x64 en-US)) (Version: 56.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 55.0.3 - Mozilla)
Product Improvement Study for HP Officejet Pro 6830 (HKLM\...\{96ABEAD3-67AE-4BF7-8A16-F745352049B3}) (Version: 33.1.73.49987 - Hewlett-Packard Co.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7680 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.0.3 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.3 - VS Revo Group, Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.103 - Skype Technologies S.A.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-10-18] (AVAST Software)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-10-18] (AVAST Software)
ContextMenuHandlers1: [WinCDEmu] -> {D0E37FD2-F675-426F-B09A-2CF37BA46FD5} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28] (Sysprogs OU)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers2: [WinCDEmu] -> {A9901FCD-B4DF-43A1-BD5D-6C9F88679497} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28] (Sysprogs OU)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-10-18] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2015-05-26] (Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-10-18] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
ContextMenuHandlers6: [WinCDEmu] -> {A9901FCD-B4DF-43A1-BD5D-6C9F88679497} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28] (Sysprogs OU)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00A5CB1B-6E8C-4063-AB19-50085DBE3783} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-08-02] (Google Inc.)
Task: {0668A67A-807F-40E3-897C-5E628C9CAD9F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-08-02] (Google Inc.)
Task: {1CE3E195-CF64-4C94-922B-096108302EBA} - System32\Tasks\HPCustParticipation HP Officejet Pro 6830 => C:\Program Files\HP\HP Officejet Pro 6830\Bin\HPCustPartic.exe [2014-07-18] (Hewlett-Packard Development Company, LP)
Task: {2EBA72C6-84B7-42C3-A5DB-AB5D2E8B8CFC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-10-18] (Adobe Systems Incorporated)
Task: {6297FC30-F740-4D67-B2E5-8F2BEA2B2A06} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-10-08] (AVAST Software)
Task: {69AAE511-DD8E-4C4B-BBE0-94298B855B0B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {7DA3353F-F707-4FDB-B9AC-8D25A57669AA} - \{A370589A-2F81-4005-A949-A5EFD4F307A0} -> No File <==== ATTENTION
Task: {C4FF82DD-FB81-419B-9ED7-73DACD21B640} - System32\Tasks\AutoKMSCustom => C:\Windows\AutoKMS\AutoKMS.exe [2017-10-01] ()
Task: {C5A241AE-DA09-40B9-B2B5-10352836E66A} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2017-07-07] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\AutoKMSCustom.job => C:\Windows\AutoKMS\AutoKMS.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Me\Favorites newest\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.htm
Shortcut: C:\Users\Me\Favorites\Links\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.htm

==================== Loaded Modules (Whitelisted) ==============

2017-10-18 18:23 - 2017-10-18 18:23 - 000067408 _____ () C:\Program Files\AVAST Software\Avast\x64\module_lifetime.dll
2017-10-18 18:23 - 2017-10-18 18:23 - 000169832 _____ () c:\Program Files\AVAST Software\Avast\x64\vaarclient.dll
2017-10-18 18:23 - 2017-10-18 18:23 - 000846752 _____ () C:\Program Files\AVAST Software\Avast\x64\ffl2.dll
2017-10-18 18:23 - 2017-10-18 18:23 - 000286712 _____ () c:\Program Files\AVAST Software\Avast\x64\StreamBack.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 004300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 008801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2017-07-31 15:46 - 2015-05-26 20:50 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2017-10-18 18:23 - 2017-10-18 18:23 - 000059040 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
2017-10-18 18:23 - 2017-10-18 18:23 - 000167096 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-10-18 18:23 - 2017-10-18 18:23 - 000217088 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-10-18 18:23 - 2017-10-18 18:23 - 000244584 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-10-18 18:23 - 2017-10-18 18:23 - 000151104 _____ () C:\Program Files\AVAST Software\Avast\network_notifications.dll
2017-10-19 13:23 - 2017-10-19 13:23 - 005881016 _____ () C:\Program Files\AVAST Software\Avast\defs\17101900\algo.dll
2017-10-18 18:23 - 2017-10-18 18:23 - 000700656 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-10-18 18:23 - 2017-10-18 18:23 - 000241448 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2017-10-19 17:58 - 2017-10-19 17:58 - 005882040 _____ () C:\Program Files\AVAST Software\Avast\defs\17101902\algo.dll
2017-08-02 11:08 - 2017-08-02 11:08 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-10-18 18:36 - 2017-10-18 18:36 - 000234280 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-08-17 16:51 - 2017-08-17 16:51 - 001993184 ____R () C:\Program Files (x86)\Skype\Phone\skypert.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 004300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 008801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2293580261-1291186321-2028678180-1000\...\localhost -> localhost

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 05:34 - 2009-06-11 00:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2293580261-1291186321-2028678180-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Me\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.100.102.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{A8293969-6983-4743-90BC-F32754D1C5EE}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{FD9AA708-B483-4441-92DC-D3C7B66A2239}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{76D88DC1-0818-4C8A-AAD6-C3197785DDB7}] => (Allow) LPort=2869
FirewallRules: [{D2DFE459-1A60-4770-B9F8-3E94587F5E4C}] => (Allow) LPort=1900
FirewallRules: [{25616596-68B8-4B46-A91D-9AEE5B6F2563}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{6AC80DBE-13FA-4FF6-92CA-49F4007D3686}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{451D4929-A555-4CF5-9FEC-3967A6FA8BD6}] => (Allow) C:\Program Files\HP\HP Officejet Pro 6830\bin\FaxApplications.exe
FirewallRules: [{9FE8B913-197E-47EC-819D-752C8DD3C4A1}] => (Allow) C:\Program Files\HP\HP Officejet Pro 6830\bin\DigitalWizards.exe
FirewallRules: [{EADEEC8D-592C-4A75-8B3E-E6CD3E74B438}] => (Allow) C:\Program Files\HP\HP Officejet Pro 6830\bin\SendAFax.exe
FirewallRules: [{6FB7AB05-A4EA-4F07-B479-610B884B9EA3}] => (Allow) C:\Program Files\HP\HP Officejet Pro 6830\Bin\DeviceSetup.exe
FirewallRules: [{41BA4218-E108-4AB6-A78D-4D3C9D33AE65}] => (Allow) LPort=5357
FirewallRules: [{A7C1A9DD-358A-42C3-8E71-A6EA31558F4E}] => (Allow) C:\Program Files\HP\HP Officejet Pro 6830\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{0887FBD3-129E-45B5-A0C3-87F1F46C72EA}] => (Allow) C:\Users\Public\Desktop\AnyDesk.exe
FirewallRules: [{625AB7A0-7191-4770-8DD2-E24899338B8B}] => (Allow) C:\Users\Public\Desktop\AnyDesk.exe
FirewallRules: [{7FE9B846-3A01-4F09-B34C-81568946C831}] => (Allow) C:\Users\Public\Desktop\AnyDesk.exe
FirewallRules: [{7879008A-E20A-4019-8360-61ED79F6F706}] => (Allow) C:\Users\Public\Desktop\AnyDesk.exe
FirewallRules: [{EC1747BC-90B5-4208-B585-79FC26206391}] => (Allow) C:\Users\Public\Desktop\AnyDesk.exe
FirewallRules: [{74DBAF03-7436-45D6-87BA-BF41A3FC2D8C}] => (Allow) C:\Users\Public\Desktop\AnyDesk.exe
FirewallRules: [{CD0E990E-2907-4603-A2F9-1D37E159CE85}] => (Allow) C:\Program Files\COMODO\cCloud\cCloud.exe
FirewallRules: [{3838C265-CBEB-498F-97CF-B95D9EEC69BF}] => (Allow) C:\Program Files\COMODO\cCloud\cCloud.exe
FirewallRules: [{EB364938-F295-4273-8124-368EC40D8A70}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{743EF904-EB58-4CAC-B064-CAEC19AD5A16}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{7627E9D5-A781-493B-A01C-182EFFE52D0B}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{BA358247-37A5-4B33-97CE-02FDB855E916}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{44F2C72A-385C-401C-B466-D50FD209E6B9}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{3D9812B9-A5E6-4BA9-B3D3-F0F6F4D8214C}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{1C0B78BF-E1CF-40E7-9732-9F1273FB65BE}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{4F58E42A-8A93-496F-AF6A-D12554234664}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{2CC3F529-0909-4D12-A250-B819B8ED412D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{36192CD6-F5E0-4E48-BAEB-4BB8EF605E31}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{3B7E5019-D126-4C06-9CF1-45D0A1D1183F}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe
FirewallRules: [UDP Query User{188D727F-AB10-43D2-AEC7-C0DB4972F020}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe
FirewallRules: [{59DDF6B6-7CF2-4437-92D0-621493F61125}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

11-10-2017 12:08:59 Windows Update
15-10-2017 19:51:51 JRT Pre-Junkware Removal
16-10-2017 17:34:33 JRT Pre-Junkware Removal
18-10-2017 17:39:58 JRT Pre-Junkware Removal
18-10-2017 18:05:06 Restore Operation
18-10-2017 19:28:03 Windows Update

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/19/2017 05:59:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/19/2017 09:19:26 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/18/2017 09:02:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/18/2017 06:46:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/18/2017 06:27:22 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.

Error: (10/18/2017 06:27:21 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.

Error: (10/18/2017 06:27:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.

Error: (10/18/2017 06:27:16 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.

Error: (10/18/2017 06:27:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.

Error: (10/18/2017 06:26:53 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.


System errors:
=============
Error: (10/19/2017 05:58:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AutoKMS service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (10/19/2017 05:58:48 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the AutoKMS service to connect.

Error: (10/19/2017 05:56:28 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.

Error: (10/19/2017 05:55:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MSCamSvc service terminated unexpectedly.  It has done this 1 time(s).

Error: (10/19/2017 05:55:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (10/19/2017 05:55:48 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (10/19/2017 05:55:48 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Office Software Protection Platform service terminated unexpectedly.  It has done this 1 time(s).

Error: (10/19/2017 12:17:02 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (10/19/2017 09:18:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AutoKMS service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (10/19/2017 09:18:34 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the AutoKMS service to connect.


CodeIntegrity:
===================================
  Date: 2017-08-19 21:55:25.259
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Me\Desktop\virtualCD\VCdRom.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-08-19 21:55:25.219
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Me\Desktop\virtualCD\VCdRom.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-08-19 21:51:22.534
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Me\Desktop\virtualCD\VCdRom.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-08-19 21:51:22.484
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Me\Desktop\virtualCD\VCdRom.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-08-19 21:49:37.725
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Me\Desktop\virtualCD\VCdRom.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-08-19 21:49:37.685
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Me\Desktop\virtualCD\VCdRom.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-08-19 21:49:04.340
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Me\Desktop\virtualCD\VCdRom.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-08-19 21:49:04.292
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Me\Desktop\virtualCD\VCdRom.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU G620 @ 2.60GHz
Percentage of memory in use: 80%
Total physical RAM: 1948.42 MB
Available physical RAM: 387.9 MB
Total Virtual: 3896.84 MB
Available Virtual: 1859.42 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:181.18 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: DC809A13)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Corrine

Hi, Moses.

It appears that I misunderstood something significant when you previously had a problem with your computer.  After spotting something disturbing in the current logs, I compared what was in the logs when I helped you before.  Then you had Microsoft Office Professional Plus 2013 which I had you uninstall because you did not have a legal license and provided the following instructions:

QuoteOrdinarily, if someone posted logs with a program used to validate pirated software, the thread would be closed and no help provided.  However, since you are a long-time member, I am giving you a brief pass. 

Start by uninstalling C:\Program Files\KMSpico\Service_KMS.exe.  Then follow that with uninstalling Microsoft Office Professional Plus 2013.  (If you still have the license information for Microsoft Office Professional Plus 2010 that was on your computer last year, you can reinstall that.)

However, I see that although you now have Microsoft Office Professional Plus 2010, you also have AutoKMS.exe and KMSEmulator.exe installed as a key generator to get a valid license for Microsoft Office.  Both are identified as trojans but beyond that, we do not support pirating software.

From Welcome to LandzDown - get computer help here!:

Quote1.  This site does not support the use of warez or "cracked" programs.  Support for, discussion of, or promotion of sites offering cracks, warez, torrents, pornography or any other illegal material or any software created to download any of the above (this includes nulled, copied or any other illegal software or operating systems) is forbidden.  The term "warez" includes, but is not limited to, software cracks, keygens, sharing private licenses and/or usernames & passwords, providing unauthorized copies of software including unofficial mirrors and file sharing, or any other means of circumventing the sale and/or distribution of software beyond those provided by the vendor.  If the presence of pirated/cracked software is detected on your computer, your topic will be closed. 


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

winchester73

Cracked/warez versions of programs sound "good" and "cheap", but they can cause all sorts of headaches for you and damage to your computer.  No reputable forum will support any method of cracking, warez, workarounds, providing any methods, tools, or posting of links designed for this express purpose.

There are people who have spent a great deal of money on developing and testing hardware and software, marketing and distributing it, and then on education and support for it. They have spent long, tedious, difficult and brain-numbing days/nights on their endeavor. They are attempting to make an honest living and feed their families.

Let's not support the thieves who rip them off and cheat them out of the fruits of their labor.

This thread is now closed.
Speak softly, but carry a big Winchester ... Winchester Arms Collectors Association member