Jump to content


Photo

Web Page Not Responding


  • This topic is locked This topic is locked
15 replies to this topic

#1 billydc

billydc

    Member

  • Members
  • 92 posts

Posted 02 January 2017 - 09:17 AM

Acer Aspire laptop,Win 7, IE 11.

 

When accessing web pages the page freezes and a message at bottom of page appears "****** is not responding".

Any suggestions as to what is causing this?

 

Thank you.



#2 Juliet

Juliet

    Advanced Member

  • Trusted Malware Techs
  • 23,186 posts
  • Gender:Female


Posted 02 January 2017 - 09:33 AM

Please temporarily disable your antivirus to download and run this tool.
help on disabling your protection programs here

scroll through the list to find the one you have on your machine.

~~~~

xlK5Hdb.pngFarbar Recovery Scan Tool (FRST) Scan
  • Please download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) and save the file to your Desktop.
  • Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.
  • Right-Click FRST.exe / FRST64.exe and select AVOiBNU.jpgRun as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.


Please do not PM me for HJT help, we all benefit from posting on the open board.
Want to help others? Join the ClassRoom and learn how.
MS - MVP Consumer Security 2009 - 2016, Windows Insider MVP 2017

#3 billydc

billydc

    Member

  • Members
  • 92 posts

Posted 02 January 2017 - 10:00 AM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-01-2017
Ran by Bill_C (02-01-2017 08:53:27)
Running from C:\Users\Bill_C\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2014-12-23 23:39:09)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1897733263-3325636753-2548154444-500 - Administrator - Disabled)
Bill_C (S-1-5-21-1897733263-3325636753-2548154444-1000 - Administrator - Enabled) => C:\Users\Bill_C
Guest (S-1-5-21-1897733263-3325636753-2548154444-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1897733263-3325636753-2548154444-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Microsoft Security Essentials (Disabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.105 - NTI Corporation)
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{A0382E3C-7384-429A-9BFA-AF5888E5A193}) (Version: 1.5.2904.00 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.5.2904.00 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3010 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3508 - Acer Incorporated)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3507 - Acer Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Backup Manager V3 (x32 Version: 3.0.0.105 - NTI Corporation) Hidden
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.2.0.10 - Citrix Systems, Inc.)
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.00.3006 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.00.3006 - Acer Incorporated)
clear.fi SDK - MVP 2 (x32 Version: 2.0.1702 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (x32 Version: 2.0.1707 - CyberLink Corp.) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3503 - Acer Incorporated)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2752 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
Malwarebytes version 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.9006 - NTI Corporation) Hidden
Online Plug-in (x32 Version: 14.2.0.10 - Citrix Systems, Inc.) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.312 - Qualcomm Atheros Communications)
Qualcomm Atheros Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.19 - Qualcomm Atheros Inc.)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.21 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.28145 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7027 - Realtek Semiconductor Corp.)
Self-service Plug-in (x32 Version: 4.2.0.2495 - Citrix Systems, Inc.) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.4.4 - Synaptics Incorporated)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {5287A241-0CAF-4A92-AF9D-AE6D8702ED08} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {8FCF9B83-6459-4D14-9268-05BAB76B2910} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {AE6E3F71-83ED-4740-B39C-7DE59B160636} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2012-04-05] (Acer Incorporated)
Task: {B9E8EEA7-FF90-46BB-B219-CBE994216189} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\Notification.exe [2012-03-15] (Acer)
Task: {E6565F82-A925-4823-A252-9071DC4A0F30} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-13] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2017-01-01 18:07 - 2016-12-14 12:55 - 02259232 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-01-01 18:07 - 2016-12-14 12:55 - 02813904 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
2017-01-01 18:07 - 2016-12-14 12:55 - 02247632 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2013-11-28 23:32 - 2013-11-28 23:32 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2012-09-26 17:41 - 2012-09-26 17:41 - 00465384 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2012-09-26 17:41 - 2012-09-26 17:41 - 01081408 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2012-09-26 17:41 - 2012-09-26 17:41 - 00125504 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2014-05-22 01:26 - 2012-06-24 20:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-1897733263-3325636753-2548154444-1000\...\doubleclick.net -> hxxp://ad.doubleclick.net

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1897733263-3325636753-2548154444-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Bill_C\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: BackupManagerTray => "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
MSCONFIG\startupreg: CitrixReceiver => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
MSCONFIG\startupreg: ConnectionCenter => "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: mcui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: Power Management => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
MSCONFIG\startupreg: Redirector => "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup
MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
MSCONFIG\startupreg: SuiteTray => "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{FE37E385-8710-42FD-88FE-B7F22A3509AE}] => C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{E48FDA38-F1A7-4A67-9B75-28A439250B79}] => C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{0D9C0823-159B-452D-8E73-9E9FC10CD802}] => C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{24EEEA5F-9F44-48E4-A142-AAA1CA4C910E}] => C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{E8CC470C-48B4-4E39-89F4-5F33C8FF767A}] => C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{3B0D5CE3-9C19-42CE-8943-B12046B698BE}] => C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{F6856392-5DF0-42B5-9716-D1C873B93EA1}] => C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{34ACB152-AC78-4ED0-B351-C7FAD9380D69}] => C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{7611EFE2-9847-42AB-B81D-40431B89952B}] => C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{D8A73FC5-603B-4CEC-A6FD-94FD6DF34F10}] => C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{D3B59903-AC70-428C-BE73-BC25FE4C2BDF}] => C:\Program Files (x86)\Acer\clear.fi SDK20\Movie\PlayMovie.exe
FirewallRules: [{4078295D-3AFC-456C-B178-2991B0B4E27F}] => C:\Program Files (x86)\Acer\clear.fi SDK20\MVP\VideoPlayer.exe
FirewallRules: [{1C5E2E22-CCE0-44E3-B79B-F170FFCC3BD9}] => C:\Program Files (x86)\Acer\clear.fi SDK20\MVP\MusicPlayer.exe
FirewallRules: [{E065EC80-BB99-4ABE-9739-6474E3CC9DD3}] => C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{F9914B8B-0E1D-4A3B-A438-342EADE5E380}] => C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe

==================== Restore Points =========================

11-12-2016 12:23:46 Windows Update
13-12-2016 19:24:04 Windows Update
17-12-2016 18:30:20 Windows Update
21-12-2016 18:14:58 Windows Update
25-12-2016 10:13:38 Windows Update
29-12-2016 18:16:38 Windows Update

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (01/02/2017 08:23:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.18538, time stamp: 0x58274b59
Faulting module name: IEFRAME.dll, version: 11.0.9600.18538, time stamp: 0x582753cc
Exception code: 0xc0000005
Fault offset: 0x0000000000223c3f
Faulting process id: 0xc7c
Faulting application start time: 0x01d26503a8c3cf3c
Faulting application path: C:\Program Files\Internet Explorer\iexplore.exe
Faulting module path: C:\Windows\system32\IEFRAME.dll
Report Id: fe89d7e2-d0f6-11e6-a7f7-202564d98031

Error: (01/02/2017 07:12:01 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.18538 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: f70

Start Time: 01d264f9ae7d911b

Termination Time: 16

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (01/02/2017 07:11:08 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.18538 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: e18

Start Time: 01d264f7562b7046

Termination Time: 30

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (01/02/2017 06:39:31 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/01/2017 07:06:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.18538 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: c60

Start Time: 01d264944d7233f0

Termination Time: 15

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (01/01/2017 07:05:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.18538 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: af0

Start Time: 01d264943a6e55e0

Termination Time: 16

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (01/01/2017 07:04:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.18538 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 93c

Start Time: 01d264923a2a2794

Termination Time: 28

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (01/01/2017 06:50:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.18538 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: e40

Start Time: 01d2648f9bcd0019

Termination Time: 53

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (01/01/2017 03:50:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.18538 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: df4

Start Time: 01d26478f06be4e6

Termination Time: 20

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (01/01/2017 03:48:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.18538 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: c80

Start Time: 01d264788d037e45

Termination Time: 16

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

System errors:
=============
Error: (01/02/2017 08:13:34 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (01/02/2017 08:13:34 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (01/02/2017 08:12:53 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (01/02/2017 08:12:53 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (01/02/2017 06:52:45 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (01/02/2017 06:52:45 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (01/02/2017 06:52:45 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (01/02/2017 06:52:45 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (01/01/2017 10:16:33 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version: 1.233.3706.0

 Update Source: Microsoft Malware Protection Center

 Update Stage: Search

 Source Path: http://go.microsoft....5D-99752CCA7094

 Signature Type: AntiSpyware

 Update Type: Full

 User: NT AUTHORITY\NETWORK SERVICE

 Current Engine Version:

 Previous Engine Version: 1.1.13303.0

 Error code: 0x800704e8

 Error description: The remote system is not available. For information about network troubleshooting, see Windows Help.

Error: (01/01/2017 10:16:33 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version: 1.233.3706.0

 Update Source: Microsoft Malware Protection Center

 Update Stage: Search

 Source Path: http://go.microsoft....5D-99752CCA7094

 Signature Type: AntiVirus

 Update Type: Full

 User: NT AUTHORITY\NETWORK SERVICE

 Current Engine Version:

 Previous Engine Version: 1.1.13303.0

 Error code: 0x800704e8

 Error description: The remote system is not available. For information about network troubleshooting, see Windows Help.

==================== Memory info ===========================

Processor: Intel® Pentium® CPU 2020M @ 2.40GHz
Percentage of memory in use: 53%
Total physical RAM: 3934.36 MB
Available physical RAM: 1810.59 MB
Total Virtual: 7866.89 MB
Available Virtual: 5505.33 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:446.66 GB) (Free:392.08 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 7C819AB2)
Partition 1: (Not Active) - (Size=19 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=446.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-01-2017
Ran by Bill_C (administrator) on BILL_C-PC (02-01-2017 08:52:15)
Running from C:\Users\Bill_C\Downloads
Loaded Profiles: Bill_C (Available Profiles: Bill_C)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_24_0_0_186_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
HKLM-x32\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [407904 2014-11-27] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153952 2014-11-27] (Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-11-28] (Qualcomm®Atheros®)
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-1897733263-3325636753-2548154444-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{EFD6C6A1-8F70-4FD6-8254-401C3CBEA554}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKU\S-1-5-21-1897733263-3325636753-2548154444-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://att.net/
HKU\S-1-5-21-1897733263-3325636753-2548154444-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1897733263-3325636753-2548154444-1000 -> {4A81F57D-C49F-4882-B8CC-A3C734C24AEF} URL =
BHO: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2014-11-27] (Citrix Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [318592 2013-11-28] (Windows ® Win 7 DDK provider) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256576 2012-09-26] (NTI Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2013-11-28] (Qualcomm Atheros)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77416 2016-12-14] ()
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [128200 2013-06-19] (Qualcomm Atheros Co., Ltd.)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [176064 2017-01-01] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [102856 2017-01-02] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-01-02] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [250816 2017-01-02] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [81696 2017-01-02] (Malwarebytes)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-02 08:52 - 2017-01-02 08:53 - 00011527 _____ C:\Users\Bill_C\Downloads\FRST.txt
2017-01-02 08:50 - 2017-01-02 08:52 - 00000000 ____D C:\FRST
2017-01-02 08:49 - 2017-01-02 08:49 - 02418176 _____ (Farbar) C:\Users\Bill_C\Downloads\FRST64 (1).exe
2017-01-02 08:47 - 2017-01-02 08:50 - 02418176 _____ (Farbar) C:\Users\Bill_C\Downloads\FRST64.exe
2017-01-01 18:08 - 2017-01-02 06:39 - 00081696 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-01-01 18:08 - 2017-01-02 06:38 - 00250816 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-01-01 18:08 - 2017-01-02 06:38 - 00102856 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-01-01 18:08 - 2017-01-02 06:38 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-01-01 18:08 - 2017-01-01 18:08 - 00176064 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-01-01 18:07 - 2017-01-01 18:07 - 00001871 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-01-01 18:07 - 2017-01-01 18:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-01-01 18:07 - 2017-01-01 18:07 - 00000000 ____D C:\Program Files\Malwarebytes
2017-01-01 18:07 - 2016-12-14 12:55 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys
2016-12-31 06:02 - 2017-01-02 06:37 - 00000280 _____ C:\Windows\setupact.log
2016-12-31 06:02 - 2016-12-31 06:02 - 00000000 _____ C:\Windows\setuperr.log
2016-12-13 19:14 - 2016-11-21 12:16 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-12-13 19:14 - 2016-11-21 12:16 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-12-13 19:14 - 2016-11-21 12:12 - 01462272 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-12-13 19:14 - 2016-11-21 12:12 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-12-13 19:14 - 2016-11-21 12:12 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-12-13 19:14 - 2016-11-21 12:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-12-13 19:14 - 2016-11-21 12:12 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-12-13 19:14 - 2016-11-21 12:12 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-12-13 19:14 - 2016-11-21 12:12 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-12-13 19:14 - 2016-11-21 12:12 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-12-13 19:14 - 2016-11-21 12:12 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-12-13 19:14 - 2016-11-21 12:12 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-12-13 19:14 - 2016-11-21 12:12 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-12-13 19:14 - 2016-11-21 12:12 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-12-13 19:14 - 2016-11-21 12:12 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2016-12-13 19:14 - 2016-11-21 12:12 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2016-12-13 19:14 - 2016-11-21 12:12 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-12-13 19:14 - 2016-11-21 12:12 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-12-13 19:14 - 2016-11-21 12:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-12-13 19:14 - 2016-11-21 12:12 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-12-13 19:14 - 2016-11-21 12:12 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-12-13 19:14 - 2016-11-21 12:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-12-13 19:14 - 2016-11-20 10:20 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-12-13 19:14 - 2016-11-20 10:20 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-12-13 19:14 - 2016-11-20 10:20 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-12-13 19:14 - 2016-11-20 10:20 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2016-12-13 19:14 - 2016-11-20 10:20 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-12-13 19:14 - 2016-11-20 10:19 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-12-13 19:14 - 2016-11-20 10:19 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-12-13 19:14 - 2016-11-20 10:19 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-12-13 19:14 - 2016-11-20 10:19 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-12-13 19:14 - 2016-11-20 10:19 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-12-13 19:14 - 2016-11-20 10:19 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-12-13 19:14 - 2016-11-20 10:19 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-12-13 19:14 - 2016-11-20 10:19 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-12-13 19:14 - 2016-11-20 10:19 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2016-12-13 19:14 - 2016-11-20 10:19 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-12-13 19:14 - 2016-11-20 10:19 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-12-13 19:14 - 2016-11-20 10:19 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-12-13 19:14 - 2016-11-20 10:04 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-12-13 19:14 - 2016-11-20 09:58 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-12-13 19:14 - 2016-11-20 09:57 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-12-13 19:14 - 2016-11-20 09:57 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-12-13 19:14 - 2016-11-20 09:57 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-12-13 19:14 - 2016-11-20 09:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-12-13 19:14 - 2016-11-20 09:52 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-12-13 19:14 - 2016-11-20 08:07 - 00467392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-12-13 19:14 - 2016-11-17 10:41 - 00370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2016-12-13 19:14 - 2016-11-14 17:27 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-12-13 19:14 - 2016-11-14 16:39 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-12-13 19:14 - 2016-11-12 13:48 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-12-13 19:14 - 2016-11-12 13:48 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-12-13 19:14 - 2016-11-12 13:28 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-12-13 19:14 - 2016-11-12 13:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-12-13 19:14 - 2016-11-12 13:26 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-12-13 19:14 - 2016-11-12 13:25 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-12-13 19:14 - 2016-11-12 13:25 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-12-13 19:14 - 2016-11-12 13:21 - 02896384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-12-13 19:14 - 2016-11-12 13:15 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-12-13 19:14 - 2016-11-12 13:14 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-12-13 19:14 - 2016-11-12 13:09 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-12-13 19:14 - 2016-11-12 13:08 - 25759744 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-12-13 19:14 - 2016-11-12 13:08 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-12-13 19:14 - 2016-11-12 13:08 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-12-13 19:14 - 2016-11-12 13:07 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-12-13 19:14 - 2016-11-12 13:07 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-12-13 19:14 - 2016-11-12 12:56 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-12-13 19:14 - 2016-11-12 12:53 - 06049280 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-12-13 19:14 - 2016-11-12 12:52 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-12-13 19:14 - 2016-11-12 12:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-12-13 19:14 - 2016-11-12 12:41 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-12-13 19:14 - 2016-11-12 12:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-12-13 19:14 - 2016-11-12 12:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-12-13 19:14 - 2016-11-12 12:34 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-12-13 19:14 - 2016-11-12 12:31 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-12-13 19:14 - 2016-11-12 12:30 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-12-13 19:14 - 2016-11-12 12:29 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-12-13 19:14 - 2016-11-12 12:29 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-12-13 19:14 - 2016-11-12 12:29 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-12-13 19:14 - 2016-11-12 12:28 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-12-13 19:14 - 2016-11-12 12:27 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-12-13 19:14 - 2016-11-12 12:20 - 02287616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-12-13 19:14 - 2016-11-12 12:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-12-13 19:14 - 2016-11-12 12:19 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-12-13 19:14 - 2016-11-12 12:17 - 20302848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-12-13 19:14 - 2016-11-12 12:15 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-12-13 19:14 - 2016-11-12 12:14 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-12-13 19:14 - 2016-11-12 12:14 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-12-13 19:14 - 2016-11-12 12:14 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-12-13 19:14 - 2016-11-12 12:14 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-12-13 19:14 - 2016-11-12 12:11 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-12-13 19:14 - 2016-11-12 12:10 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-12-13 19:14 - 2016-11-12 12:08 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-12-13 19:14 - 2016-11-12 12:08 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-12-13 19:14 - 2016-11-12 12:03 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-12-13 19:14 - 2016-11-12 11:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-12-13 19:14 - 2016-11-12 11:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-12-13 19:14 - 2016-11-12 11:52 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-12-13 19:14 - 2016-11-12 11:51 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-12-13 19:14 - 2016-11-12 11:49 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-12-13 19:14 - 2016-11-12 11:47 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-12-13 19:14 - 2016-11-12 11:41 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-12-13 19:14 - 2016-11-12 11:40 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-12-13 19:14 - 2016-11-12 11:38 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-12-13 19:14 - 2016-11-12 11:37 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-12-13 19:14 - 2016-11-12 11:36 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-12-13 19:14 - 2016-11-12 11:36 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-12-13 19:14 - 2016-11-12 11:35 - 02920960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-12-13 19:14 - 2016-11-12 11:21 - 13653504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-12-13 19:14 - 2016-11-12 11:20 - 01543680 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-12-13 19:14 - 2016-11-12 11:11 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-12-13 19:14 - 2016-11-12 11:05 - 02444800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-12-13 19:14 - 2016-11-12 11:02 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-12-13 19:14 - 2016-11-12 11:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-12-13 19:14 - 2016-11-10 10:32 - 01009152 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-12-13 19:14 - 2016-11-10 10:19 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-12-13 19:14 - 2016-11-09 10:41 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-12-13 19:14 - 2016-11-09 10:33 - 03244032 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-12-13 19:14 - 2016-11-09 10:33 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-12-13 19:14 - 2016-11-09 10:33 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-12-13 19:14 - 2016-11-09 10:33 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-12-13 19:14 - 2016-11-09 10:33 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-12-13 19:14 - 2016-11-09 10:33 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-12-13 19:14 - 2016-11-09 10:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-12-13 19:14 - 2016-11-09 10:17 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-12-13 19:14 - 2016-11-09 10:17 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2016-12-13 19:14 - 2016-11-09 10:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2016-12-13 19:14 - 2016-11-09 10:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-12-13 19:14 - 2016-11-09 10:02 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-12-13 19:14 - 2016-11-09 09:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2016-12-13 19:14 - 2016-11-06 10:33 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-12-13 19:14 - 2016-11-06 10:16 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-12-13 19:14 - 2016-11-06 10:01 - 03219456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-12-13 19:14 - 2016-10-27 09:33 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2016-12-13 19:14 - 2016-10-27 09:20 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2016-12-13 19:14 - 2016-10-11 09:40 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-12-13 19:14 - 2016-10-11 09:37 - 05547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-12-13 19:14 - 2016-10-11 09:37 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-12-13 19:14 - 2016-10-11 09:34 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-12-13 19:14 - 2016-10-11 09:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-12-13 19:14 - 2016-10-11 09:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-12-13 19:14 - 2016-10-11 09:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-12-13 19:14 - 2016-10-11 09:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-12-13 19:14 - 2016-10-11 09:32 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2016-12-13 19:14 - 2016-10-11 09:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-12-13 19:14 - 2016-10-11 09:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-12-13 19:14 - 2016-10-11 09:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-12-13 19:14 - 2016-10-11 09:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-12-13 19:14 - 2016-10-11 09:31 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-12-13 19:14 - 2016-10-11 09:31 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-12-13 19:14 - 2016-10-11 09:31 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-12-13 19:14 - 2016-10-11 09:31 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-12-13 19:14 - 2016-10-11 09:31 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-12-13 19:14 - 2016-10-11 09:31 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-12-13 19:14 - 2016-10-11 09:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-12-13 19:14 - 2016-10-11 09:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-12-13 19:14 - 2016-10-11 09:31 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-12-13 19:14 - 2016-10-11 09:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-12-13 19:14 - 2016-10-11 09:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-12-13 19:14 - 2016-10-11 09:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-12-13 19:14 - 2016-10-11 09:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-12-13 19:14 - 2016-10-11 09:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-12-13 19:14 - 2016-10-11 09:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-12-13 19:14 - 2016-10-11 09:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-12-13 19:14 - 2016-10-11 09:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-12-13 19:14 - 2016-10-11 09:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-12-13 19:14 - 2016-10-11 09:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-12-13 19:14 - 2016-10-11 09:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-12-13 19:14 - 2016-10-11 09:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-12-13 19:14 - 2016-10-11 09:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-12-13 19:14 - 2016-10-11 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-12-13 19:14 - 2016-10-11 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-12-13 19:14 - 2016-10-11 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-12-13 19:14 - 2016-10-11 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-12-13 19:14 - 2016-10-11 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-12-13 19:14 - 2016-10-11 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-12-13 19:14 - 2016-10-11 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-12-13 19:14 - 2016-10-11 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-12-13 19:14 - 2016-10-11 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-12-13 19:14 - 2016-10-11 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-12-13 19:14 - 2016-10-11 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-12-13 19:14 - 2016-10-11 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-12-13 19:14 - 2016-10-11 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-12-13 19:14 - 2016-10-11 09:24 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-12-13 19:14 - 2016-10-11 09:24 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-12-13 19:14 - 2016-10-11 09:21 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-12-13 19:14 - 2016-10-11 09:18 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-12-13 19:14 - 2016-10-11 09:18 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-12-13 19:14 - 2016-10-11 09:18 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-12-13 19:14 - 2016-10-11 09:18 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
2016-12-13 19:14 - 2016-10-11 09:18 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-12-13 19:14 - 2016-10-11 09:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-12-13 19:14 - 2016-10-11 09:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-12-13 19:14 - 2016-10-11 09:18 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-12-13 19:14 - 2016-10-11 09:18 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-12-13 19:14 - 2016-10-11 09:18 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-12-13 19:14 - 2016-10-11 09:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-12-13 19:14 - 2016-10-11 09:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-12-13 19:14 - 2016-10-11 09:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-12-13 19:14 - 2016-10-11 09:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-12-13 19:14 - 2016-10-11 09:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-12-13 19:14 - 2016-10-11 09:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-12-13 19:14 - 2016-10-11 09:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-12-13 19:14 - 2016-10-11 09:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-12-13 19:14 - 2016-10-11 09:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-12-13 19:14 - 2016-10-11 09:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-12-13 19:14 - 2016-10-11 09:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-12-13 19:14 - 2016-10-11 09:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-12-13 19:14 - 2016-10-11 09:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-12-13 19:14 - 2016-10-11 09:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-12-13 19:14 - 2016-10-11 09:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-12-13 19:14 - 2016-10-11 09:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-12-13 19:14 - 2016-10-11 09:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-12-13 19:14 - 2016-10-11 09:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-12-13 19:14 - 2016-10-11 09:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-dela


#4 Juliet

Juliet

    Advanced Member

  • Trusted Malware Techs
  • 23,186 posts
  • Gender:Female


Posted 02 January 2017 - 10:57 AM

that really didn't show much other then IE is crashing, but you knew that already.

By chance, could you try safe mode with networking and see if IE runs as expected?, this would rule out security software interfering

~~~~~~~~~~~~~~`
Running from C:\Users\Bill_C\Downloads

It's best we move Farbar's to desktop.

Please go to your downloads folder, locate Farbar Recovery Scan Tool, right click and select CUT
Go to an open spot on your desktop, right click and select PASTE
You should now have Farbar Recovery Scan Tool on your desktop.


Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)


FRSTfix.JPG

 

start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1897733263-3325636753-2548154444-1000 -> {4A81F57D-C49F-4882-B8CC-A3C734C24AEF} URL =
BHO: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File
C:\Users\Bill_C\AppData\Local\Temp\libeay32.dll
C:\Users\Bill_C\AppData\Local\Temp\msvcr120.dll
C:\Users\Bill_C\AppData\Local\Temp\sqlite3.dll
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
Hosts:
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
End


Open FRST/FRST64 and press the > Fix < button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
~~~~~~~~~~~~~~~~~~~``

This repair may take quite a bit of time.

Tweaking.com - Windows Repair All-In-One (Portable)

- Download Windows Repair All-In-One (Portable Version) from here.

- Extract tweaking.com_windows_repair_aio.zip to your Desktop.

- Disable all your antivirus and antimalware software - see how to do that here.
- Right click on QfBzvq1.png and select Run as Administrator (XP users just double click) to start Windows Repair All-In-One.
(Windows Vista/7/8 users: Accept UAC warning if it is enabled.)

- A window will appear. Click Step 2.
2f8o60N.png

- Click the Open Pre-Scan button, then click Start Scan. Wait for Windows Repair to finish scanning.

- Depending on which error Windows Repair found, click Repair Reparse Point or Repair Environment Variable accordingly. When the button changes to "Done!", click the close button to return to Windows Repair.

- Go to Step 3, then click Check in the See If Check Disk Is Needed.

- If Windows Repair stated that errors are found, click Open Check Disk At Next Boot. Choose (/R) Fixes errors on the disk also locate bad sectors and recovers readable information, then click Add To Next Boot. Reboot the computer to let Windows check the disk.
Ymy7crZ.png

- Go to Step 4, then click Do It.
zDtdN75.png

- Go to Step 5. Under System Restore click Create.
f7lEe1N.png

- Go to Repairs and click Open Repairs. Leave all checkmarks as they are, then click Start Repairs.
PGv2vtD.png

- By default Windows Repair All-In-One will create a "Logs" folder in its folder on the Desktop. Please post the contents of the log in your next reply.
Please do not PM me for HJT help, we all benefit from posting on the open board.
Want to help others? Join the ClassRoom and learn how.
MS - MVP Consumer Security 2009 - 2016, Windows Insider MVP 2017

#5 billydc

billydc

    Member

  • Members
  • 92 posts

Posted 02 January 2017 - 04:17 PM

FIXlog:

Fix result of Farbar Recovery Scan Tool (x64) Version: 01-01-2017
Ran by Bill_C (02-01-2017 10:31:53) Run:1
Running from C:\Users\Bill_C\Desktop
Loaded Profiles: Bill_C (Available Profiles: Bill_C)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Quote

start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1897733263-3325636753-2548154444-1000 -> {4A81F57D-C49F-4882-B8CC-A3C734C24AEF} URL =
BHO: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File
C:\Users\Bill_C\AppData\Local\Temp\libeay32.dll
C:\Users\Bill_C\AppData\Local\Temp\msvcr120.dll
C:\Users\Bill_C\AppData\Local\Temp\sqlite3.dll
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
Hosts:
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
End

*****************

Quote => Error: No automatic fix found for this entry.
Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\IsMyWinLockerReboot => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\IsMyWinLockerReboot => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\IsMyWinLockerReboot => value removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKU\S-1-5-21-1897733263-3325636753-2548154444-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4A81F57D-C49F-4882-B8CC-A3C734C24AEF} => key removed successfully
HKCR\CLSID\{4A81F57D-C49F-4882-B8CC-A3C734C24AEF} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} => key removed successfully
HKCR\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} => key not found.
C:\Users\Bill_C\AppData\Local\Temp\libeay32.dll => moved successfully
C:\Users\Bill_C\AppData\Local\Temp\msvcr120.dll => moved successfully
C:\Users\Bill_C\AppData\Local\Temp\sqlite3.dll => moved successfully

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

========= netsh winsock reset all =========

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

========= End of CMD: =========

========= netsh int ipv4 reset =========

Reseting Global, OK!
Reseting Interface, OK!
Restart the computer to complete this action.

========= End of CMD: =========

========= netsh int ipv6 reset =========

Reseting Interface, OK!
Restart the computer to complete this action.

========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.

 

========= End of Reg: =========

========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.

 

========= End of Reg: =========

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 6366451 B
Java, Flash, Steam htmlcache => 1378 B
Windows/system/drivers => 546496992 B
Edge => 0 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 16802 B
systemprofile32 => 66356 B
LocalService => 0 B
NetworkService => 83296846 B
Bill_C => 290941181 B

RecycleBin => 54200032 B
EmptyTemp: => 943.9 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 10:32:52 ====

 

 

 

Windows Repair Log:

Tweaking.com - Windows Repair v3.9.20
--------------------------------------------------------------------------------

System Variables
--------------------------------------------------------------------------------
OS: Windows 7 Home Premium
OS Architecture: 64-bit
OS Version: 6.1.7601.23615
OS Service Pack: Service Pack 1
Computer Name: BILL_C-PC
Windows Drive: C:\
Windows Path: C:\Windows
Program Files: C:\Program Files
Program Files (x86): C:\Program Files (x86)
Current Profile: C:\Users\Bill_C
Current Profile SID: S-1-5-21-1897733263-3325636753-2548154444-1000
Current Profile Classes: S-1-5-21-1897733263-3325636753-2548154444-1000_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\Windows\ServiceProfiles
Local Settings AppData: C:\Users\Bill_C\AppData\Local
--------------------------------------------------------------------------------

System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 00:38:49

Process Count: 58
Commit Total: 1.59 GB
Commit Limit: 7.68 GB
Commit Peak: 1.62 GB
Handle Count: 16810
Kernel Total: 440.43 MB
Kernel Paged: 330.48 MB
Kernel Non Paged: 109.95 MB
System Cache: 2.37 GB
Thread Count: 744
--------------------------------------------------------------------------------

Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 3.84 GB
Memory Used: 1.58 GB(41.2179%)
Memory Avail.: 2.26 GB
--------------------------------------------------------------------------------

Cleaning Memory Before Starting Repairs...

Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 3.84 GB
Memory Used: 1.32 GB(34.3377%)
Memory Avail.: 2.52 GB
--------------------------------------------------------------------------------

Starting Repairs...
   Started at (1/2/2017 2:25:11 PM)

Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...
Total Missing 'InstallDate' Fixed: 40
 
01 - Reset Registry Permissions
   Restore Windows 7/8/10 Default Registry Permissions
   Start (1/2/2017 2:25:13 PM)

Decompressing & Updating Windows Permission File C:\Users\Bill_C\Desktop\tweaking.com_windows_repair_aio\Tweaking.com - Windows Repair\files\permissions\7\hku.7z
Done,  0.37 seconds.

Decompressing & Updating Windows Permission File C:\Users\Bill_C\Desktop\tweaking.com_windows_repair_aio\Tweaking.com - Windows Repair\files\permissions\7\hklm.7z
Done,  2.68 seconds.

   Running Repair Under System Account
   Done (1/2/2017 2:34:54 PM)

Reset File Permissions: C:
   C: & Sub Folders
   Start (1/2/2017 2:34:54 PM)

   Running Repair Under Current User Account
   Done (1/2/2017 2:45:24 PM)

Reset File Permissions
   Restore Windows 7/8/10 Default File Permissions
   Start (1/2/2017 2:45:24 PM)

Decompressing & Updating Windows Permission File C:\Users\Bill_C\Desktop\tweaking.com_windows_repair_aio\Tweaking.com - Windows Repair\files\permissions\7\default.7z
Done,  0.36 seconds.

Decompressing & Updating Windows Permission File C:\Users\Bill_C\Desktop\tweaking.com_windows_repair_aio\Tweaking.com - Windows Repair\files\permissions\7\profile.7z
Done,  0.42 seconds.

Decompressing & Updating Windows Permission File C:\Users\Bill_C\Desktop\tweaking.com_windows_repair_aio\Tweaking.com - Windows Repair\files\permissions\7\program_files.7z
Done,  0.38 seconds.

Decompressing & Updating Windows Permission File C:\Users\Bill_C\Desktop\tweaking.com_windows_repair_aio\Tweaking.com - Windows Repair\files\permissions\7\program_files_x86.7z
Done,  0.26 seconds.

Decompressing & Updating Windows Permission File C:\Users\Bill_C\Desktop\tweaking.com_windows_repair_aio\Tweaking.com - Windows Repair\files\permissions\7\programdata.7z
Done,  0.23 seconds.

Decompressing & Updating Windows Permission File C:\Users\Bill_C\Desktop\tweaking.com_windows_repair_aio\Tweaking.com - Windows Repair\files\permissions\7\windows.7z
Done,  2.52 seconds.

   Running Repair Under Current User Account
   Done (1/2/2017 2:49:14 PM)

Reset File Permissions: Cleanup
   Repairing Restricted Folders Permissions To Avoid Infinite Loops
   Start (1/2/2017 2:49:14 PM)

   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/2/2017 2:49:16 PM)

03 - Reset Service Permissions
   Start (1/2/2017 2:49:16 PM)

   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/2/2017 2:50:03 PM)

04 - Register System Files
   Start (1/2/2017 2:50:03 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/2/2017 2:50:58 PM)

05 - Repair WMI
   Start (1/2/2017 2:50:58 PM)

   Starting Security Center So We Can Export The Security Info.

   Exporting Antivirus Info...
   Microsoft Security Essentials Exported.
   Malwarebytes Exported.

   Exporting AntiSpyware Info...
   Malwarebytes Exported.
   Microsoft Security Essentials Exported.
   Windows Defender Exported.

   Exporting 3rd Party Firewall Info...
   No Firewall Products Reported.

   Running Repair Under Current User Account
   Done (1/2/2017 2:52:39 PM)

06 - Repair Windows Firewall
   Start (1/2/2017 2:52:39 PM)

Decompressing & Updating Windows Permission File C:\Users\Bill_C\Desktop\tweaking.com_windows_repair_aio\Tweaking.com - Windows Repair\files\permissions\7\services.7z
Done,  0.19 seconds.

   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/2/2017 2:53:23 PM)

07 - Repair Internet Explorer
   Start (1/2/2017 2:53:23 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/2/2017 2:54:03 PM)

08 - Repair MDAC/MS Jet
   Start (1/2/2017 2:54:03 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/2/2017 2:54:10 PM)

09 - Repair Hosts File
   Start (1/2/2017 2:54:10 PM)
   Running Repair Under System Account
   Done (1/2/2017 2:54:11 PM)

10 - Remove Policies Set By Infections
   Start (1/2/2017 2:54:11 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/2/2017 2:54:18 PM)

11 - Repair Start Menu Icons Removed By Infections
   Start (1/2/2017 2:54:18 PM)
   Running Repair Under System Account
   Done (1/2/2017 2:54:19 PM)

12 - Repair Icons
   Start (1/2/2017 2:54:19 PM)
   Running Repair Under Current User Account
   Done (1/2/2017 2:54:28 PM)

13 - Repair Network
   Start (1/2/2017 2:54:28 PM)

Decompressing & Updating Windows Permission File C:\Users\Bill_C\Desktop\tweaking.com_windows_repair_aio\Tweaking.com - Windows Repair\files\permissions\7\services.7z
Done,  0.17 seconds.

   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/2/2017 2:55:01 PM)

14 - Remove Temp Files
   Start (1/2/2017 2:55:01 PM)
   Running Repair Under System Account
   Done (1/2/2017 2:55:02 PM)

15 - Repair Proxy Settings
   Start (1/2/2017 2:55:02 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/2/2017 2:55:04 PM)

17 - Repair Windows Updates
   Start (1/2/2017 2:55:04 PM)

Decompressing & Updating Windows Permission File C:\Users\Bill_C\Desktop\tweaking.com_windows_repair_aio\Tweaking.com - Windows Repair\files\permissions\7\services.7z
Done,  0.16 seconds.

   Running Repair Under Current User Account
   Running Repair Under System Account
   Setting Windows Updates Files That Are In Use To Be Removed At Next Boot.
   Done (1/2/2017 2:55:42 PM)

18 - Repair CD/DVD Missing/Not Working
   Start (1/2/2017 2:55:42 PM)
   iTunes or GEARAspiWDM.sys not found, not applying UpperFilters iTunes Reg Key
   Done (1/2/2017 2:55:42 PM)

19 - Repair Volume Shadow Copy Service
   Start (1/2/2017 2:55:42 PM)

Decompressing & Updating Windows Permission File C:\Users\Bill_C\Desktop\tweaking.com_windows_repair_aio\Tweaking.com - Windows Repair\files\permissions\7\services.7z
Done,  0.16 seconds.

   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/2/2017 2:56:16 PM)

20 - Repair Windows Sidebar/Gadgets
   Start (1/2/2017 2:56:16 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/2/2017 2:56:19 PM)

21 - Repair MSI (Windows Installer)
   Start (1/2/2017 2:56:19 PM)

Decompressing & Updating Windows Permission File C:\Users\Bill_C\Desktop\tweaking.com_windows_repair_aio\Tweaking.com - Windows Repair\files\permissions\7\services.7z
Done,  0.16 seconds.

   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/2/2017 2:56:43 PM)

22 - Repair Windows Snipping Tool
   Start (1/2/2017 2:56:43 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/2/2017 2:56:45 PM)

23.01 - Repair bat Association
   Start (1/2/2017 2:56:45 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/2/2017 2:56:47 PM)

23.02 - Repair cmd Association
   Start (1/2/2017 2:56:47 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/2/2017 2:56:50 PM)

23.03 - Repair com Association
   Start (1/2/2017 2:56:50 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/2/2017 2:56:52 PM)

23.04 - Repair Directory Association
   Start (1/2/2017 2:56:52 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/2/2017 2:56:54 PM)

23.05 - Repair Drive Association
   Start (1/2/2017 2:56:54 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/2/2017 2:56:56 PM)

23.06 - Repair exe Association
   Start (1/2/2017 2:56:56 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/2/2017 2:56:59 PM)

23.07 - Repair Folder Association
   Start (1/2/2017 2:56:59 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/2/2017 2:57:01 PM)

23.08 - Repair inf Association
   Start (1/2/2017 2:57:01 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/2/2017 2:57:03 PM)

23.09 - Repair lnk (Shortcuts) Association
   Start (1/2/2017 2:57:03 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/2/2017 2:57:05 PM)

23.10 - Repair msc Association
   Start (1/2/2017 2:57:05 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/2/2017 2:57:08 PM)

23.11 - Repair reg Association
   Start (1/2/2017 2:57:08 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/2/2017 2:57:10 PM)

23.12 - Repair scr Association
   Start (1/2/2017 2:57:10 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/2/2017 2:57:12 PM)

24 - Repair Windows Safe Mode
   Start (1/2/2017 2:57:12 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/2/2017 2:57:14 PM)

25 - Repair Print Spooler
   Start (1/2/2017 2:57:14 PM)

Decompressing & Updating Windows Permission File C:\Users\Bill_C\Desktop\tweaking.com_windows_repair_aio\Tweaking.com - Windows Repair\files\permissions\7\services.7z
Done,  0.16 seconds.

   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/2/2017 2:57:40 PM)

26 - Restore Important Windows Services
   Start (1/2/2017 2:57:40 PM)

Decompressing & Updating Windows Permission File C:\Users\Bill_C\Desktop\tweaking.com_windows_repair_aio\Tweaking.com - Windows Repair\files\permissions\7\services.7z
Done,  0.16 seconds.

   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/2/2017 2:58:02 PM)

27 - Set Windows Services To Default Startup
   Start (1/2/2017 2:58:02 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/2/2017 2:58:07 PM)

   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 6.1.7601.23615

   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 6.1.7601.23615

   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 6.1.7601.23615

31 - Repair Windows 'New' Submenu
   Start (1/2/2017 2:58:07 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/2/2017 2:58:09 PM)

32 - Restore UAC (User Account Control) Settings
   Start (1/2/2017 2:58:09 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/2/2017 2:58:12 PM)

33 - Repair Performance Counters
   Start (1/2/2017 2:58:12 PM)
   Running Repair Under Current User Account
   Done (1/2/2017 2:58:20 PM)

Cleaning up empty logs...

All Selected Repairs Done.
   Done at (1/2/2017 2:58:20 PM)
   Total Repair Time: 00:33:11

...YOU MUST RESTART YOUR SYSTEM...



#6 billydc

billydc

    Member

  • Members
  • 92 posts

Posted 02 January 2017 - 04:32 PM

A couple of tidbits I failed to include.

I tried safe mode and encountered the same problems.

Also, the data I am submitting is from my laptop. I have a desktop pc operating with Win 7 and I.E. 11 also. The desktop pc does have the non-responding issues.



#7 Juliet

Juliet

    Advanced Member

  • Trusted Malware Techs
  • 23,186 posts
  • Gender:Female


Posted 02 January 2017 - 05:54 PM

Is it when visiting just Ebay?

You have many McAfee tools listed in the logs, got a feeling site advisor is working here but, very hard to tell.

Then again, it still happens in safemode, you can't go to any sites?, or it's just Ebay?
Please do not PM me for HJT help, we all benefit from posting on the open board.
Want to help others? Join the ClassRoom and learn how.
MS - MVP Consumer Security 2009 - 2016, Windows Insider MVP 2017

#8 Juliet

Juliet

    Advanced Member

  • Trusted Malware Techs
  • 23,186 posts
  • Gender:Female


Posted 02 January 2017 - 05:55 PM

  • Download the Emsisoft Emergency Kit and execute it. From there, click on the Extract button to extract the program in the EEK folder;
  • Once the extraction is complete, Emsisoft Emergency Kit will open, and suggest you to run an online update before using the program. Click on Yes to launch it.
  • After the update, click on Malware Scan under 2. Scan and accept to let Emsisoft Emergency Kit detect PUPs (click on Yes).
  • Once the scan is complete, make sure that every item in the list is checked, and click on Quarantine selected;
  • If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
  • After the restart, click on the Start Emsisoft Emergency Kit icon again on your desktop to open it;
  • This time, click on Logs;
  • From there, go under the Quarantine Log tab, and click on the Export button;
  • Save the log on your desktop, then open it, and copy/paste its content in your next reply;

Please do not PM me for HJT help, we all benefit from posting on the open board.
Want to help others? Join the ClassRoom and learn how.
MS - MVP Consumer Security 2009 - 2016, Windows Insider MVP 2017

#9 Juliet

Juliet

    Advanced Member

  • Trusted Malware Techs
  • 23,186 posts
  • Gender:Female


Posted 02 January 2017 - 06:01 PM

also, recently did both machines have an update from Microsoft updates?
Please do not PM me for HJT help, we all benefit from posting on the open board.
Want to help others? Join the ClassRoom and learn how.
MS - MVP Consumer Security 2009 - 2016, Windows Insider MVP 2017

#10 billydc

billydc

    Member

  • Members
  • 92 posts

Posted 03 January 2017 - 06:50 PM

The majority of non-responding pages are on Ebay, a couple on yahoo and espn. I keep both machines updated by installing critical updates from windows updates. Within the past two weeks I have installed updates.

 

Emsisoft Emergency Kit - Version 12.0
Last update: 1/3/2017 12:24:40 PM
User account: Bill_C-PC\Bill_C
Computer name: BILL_C-PC
OS version: Windows 7x64 Service Pack 1

Scan settings:

Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files

Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Direct disk access: Off

Scan start: 1/3/2017 5:30:51 PM

Scanned 73500
Found 0

Scan end: 1/3/2017 5:37:43 PM
Scan time: 0:06:52



#11 Juliet

Juliet

    Advanced Member

  • Trusted Malware Techs
  • 23,186 posts
  • Gender:Female


Posted 04 January 2017 - 07:21 AM

It's not malware causing this. Let's see if we reset the browsers if it can remove the issue.

Instructions on how to backup your Favourites/Bookmarks and other data can be found below.
Please do not PM me for HJT help, we all benefit from posting on the open board.
Want to help others? Join the ClassRoom and learn how.
MS - MVP Consumer Security 2009 - 2016, Windows Insider MVP 2017

#12 billydc

billydc

    Member

  • Members
  • 92 posts

Posted 04 January 2017 - 07:42 PM

I reset the browser and so far everything is good.



#13 Juliet

Juliet

    Advanced Member

  • Trusted Malware Techs
  • 23,186 posts
  • Gender:Female


Posted 05 January 2017 - 06:17 AM

I reset the browser and so far everything is good.


Good deal

If this issue is resolved:
  • Please download DelFix or from Here and save the file to your Desktop.
  • Double-click DelFix.exe to run the programme.
  • Place a checkmark next to the following items:
  • Activate UAC
  • Remove disinfection tools
  • Click the Run button.
  • -- This will remove the specialized tools we used to disinfect your system.
    Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete
    ).
************************************
Please do not PM me for HJT help, we all benefit from posting on the open board.
Want to help others? Join the ClassRoom and learn how.
MS - MVP Consumer Security 2009 - 2016, Windows Insider MVP 2017

#14 billydc

billydc

    Member

  • Members
  • 92 posts

Posted 05 January 2017 - 06:59 PM

Everything is still good. I removed all the files, folders, etc. as you suggested.

Thank you for your assistance.



#15 Juliet

Juliet

    Advanced Member

  • Trusted Malware Techs
  • 23,186 posts
  • Gender:Female


Posted 05 January 2017 - 07:04 PM

We're glad to help :)
Please do not PM me for HJT help, we all benefit from posting on the open board.
Want to help others? Join the ClassRoom and learn how.
MS - MVP Consumer Security 2009 - 2016, Windows Insider MVP 2017

#16 Juliet

Juliet

    Advanced Member

  • Trusted Malware Techs
  • 23,186 posts
  • Gender:Female


Posted 06 January 2017 - 06:19 AM

Glad we could help. :)sparkle.gif

Since this issue appears resolved ... this Topic is closed.
Please do not PM me for HJT help, we all benefit from posting on the open board.
Want to help others? Join the ClassRoom and learn how.
MS - MVP Consumer Security 2009 - 2016, Windows Insider MVP 2017




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users