Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

IE on severe go slow...

This is a discussion on IE on severe go slow... within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hi there :) I came here before for help with a problem and Chemist very kindly helped me out. Basically,


 
 
Thread Tools Search this Thread
Old 12-03-2018, 01:16 PM   #1
Registered Member
 
Join Date: Aug 2006
Location: NE Scotland
Posts: 54
OS: Windows 8.1



Hi there :)

I came here before for help with a problem and Chemist very kindly helped me out. Basically, for the past few weeks and its been steadily getting worse, IE will run extremely slow and end up freezing. When I hit F5, the page seems to take forever to load.

Everything seems to be up to date on here. I have to download DDS from the given link but it will not run as it says it can't run in compatability mode.



Sorry, I cannot post any logs until I can get DDS to run..
Lassie is offline  
Sponsored Links
Advertisement
 
Old 12-04-2018, 03:39 AM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Clean
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • It also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 12-04-2018, 01:17 PM   #3
Registered Member
 
Join Date: Aug 2006
Location: NE Scotland
Posts: 54
OS: Windows 8.1



Hi Chemist :)

Here is the log from AdwCleaner:

# -------------------------------
# Malwarebytes AdwCleaner 7.2.4.0
# -------------------------------
# Build: 09-25-2018
# Database: 2018-12-03.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 12-04-2018
# Duration: 00:00:06
# OS: Windows 8.1
# Cleaned: 1
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Deleted Ask Jeeves

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1255 octets] - [04/12/2018 20:52:31]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########


Logs from FRST64:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11.03.2018 01
Ran by Moira (administrator) on MAR (04-12-2018 2144)
Running from C:\Users\Moira\Desktop\FRST-OlderVersion
Loaded Profiles: Moira (Available Profiles: Moira)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\windows\System32\atiesrxx.exe
(AMD) C:\windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Conexant Systems Inc.) C:\windows\System32\CxAudMsg64.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\windows\SysWOW64\NLSSRV32.EXE
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Conexant Systems, Inc.) C:\windows\SysWOW64\SASrv.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Microsoft Corporation) C:\windows\System32\dllhost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Microsoft Corporation) C:\windows\System32\SkyDrive.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Realtek semiconductor) C:\windows\RTFTrack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2894664 2013-08-08] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtsFT] => C:\windows\RTFTrack.exe [6340312 2013-07-19] (Realtek semiconductor)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17111056 2014-03-05] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [193008 2014-03-05] (Lenovo(beijing) Limited)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-04-08] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-11-21] (AVAST Software)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-10-14] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-07] (CyberLink Corp.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [98024 2018-11-20] (Avira Operations GmbH & Co. KG)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-09-25] (Qualcomm®Atheros®)
HKU\S-1-5-21-1456974907-2201685202-3690727835-1002\...\Run: [Amazon Music] => C:\Users\Moira\AppData\Local\Amazon Music\Amazon Music Helper.exe [6277952 2014-11-19] ()
HKU\S-1-5-21-1456974907-2201685202-3690727835-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2018-03-18] (Apple Inc.)
HKU\S-1-5-21-1456974907-2201685202-3690727835-1002\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [68408 2018-03-18] (Apple Inc.)
HKU\S-1-5-21-1456974907-2201685202-3690727835-1002\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2018-03-18] (Apple Inc.)
HKU\S-1-5-21-1456974907-2201685202-3690727835-1002\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2018-03-18] (Apple Inc.)
HKU\S-1-5-21-1456974907-2201685202-3690727835-1002\...\Run: [Spotify Web Helper] => C:\Users\Moira\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1431664 2016-11-19] (Spotify Ltd)
HKU\S-1-5-21-1456974907-2201685202-3690727835-1002\...\Run: [Spotify] => C:\Users\Moira\AppData\Roaming\Spotify\Spotify.exe [6987376 2016-11-19] (Spotify Ltd)
HKU\S-1-5-21-1456974907-2201685202-3690727835-1002\...\Run: [EPSON PX710W Series (Copy 1)] => C:\windows\system32\spool\DRIVERS\x64\3\E_IATIFSE.EXE [223232 2009-02-23] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1456974907-2201685202-3690727835-1002\...\Run: [HP ENVY 5640 series (NET)] => C:\Program Files\HP\HP ENVY 5640 series\Bin\ScanToPCActivationApp.exe [3769992 2017-05-23] (HP Inc.)
HKU\S-1-5-21-1456974907-2201685202-3690727835-1002\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19467544 2018-11-06] (Piriform Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2015-11-03]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LUMIX Simple Viewer.lnk [2017-04-28]
ShortcutTarget: LUMIX Simple Viewer.lnk -> C:\Program Files (x86)\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe (Matsushita Electric Industrial Co., Ltd.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{A9DE8BD5-9B88-4508-AE95-560D23A7CE19}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1456974907-2201685202-3690727835-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.co.uk/
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1456974907-2201685202-3690727835-1002 -> {436A5558-1E8E-4E2C-BA31-B4D8FE8646C9} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {F0DDF1F8-0CAD-4A90-9F15-41D22234A4EA} hxxps://lloydslink.online.lloydsbank.com/thinlink/cabfiles/tcalnk32.cab

FireFox:
========
FF ProfilePath: C:\Users\Moira\AppData\Roaming\Mozilla\Firefox\Profiles\CHXLMILb.default [2017-09-28]
FF Plugin: @microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @Nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2013-08-18] (Nitro PDF)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Moira\AppData\Local\Google\Chrome\User Data\Default [2018-03-22]
CHR Extension: (Google Slides) - C:\Users\Moira\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-09-28]
CHR Extension: (Docs) - C:\Users\Moira\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-09-28]
CHR Extension: (Google Drive) - C:\Users\Moira\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-09-28]
CHR Extension: (YouTube) - C:\Users\Moira\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-09-28]
CHR Extension: (Google Docs Offline) - C:\Users\Moira\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-09-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Moira\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-28]
CHR Extension: (Gmail) - C:\Users\Moira\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-09-28]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-10-14] (Advanced Micro Devices, Inc.) [File not signed]
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [891472 2018-11-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [248312 2018-11-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [248312 2018-11-12] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1162120 2018-11-12] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-03-29] (Apple Inc.)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [8188768 2018-11-21] (AVAST Software)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-09-25] (Windows (R) Win 7 DDK provider) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [324000 2018-11-21] (AVAST Software)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [434248 2018-11-20] (Avira Operations GmbH & Co. KG)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [92160 2013-07-29] (ELAN Microelectronics Corp.)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272864 2015-12-10] (Lenovo)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-08-18] (Nitro PDF Software)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2014-03-05] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-09-25] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 APXACC; C:\windows\system32\DRIVERS\appexDrv.sys [219360 2013-04-18] (AppEx Networks Corporation)
S3 aswArPot; C:\windows\System32\drivers\aswArPot.sys [201240 2018-11-21] (AVAST Software)
S3 aswbidsdriver; C:\windows\System32\drivers\aswbidsdrivera.sys [230344 2018-11-21] (AVAST Software)
S3 aswbidsh; C:\windows\System32\drivers\aswbidsha.sys [201768 2018-11-21] (AVAST Software)
S3 aswblog; C:\windows\System32\drivers\aswbloga.sys [346592 2018-11-21] (AVAST Software)
S3 aswbuniv; C:\windows\System32\drivers\aswbuniva.sys [59496 2018-11-21] (AVAST Software)
R1 aswHdsKe; C:\windows\System32\drivers\aswHdsKe.sys [239840 2018-11-26] (AVAST Software)
S3 aswHwid; C:\windows\System32\drivers\aswHwid.sys [46384 2018-11-21] (AVAST Software)
R1 aswKbd; C:\windows\System32\drivers\aswKbd.sys [42288 2018-11-21] (AVAST Software)
R2 aswMonFlt; C:\windows\System32\drivers\aswMonFlt.sys [163208 2018-11-21] (AVAST Software)
S3 aswRdr; C:\windows\System32\drivers\aswRdr2.sys [111800 2018-11-21] (AVAST Software)
R0 aswRvrt; C:\windows\System32\drivers\aswRvrt.sys [87432 2018-11-21] (AVAST Software)
S3 aswSnx; C:\windows\System32\drivers\aswSnx.sys [1028680 2018-11-21] (AVAST Software)
R1 aswSP; C:\windows\System32\drivers\aswSP.sys [469272 2018-11-21] (AVAST Software)
S3 aswStm; C:\windows\System32\drivers\aswStm.sys [208472 2018-11-21] (AVAST Software)
S3 aswVmm; C:\windows\System32\drivers\aswVmm.sys [380464 2018-11-21] (AVAST Software)
R3 athr; C:\windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-16] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\windows\system32\drivers\AtihdWB6.sys [138240 2013-06-22] (Advanced Micro Devices)
R0 avdevprot; C:\windows\System32\DRIVERS\avdevprot.sys [69656 2018-08-11] (Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\windows\System32\DRIVERS\avgntflt.sys [179376 2018-07-10] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\windows\system32\DRIVERS\avipbb.sys [169864 2018-07-10] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\windows\system32\DRIVERS\avkmgr.sys [44488 2017-09-14] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\windows\system32\DRIVERS\avnetflt.sys [88488 2017-09-14] (Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\windows\System32\Drivers\avusbflt.sys [38048 2017-09-14] (Avira Operations GmbH & Co. KG)
R3 BTATH_LWFLT; C:\windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-25] (Qualcomm Atheros)
S0 HpSAMD; C:\windows\System32\drivers\HpSAMD.sys [64352 2013-08-22] () [File not signed]
R3 MBAMSwissArmy; C:\windows\System32\Drivers\mbamswissarmy.sys [260480 2018-12-04] (Malwarebytes)
S3 NETwNe64; C:\windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)
R3 rtsuvc; C:\windows\system32\DRIVERS\rtsuvc.sys [8247640 2013-07-19] (Realtek Semiconductor Corp.)
S3 WdBoot; C:\windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
S3 wsvd; C:\windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
U3 aswbdisk; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-12-04 21:02 - 2018-12-04 21:03 - 002417152 _____ (Farbar) C:\Users\Moira\Desktop\FRST64.exe
2018-12-04 21:00 - 2018-12-04 21:00 - 000001421 _____ C:\Users\Moira\Desktop\AdwCleaner[C00].txt
2018-12-04 20:55 - 2018-12-04 20:55 - 000260480 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamswissarmy.sys
2018-12-04 20:50 - 2018-12-04 20:50 - 007321808 _____ (Malwarebytes) C:\Users\Moira\Desktop\adwcleaner_7.2.5.0.exe
2018-11-27 21:43 - 2018-11-27 21:43 - 000001143 _____ C:\Users\Public\Desktop\Avira.lnk
2018-11-25 18:44 - 2018-11-25 18:44 - 000001894 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-11-25 18:44 - 2018-11-25 18:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-11-25 18:44 - 2018-10-18 08:44 - 000152688 _____ (Malwarebytes) C:\windows\system32\Drivers\mbae64.sys
2018-11-21 20:01 - 2018-11-21 20:00 - 000378584 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2018-11-15 18:42 - 2018-11-15 18:42 - 000387131 _____ C:\Users\Moira\Desktop\Mam and Annie from Wilma Tait on Facebook.htm
2018-11-15 18:17 - 2018-11-15 18:17 - 000026112 _____ C:\Users\Moira\Desktop\FW Young Leader Training Mission 1.msg
2018-11-14 19:18 - 2018-10-18 02:48 - 025737728 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2018-11-14 19:18 - 2018-10-18 02:17 - 020281344 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2018-11-14 19:17 - 2018-10-25 00:54 - 000151552 _____ (Microsoft Corporation) C:\windows\system32\wshom.ocx
2018-11-14 19:17 - 2018-10-25 00:51 - 000121344 _____ (Microsoft Corporation) C:\windows\SysWOW64\wshom.ocx
2018-11-14 19:17 - 2018-10-25 00:46 - 000205824 _____ (Microsoft Corporation) C:\windows\system32\scrrun.dll
2018-11-14 19:17 - 2018-10-25 00:45 - 000168448 _____ (Microsoft Corporation) C:\windows\SysWOW64\scrrun.dll
2018-11-14 19:17 - 2018-10-16 03:46 - 007371720 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2018-11-14 19:17 - 2018-10-16 03:39 - 002171800 _____ (Microsoft Corporation) C:\windows\system32\combase.dll
2018-11-14 19:17 - 2018-10-16 03:39 - 001662504 _____ (Microsoft Corporation) C:\windows\system32\ole32.dll
2018-11-14 19:17 - 2018-10-16 03:39 - 001063368 _____ (Microsoft Corporation) C:\windows\system32\WinTypes.dll
2018-11-14 19:17 - 2018-10-16 03:18 - 001137472 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2018-11-14 19:17 - 2018-10-16 03:02 - 001563584 _____ (Microsoft Corporation) C:\windows\SysWOW64\combase.dll
2018-11-14 19:17 - 2018-10-16 03:02 - 001214920 _____ (Microsoft Corporation) C:\windows\SysWOW64\ole32.dll
2018-11-14 19:17 - 2018-10-12 20:35 - 000862208 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2018-11-14 19:17 - 2018-10-12 20:26 - 000498176 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2018-11-14 19:17 - 2018-10-12 20:25 - 000189440 _____ (Microsoft Corporation) C:\windows\SysWOW64\scrobj.dll
2018-11-14 19:17 - 2018-10-12 20:22 - 002295808 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2018-11-14 19:17 - 2018-10-12 20:17 - 000662016 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2018-11-14 19:17 - 2018-10-12 20:16 - 000148992 _____ (Microsoft Corporation) C:\windows\SysWOW64\wscript.exe
2018-11-14 19:17 - 2018-10-12 20:16 - 000131584 _____ (Microsoft Corporation) C:\windows\SysWOW64\cscript.exe
2018-11-14 19:17 - 2018-10-12 20:03 - 004494848 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2018-11-14 19:17 - 2018-10-12 20:00 - 000880640 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2018-11-14 19:17 - 2018-10-12 19:59 - 013680640 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2018-11-14 19:17 - 2018-10-12 19:57 - 000230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2018-11-14 19:17 - 2018-10-12 19:56 - 000696320 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2018-11-14 19:17 - 2018-10-12 19:51 - 000267776 _____ (Microsoft Corporation) C:\windows\SysWOW64\wincorlib.dll
2018-11-14 19:17 - 2018-10-12 19:47 - 001049600 _____ (Microsoft Corporation) C:\windows\SysWOW64\actxprxy.dll
2018-11-14 19:17 - 2018-10-12 19:42 - 004386816 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2018-11-14 19:17 - 2018-10-12 19:38 - 001330176 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2018-11-14 19:17 - 2018-10-12 19:36 - 000710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2018-11-14 19:17 - 2018-10-12 02:16 - 000028672 _____ (Microsoft Corporation) C:\windows\system32\dispex.dll
2018-11-14 19:17 - 2018-10-12 02:12 - 002902016 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2018-11-14 19:17 - 2018-10-12 02:10 - 000576512 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2018-11-14 19:17 - 2018-10-12 02:10 - 000235520 _____ (Microsoft Corporation) C:\windows\system32\scrobj.dll
2018-11-14 19:17 - 2018-10-12 02:01 - 000615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2018-11-14 19:17 - 2018-10-12 01:59 - 005779456 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2018-11-14 19:17 - 2018-10-12 01:59 - 000794624 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2018-11-14 19:17 - 2018-10-12 01:58 - 000172032 _____ (Microsoft Corporation) C:\windows\system32\wscript.exe
2018-11-14 19:17 - 2018-10-12 01:58 - 000158720 _____ (Microsoft Corporation) C:\windows\system32\cscript.exe
2018-11-14 19:17 - 2018-10-12 01:35 - 001033216 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2018-11-14 19:17 - 2018-10-12 01:30 - 000262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2018-11-14 19:17 - 2018-10-12 01:27 - 000809472 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2018-11-14 19:17 - 2018-10-12 01:27 - 000728064 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2018-11-14 19:17 - 2018-10-12 01:25 - 015283712 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2018-11-14 19:17 - 2018-10-12 01:19 - 004859904 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2018-11-14 19:17 - 2018-10-12 01:17 - 000809984 _____ (Microsoft Corporation) C:\windows\system32\rpcss.dll
2018-11-14 19:17 - 2018-10-12 01:12 - 002882048 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll
2018-11-14 19:17 - 2018-10-12 01:06 - 001555968 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2018-11-14 19:17 - 2018-10-12 00:55 - 000800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2018-11-14 19:17 - 2018-10-06 18:14 - 001547192 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2018-11-14 19:17 - 2018-10-06 18:14 - 000388536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgmms1.sys
2018-11-14 19:17 - 2018-10-06 18:04 - 001308976 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2018-11-14 19:17 - 2018-10-06 18:03 - 000356288 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msrpc.sys
2018-11-14 19:17 - 2018-10-06 16:48 - 004168192 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2018-11-14 19:17 - 2018-10-06 15:41 - 002465792 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2018-11-14 19:17 - 2018-10-06 15:34 - 002175488 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2018-11-14 19:17 - 2018-10-06 15:32 - 000747520 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2018-11-14 19:17 - 2018-09-28 13:38 - 000031232 _____ (Microsoft Corporation) C:\windows\system32\msisip.dll
2018-11-14 19:17 - 2018-09-28 13:34 - 000025088 _____ (Microsoft Corporation) C:\windows\SysWOW64\msisip.dll
2018-11-14 19:17 - 2018-09-23 16:47 - 000337408 _____ (Microsoft Corporation) C:\windows\system32\SearchProtocolHost.exe
2018-11-14 19:17 - 2018-09-23 16:45 - 000468992 _____ (Microsoft Corporation) C:\windows\system32\mssph.dll
2018-11-14 19:17 - 2018-09-23 16:45 - 000248832 _____ (Microsoft Corporation) C:\windows\system32\mssphtb.dll
2018-11-14 19:17 - 2018-09-23 16:37 - 000774144 _____ (Microsoft Corporation) C:\windows\system32\mssvp.dll
2018-11-14 19:17 - 2018-09-23 16:24 - 003631616 _____ (Microsoft Corporation) C:\windows\system32\tquery.dll
2018-11-14 19:17 - 2018-09-23 16:23 - 000391680 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssph.dll
2018-11-14 19:17 - 2018-09-23 16:23 - 000272896 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchProtocolHost.exe
2018-11-14 19:17 - 2018-09-23 16:20 - 002750464 _____ (Microsoft Corporation) C:\windows\SysWOW64\tquery.dll
2018-11-14 19:17 - 2018-09-23 16:17 - 000699392 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssvp.dll
2018-11-14 19:17 - 2018-09-23 16:00 - 000200192 _____ (Microsoft Corporation) C:\windows\system32\SearchFilterHost.exe
2018-11-14 19:17 - 2018-09-23 16:00 - 000133120 _____ (Microsoft Corporation) C:\windows\system32\mssprxy.dll
2018-11-14 19:17 - 2018-09-23 15:58 - 000904192 _____ (Microsoft Corporation) C:\windows\system32\SearchIndexer.exe
2018-11-14 19:17 - 2018-09-23 15:56 - 002551808 _____ (Microsoft Corporation) C:\windows\system32\mssrch.dll
2018-11-14 19:17 - 2018-09-23 15:53 - 000168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchFilterHost.exe
2018-11-14 19:17 - 2018-09-23 15:51 - 001920000 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssrch.dll
2018-11-14 19:17 - 2018-09-23 15:50 - 000709632 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchIndexer.exe
2018-11-14 19:17 - 2018-09-12 18:30 - 000137008 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2018-11-14 19:17 - 2018-09-11 15:30 - 003718144 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2018-11-14 19:17 - 2018-08-26 03:38 - 001200640 _____ (Microsoft Corporation) C:\windows\system32\Windows.Globalization.dll
2018-11-14 19:17 - 2018-08-26 03:38 - 000323072 _____ (Microsoft Corporation) C:\windows\system32\GlobCollationHost.dll
2018-11-14 19:17 - 2018-08-26 03:21 - 000868864 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Globalization.dll
2018-11-14 19:17 - 2018-08-26 03:21 - 000200704 _____ (Microsoft Corporation) C:\windows\SysWOW64\GlobCollationHost.dll
2018-11-14 19:17 - 2018-08-26 01:45 - 000513448 _____ C:\windows\SysWOW64\locale.nls
2018-11-14 19:17 - 2018-08-26 01:45 - 000513448 _____ C:\windows\system32\locale.nls
2018-11-14 19:17 - 2018-08-21 13:39 - 000435200 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2018-11-14 19:17 - 2018-08-21 13:35 - 000358912 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2018-11-14 19:17 - 2018-08-19 16:22 - 000445440 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2018-11-14 19:17 - 2018-08-19 15:52 - 001436672 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2018-11-14 19:17 - 2018-08-19 15:43 - 000324096 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-12-04 21:06 - 2018-03-14 16:45 - 000000000 ____D C:\Users\Moira\Desktop\FRST-OlderVersion
2018-12-04 21:06 - 2017-05-09 11:27 - 000000000 ____D C:\FRST
2018-12-04 21:02 - 2014-06-28 16:50 - 000003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1456974907-2201685202-3690727835-1002
2018-12-04 21:00 - 2014-06-28 16:49 - 000000000 ___DO C:\Users\Moira\SkyDrive
2018-12-04 20:55 - 2013-08-22 14:45 - 000000006 ____H C:\windows\Tasks\SA.DAT
2018-12-04 20:54 - 2013-08-22 13:25 - 000262144 ___SH C:\windows\system32\config\BBI
2018-12-04 20:53 - 2014-03-05 17:32 - 000039424 _____ C:\windows\system32\VfService.trf
2018-12-04 20:52 - 2018-03-22 23:07 - 000000000 ____D C:\AdwCleaner
2018-12-04 20:47 - 2014-06-28 17:18 - 000003762 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{E25012D7-3390-47E0-B0A1-D80A2DD8C2A5}
2018-12-04 20:38 - 2014-06-29 19:46 - 000000000 ____D C:\Users\Moira\Documents\Outlook Files
2018-12-04 20:30 - 2016-03-21 17:48 - 000000000 ____D C:\Users\Moira\AppData\Local\92202143-C807-4E07-B38A-BC6C26A6A17B.aplzod
2018-12-03 22:08 - 2014-08-24 21:44 - 000000000 ____D C:\Users\Moira\AppData\Local\CrashDumps
2018-12-03 18:13 - 2017-10-04 11:24 - 000003162 _____ C:\windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1456974907-2201685202-3690727835-1002
2018-12-03 18:13 - 2017-10-03 21:10 - 000002347 _____ C:\Users\Moira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2018-12-03 18:03 - 2015-11-13 18:03 - 000000260 _____ C:\windows\Tasks\Epson Printer Software Downloader.job
2018-11-27 21:43 - 2017-09-28 20:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2018-11-27 21:43 - 2014-03-05 16:38 - 000000000 ____D C:\ProgramData\Package Cache
2018-11-26 18:46 - 2018-09-09 13:23 - 000239840 _____ (AVAST Software) C:\windows\system32\Drivers\aswHdsKe.sys
2018-11-25 18:43 - 2017-05-19 11:16 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-11-25 18:43 - 2015-08-23 20:18 - 003386368 ___SH C:\Users\Moira\Desktop\Thumbs.db
2018-11-25 18:43 - 2013-08-22 13:36 - 000000000 ____D C:\windows\Inf
2018-11-25 16:59 - 2017-09-28 19:41 - 000000000 ____D C:\Program Files\CCleaner
2018-11-22 21:54 - 2013-08-22 15:20 - 000000000 ____D C:\windows\CbsTemp
2018-11-21 20:02 - 2018-09-09 13:24 - 000004168 _____ C:\windows\System32\Tasks\Avast Emergency Update
2018-11-21 20:00 - 2018-09-09 13:23 - 000469272 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2018-11-21 20:00 - 2018-09-09 13:23 - 000380464 _____ (AVAST Software) C:\windows\system32\Drivers\aswVmm.sys
2018-11-21 20:00 - 2018-09-09 13:23 - 000208472 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2018-11-21 20:00 - 2018-09-09 13:23 - 000201240 _____ (AVAST Software) C:\windows\system32\Drivers\aswArPot.sys
2018-11-21 20:00 - 2018-09-09 13:23 - 000163208 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2018-11-21 20:00 - 2018-09-09 13:23 - 000111800 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2018-11-21 20:00 - 2018-09-09 13:23 - 000087432 _____ (AVAST Software) C:\windows\system32\Drivers\aswRvrt.sys
2018-11-21 20:00 - 2018-09-09 13:23 - 000046384 _____ (AVAST Software) C:\windows\system32\Drivers\aswHwid.sys
2018-11-21 19:59 - 2018-10-29 20:42 - 000042288 _____ (AVAST Software) C:\windows\system32\Drivers\aswKbd.sys
2018-11-21 19:59 - 2018-09-09 13:23 - 001028680 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2018-11-21 19:58 - 2018-09-09 13:23 - 000346592 _____ (AVAST Software) C:\windows\system32\Drivers\aswbloga.sys
2018-11-21 19:58 - 2018-09-09 13:23 - 000230344 _____ (AVAST Software) C:\windows\system32\Drivers\aswbidsdrivera.sys
2018-11-21 19:58 - 2018-09-09 13:23 - 000201768 _____ (AVAST Software) C:\windows\system32\Drivers\aswbidsha.sys
2018-11-21 19:58 - 2018-09-09 13:23 - 000059496 _____ (AVAST Software) C:\windows\system32\Drivers\aswbuniva.sys
2018-11-20 15:17 - 2013-08-22 14:44 - 000507968 _____ C:\windows\system32\FNTCACHE.DAT
2018-11-16 21:29 - 2018-10-12 19:32 - 000834960 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2018-11-16 21:29 - 2018-10-12 19:32 - 000179600 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-11-16 19:12 - 2014-06-29 22:08 - 000000000 ____D C:\windows\system32\MRT
2018-11-16 18:50 - 2014-06-29 22:08 - 137810048 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2018-11-13 17:39 - 2015-05-02 19:56 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-01-02 19:15

==================== End of FRST.txt ============================

And Addition:
dditional scan result of Farbar Recovery Scan Tool (x64) Version: 11.03.2018 01
Ran by Moira (04-12-2018 21:09:08)
Running from C:\Users\Moira\Desktop\FRST-OlderVersion
Windows 8.1 (Update) (X64) (2014-06-28 16:43:19)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1456974907-2201685202-3690727835-500 - Administrator - Disabled)
Guest (S-1-5-21-1456974907-2201685202-3690727835-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1456974907-2201685202-3690727835-1004 - Limited - Enabled)
Moira (S-1-5-21-1456974907-2201685202-3690727835-1002 - Administrator - Enabled) => C:\Users\Moira

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AV: Avast Antivirus (Disabled - Out of date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Out of date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.008.20081 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 31.0.0.96 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Amazon Music (HKU\S-1-5-21-1456974907-2201685202-3690727835-1002\...\Amazon Amazon Music) (Version: 3.7.0.693 - Amazon Services LLC)
AMD Catalyst Install Manager (HKLM\...\{4FA5FECF-B537-2B14-1CA8-F6C9A5053281}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.4.4.2 - AppEx Networks)
Apple Application Support (32-bit) (HKLM-x32\...\{543F829B-4591-4B2F-AF63-6E6E6AE59EB2}) (Version: 6.4 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0ECA3BB5-4410-414B-B226-241FF1C12CD0}) (Version: 6.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{9E005AAA-81A3-478E-8944-532D350952EE}) (Version: 11.3.1.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.8.2356 - AVAST Software)
Avira (HKLM-x32\...\{76fe45e1-e9bc-4194-b7da-2e48aa3d685a}) (Version: 1.2.124.25995 - Avira Operations GmbH & Co. KG)
Avira (HKLM-x32\...\{CD8E6EDB-A5F2-48C0-A5C0-AFAB152F59D6}) (Version: 1.2.124.25995 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.43.24 - Avira Operations GmbH & Co. KG)
bNet - Banff and Buchan College Extranet (HKU\S-1-5-21-1456974907-2201685202-3690727835-1002\...\d1a34ed3906cf569) (Version: 1.0.0.458 - Banff and Buchan College)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.46 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.21.50 - Conexant)
CutePDF Writer 3.2 (HKLM\...\CutePDF Writer Installation) (Version: 3.2 - Acro Software Inc.)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM\...\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
DolbyGUI (HKLM\...\DolbyGUI) (Version: - Conexant Systems)
Energy Management (HKLM-x32\...\{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.14 - Lenovo) Hidden
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.14 - Lenovo)
Epson Easy Photo Print 2 (HKLM-x32\...\{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}) (Version: 2.1.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 2.30.01 - SEIKO EPSON Corporation)
Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.00.00 - SEIKO EPSON CORPORATION)
Epson Printer Software Downloader (HKLM-x32\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF4434001}) (Version: 2.0.0 - SEIKO EPSON CORPORATION) Hidden
Epson Printer Software Downloader (HKLM-x32\...\Epson Printer Software Downloader) (Version: - )
EPSON PX710W Series Printer Uninstall (HKLM\...\EPSON PX710W Series) (Version: - SEIKO EPSON Corporation)
EPSON PX730 Series Printer Uninstall (HKLM\...\EPSON PX730 Series) (Version: - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
Epson Stylus Photo PX710W_PX810FW_TX710W_TX810FW Manual (HKLM-x32\...\Epson Stylus Photo PX710W_PX810FW_TX710W_TX810FW User’s Guide) (Version: - )
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4i - SEIKO EPSON CORPORATION)
EpsonNet Setup (HKLM-x32\...\{FFFAE01B-466F-4C07-9821-A94FD753BDDA}) (Version: 3.1b - SEIKO EPSON CORPORATION)
Excel Password Recovery Master 4.1 (HKLM-x32\...\Excel Password Recovery Master_is1) (Version: - )
HP Dropbox Plugin (HKLM-x32\...\{D12BC084-97D6-438A-AA7C-5962608D17A0}) (Version: 36.0.41.58587 - HP)
HP ENVY 5640 series Basic Device Software (HKLM\...\{098DF09B-2BB6-4F24-A778-A57DB1466BD1}) (Version: 40.11.1135.17143 - HP Inc.)
HP ENVY 5640 series Help (HKLM-x32\...\{B04B1DB6-0AA9-4790-95CE-5A45C8F647FD}) (Version: 34.0.0 - Hewlett Packard)
HP Google Drive Plugin (HKLM-x32\...\{BFA42100-DB54-467A-BB87-CF70732B4065}) (Version: 36.0.41.58587 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
iCloud (HKLM\...\{5BD11939-D2C2-4F1B-AAAF-5ECE19A801F7}) (Version: 7.4.0.111 - Apple Inc.)
iTunes (HKLM\...\{20308529-E7D5-4F32-BE0F-1D63B4EB6B87}) (Version: 12.7.4.80 - Apple Inc.)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10240 - Realtek Semiconductor Corp.)
Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)
Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.25.1 - ELAN Microelectronic Corp.)
Lenovo PowerDVD10 (HKLM-x32\...\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.)
Lenovo Solution Center (HKLM\...\{4386A5EF-BD23-49F4-9DAD-CD76B4F6A8BF}) (Version: 2.8.006.00 - Lenovo Group Limited)
Lenovo VeriFace (HKLM\...\Lenovo VeriFace) (Version: 5.0.13.5261 - Lenovo)
LUMIX Simple Viewer (HKLM-x32\...\{2CDCCE7E-55D5-40CC-AEA0-ABA54713501F}) (Version: 0.99.0000 - Panasonic)
Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.1.2.4000 - Maxthon International Limited)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1456974907-2201685202-3690727835-1002\...\OneDriveSetup.exe) (Version: 18.212.1021.0008 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Nitro Pro 8 (HKLM\...\{392C767D-4EE2-49B5-A3B4-A4C3AB6DC145}) (Version: 8.5.7.1 - Nitro)
OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.10525 - CyberLink Corp.)
Product Improvement Study for HP ENVY 5640 series (HKLM\...\{C6936AA8-42A6-4D09-8B6C-1C473AD1AA36}) (Version: 40.11.1135.17143 - HP Inc.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.306 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39048 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-1456974907-2201685202-3690727835-1002\...\Spotify) (Version: 1.0.42.151.g19de0aa6 - Spotify AB)
UserGuide (HKLM-x32\...\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.17 - Lenovo) Hidden
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.17 - Lenovo)
Windows Driver Package - Lenovo (ACPIVPC) System (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-21] (AVAST Software)
ContextMenuHandlers1: [Atheros] -> {B8952421-0E55-400B-94A6-FA858FC0A39F} => C:\Program Files (x86)\Bluetooth Suite\BtvAppExt.dll [2013-09-25] (Qualcomm®Atheros®)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-21] (AVAST Software)
ContextMenuHandlers1: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2016-03-08] (Piriform Ltd)
ContextMenuHandlers1: [NP8ShellExtension] -> {9C4B85B8-956C-49BF-9BA5-101384E562B2} => C:\Program Files\Common Files\Nitro\Pro\8.0\NPShellExtension64.dll [2013-08-18] (Nitro PDF)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2018-03-18] (Apple Inc.)
ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2018-10-28] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-21] (AVAST Software)
ContextMenuHandlers3: [FTShellContext] -> {AFF81F7B-6942-40c4-AADA-7214EF7B6DD1} => C:\Program Files (x86)\Bluetooth Suite\ShellContextExt.dll [2013-09-25] (Qualcomm®Atheros®)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2013-10-14] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-21] (AVAST Software)
ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2016-03-08] (Piriform Ltd)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2018-10-28] (Avira Operations GmbH & Co. KG)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04DC1984-84CC-42E1-8119-86D01CC400FA} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2018-11-10] (AVAST Software)
Task: {25E0D406-13E4-4511-8D30-4F1B7C7F70AD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-13] (Adobe Systems Incorporated)
Task: {2897DC6D-7984-43A3-890B-12B6A001C687} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE [2013-03-08] (CyberLink Corp.)
Task: {32A7CA83-9E78-4AAA-BCD4-AA994DA34322} - System32\Tasks\HPCustParticipation HP ENVY 5640 series => C:\Program Files\HP\HP ENVY 5640 series\Bin\HPCustPartic.exe [2017-05-23] (HP Inc.)
Task: {6B191D77-C7DC-433B-AFAC-D4AA887EDB44} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)
Task: {722F3F33-EA9C-416B-B13C-28D36698E392} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2015-12-10] (Lenovo)
Task: {78B850AD-18AC-458D-B8EA-BA3C31463242} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2015-12-10] (Lenovo)
Task: {7DB51543-5CFD-48F1-8A8B-01D780A3C29D} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-08-24] (Piriform Ltd)
Task: {9329110C-8C3B-4849-B2C9-35DF35D909FD} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => C:\windows\system32\rundll32.exe C:\windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {A6EFE9C2-6CDC-4732-9660-A47B89504875} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2018-11-12] (Avira Operations GmbH & Co. KG)
Task: {B82DAB28-E023-432F-907A-0C2F26D4936D} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-12-10] (Lenovo)
Task: {BDE7BF74-2BBB-4D33-90D0-C046FC5BC787} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-11-06] (Piriform Ltd)
Task: {C74A2790-EFF7-47C3-B275-52F8B6EF126E} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {DB9C8BBD-CD10-4715-8BEE-BDA4D13FE972} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2015-12-10] (Lenovo)
Task: {E34146E1-F57C-49F2-BD53-C23CFEB334D0} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2018-11-16] (Microsoft Corporation)
Task: {E84DBC2A-5CD0-45B8-8DE0-45CDE329A240} - System32\Tasks\Epson Printer Software Downloader => C:\Program Files (x86)\EPSON\EPAPDL\E_SAPDL2.EXE [2009-05-26] (SEIKO EPSON CORPORATION)
Task: {F348FAAF-CD8B-457E-926D-BAAFB1AC9B70} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-11-21] (AVAST Software)
Task: {FB56A106-3042-4A41-B126-AD56EC20AD46} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\mxup.exe [2015-05-08] (Maxthon International ltd.)
Task: {FBA26617-EF82-4EF8-9B7A-27F965CF7D80} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-12-10] (Lenovo)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Epson Printer Software Downloader.job => C:\Program Files (x86)\EPSON\EPAPDL\E_SAPDL2.EXE

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-07-15 15:28 - 2017-05-26 05:47 - 000090096 _____ () C:\windows\System32\cpwmon64_v32.dll
2013-10-14 13:52 - 2013-10-14 13:52 - 000127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2017-12-08 01:48 - 2017-12-08 01:48 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2018-03-16 14:19 - 2018-03-16 14:19 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-05 17:19 - 2012-04-24 10:43 - 000390632 ____N () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2014-03-05 17:32 - 2014-03-05 17:32 - 000068368 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
2014-03-05 17:32 - 2014-03-05 17:32 - 000669288 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfDataStorageInterface.dll
2018-11-25 18:44 - 2018-10-18 08:44 - 002695360 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-10-17 19:53 - 2018-10-17 19:53 - 004310312 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:23 - 2010-10-20 14:23 - 008801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-09-25 11:04 - 2013-09-25 11:04 - 000011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-09-25 11:01 - 2013-09-25 11:01 - 000086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2013-09-25 11:08 - 2013-09-25 11:08 - 000012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2018-11-21 19:59 - 2018-11-21 19:59 - 000919256 _____ () C:\Program Files\AVAST Software\Avast\anen.dll
2018-11-21 19:59 - 2018-11-21 19:59 - 000596696 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-12-04 20:29 - 2018-12-04 20:29 - 005787280 _____ () C:\Program Files\AVAST Software\Avast\defs\18120404\algo.dll
2018-11-21 19:59 - 2018-11-21 19:59 - 000496344 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll
2018-11-21 19:58 - 2018-11-21 19:58 - 000150744 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
2018-11-21 19:59 - 2018-11-21 19:59 - 001112280 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll
2018-08-11 21:16 - 2018-11-12 17:27 - 001205792 _____ () C:\Program Files (x86)\Avira\Antivirus\crypto-42.dll
2018-08-11 21:16 - 2018-11-12 17:27 - 000244672 _____ () C:\Program Files (x86)\Avira\Antivirus\ssl-44.dll
2018-09-09 13:26 - 2018-09-09 13:26 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-03-16 14:20 - 2018-03-16 14:20 - 001042232 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2017-12-08 01:49 - 2017-12-08 01:49 - 000076088 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1456974907-2201685202-3690727835-1002\...\sharepoint.com -> hxxps://nescol.sharepoint.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 13:25 - 2013-08-22 13:25 - 000000824 _____ C:\windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1456974907-2201685202-3690727835-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Moira\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img0.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "Adobe Gamma Loader.lnk"
HKLM\...\StartupApproved\StartupFolder: => "LUMIX Simple Viewer.lnk"
HKLM\...\StartupApproved\Run: => "EnergyUtility"
HKLM\...\StartupApproved\Run: => "Energy Management"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "BCSSync"
HKLM\...\StartupApproved\Run32: => "UpdateP2GShortCut"
HKLM\...\StartupApproved\Run32: => "EEventManager"
HKLM\...\StartupApproved\Run32: => "ETDCtrl"
HKLM\...\StartupApproved\Run32: => "RtsFT"
HKLM\...\StartupApproved\Run32: => "SmartAudio"
HKU\S-1-5-21-1456974907-2201685202-3690727835-1002\...\StartupApproved\Run: => "Amazon Music"
HKU\S-1-5-21-1456974907-2201685202-3690727835-1002\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-1456974907-2201685202-3690727835-1002\...\StartupApproved\Run: => "AppleIEDAV"
HKU\S-1-5-21-1456974907-2201685202-3690727835-1002\...\StartupApproved\Run: => "EPSON PX710W Series (Copy 1)"
HKU\S-1-5-21-1456974907-2201685202-3690727835-1002\...\StartupApproved\Run: => "iCloudDrive"
HKU\S-1-5-21-1456974907-2201685202-3690727835-1002\...\StartupApproved\Run: => "iCloudPhotos"
HKU\S-1-5-21-1456974907-2201685202-3690727835-1002\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-1456974907-2201685202-3690727835-1002\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-1456974907-2201685202-3690727835-1002\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-1456974907-2201685202-3690727835-1002\...\StartupApproved\Run: => "HP ENVY 5640 series (NET)"
HKU\S-1-5-21-1456974907-2201685202-3690727835-1002\...\StartupApproved\Run: => "CCleaner Monitoring"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{9CD6BAC9-5E1E-460B-B19A-CA4CFF33702B}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{EC8765D4-ACE4-431C-9852-6E559B935DE6}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{EDA51181-D86A-4F10-BA14-A726DC599084}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{15EE89AF-2C6B-42EF-8CF1-76578C7F961F}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{BFAD8286-DC36-4929-9791-C2715B8CFD25}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{4568EABD-98B7-4FE2-ACF9-77E647592867}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{065085B3-1A95-49E9-8458-5A1BD328D8F5}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{230B4B75-684E-4FCC-B743-0B66D78F94B4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8BC27C51-50E4-406D-A0F3-E0FE1F70F980}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0EC27087-7BE9-4A88-9ECB-17A96DFB7978}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1A0BB9C5-FB0B-4CC5-8896-BD9B1C9FB4FC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8215A7C1-0A5E-411E-AFBB-3A83A5B48CB6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4B5BBB51-05DC-4190-AE98-371092C13688}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{964F42EC-0121-4A1A-98A2-F0C28D2E8733}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{6B88EFFF-BFD8-47F5-9BC6-664EC9D54A2D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{9969C47B-7257-4B4D-B1CD-29ABC07D492B}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{E2CF0262-BE1B-44EE-A170-A37AB128FD50}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{96267429-D23E-4A8E-AD9E-942726261781}C:\users\moira\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\moira\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{F6902ED5-5A8D-45FC-A6C5-BC7A296955FF}C:\users\moira\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\moira\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{7834204C-6804-4EEC-A6A0-02EA959EA327}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{49CF17C4-80B8-4892-B8A0-7CD1C8AE3823}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{4F2E4073-FE6C-48FA-89FD-C5156B3442CD}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{7AB8F443-7321-464C-9F91-4C12FD375BD6}] => (Allow) C:\Users\Moira\AppData\Local\Temp\7zS05FC\HPDiagnosticCoreUI.exe
FirewallRules: [{7A38A781-565D-4CA4-95E8-D9E8CF3F7414}] => (Allow) C:\Users\Moira\AppData\Local\Temp\7zS05FC\HPDiagnosticCoreUI.exe
FirewallRules: [{7FCF7ED6-082A-41F9-B6A8-BD9C3C126E67}] => (Allow) C:\Users\Moira\AppData\Local\Temp\7zS072B\HPDiagnosticCoreUI.exe
FirewallRules: [{44CE1DFC-6AAC-41A4-A772-6C6531813FE1}] => (Allow) C:\Users\Moira\AppData\Local\Temp\7zS072B\HPDiagnosticCoreUI.exe
FirewallRules: [{27EEF086-E218-40F9-ABB1-AEF34366E915}] => (Allow) C:\Program Files\HP\HP ENVY 5640 series\Bin\DeviceSetup.exe
FirewallRules: [{B3BBD611-3DD5-4CD6-8E17-4D6DE7ABE7AF}] => (Allow) LPort=5357
FirewallRules: [{7F50AAC8-63BE-481A-A717-3576AECC9209}] => (Allow) C:\Program Files\HP\HP ENVY 5640 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{0A39B176-A549-4882-9B36-B8B928A6E944}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{372380F9-57D8-40A3-80B2-33E0C04923BC}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{35E65B6C-3191-4B0F-9283-385E9E17BFCF}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{B1CE03DB-645F-4D55-B475-870C67B92886}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{FD5B9F97-8CF4-44A2-A5D4-C57927D6E5AB}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe

==================== Restore Points =========================

11-10-2018 21:09:39 Windows Update
16-11-2018 18:42:49 Windows Update
19-11-2018 19:25:04 Windows Update
22-11-2018 21:53:04 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/03/2018 10:31:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14765

Error: (12/03/2018 10:31:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14765

Error: (12/03/2018 10:31:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/03/2018 10:08:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.19036, time stamp: 0x5b077e91
Faulting module name: atidxx32.dll, version: 8.17.10.519, time stamp: 0x525bc8c0
Exception code: 0xc0000005
Fault offset: 0x00072e57
Faulting process id: 0x58f8
Faulting application start time: 0x01d48b4ceb656e81
Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Faulting module path: C:\windows\SYSTEM32\atidxx32.dll
Report Id: ea309f6c-f747-11e8-831a-28e3478c9d9e
Faulting package full name:
Faulting package-relative application ID:

Error: (12/03/2018 08:03:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.19036 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 4194

Start Time: 01d48b3e6575a40b

Termination Time: 28

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id: 8c2c9a0e-f736-11e8-831a-28e3478c9d9e

Faulting package full name:

Faulting package-relative application ID:

Error: (12/03/2018 06:01:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.22013 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 5bcc

Start Time: 01d48b3173d8debe

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.22013_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 689d517f-f725-11e8-831a-28e3478c9d9e

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.22013_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (12/02/2018 10:36:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14969

Error: (12/02/2018 10:36:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14969


System errors:
=============
Error: (12/04/2018 08:54:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Media Player Network Sharing Service service depends on the Windows Search service which failed to start because of the following error:
The service has not been started.

Error: (12/04/2018 08:54:02 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Superfetch service terminated with the following error:
The service has not been started.

Error: (12/04/2018 08:53:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avira Service Host service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (12/04/2018 08:53:43 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (12/04/2018 08:53:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Apple Mobile Device Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (12/04/2018 08:53:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).

Error: (12/04/2018 08:53:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AtherosSvc service terminated unexpectedly. It has done this 1 time(s).

Error: (12/04/2018 08:53:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NitroPDFDriverCreatorReadSpool8 service terminated unexpectedly. It has done this 1 time(s).


Windows Defender:
===================================
Date: 2014-08-03 22:22:02.798
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {6BABCFF0-6D83-4FF0-A6AE-084FE887C323}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2017-09-28 19:58:37.431
Description:
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2017-09-13 12:33:05.020
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.251.876.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14104.0
Error code: 0x80240017
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2017-08-09 08:07:36.937
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.249.787.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14003.0
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install.

Date: 2017-08-09 08:07:36.937
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.249.787.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14003.0
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install.

Date: 2017-08-09 08:07:36.718
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version:
Update Source: User
Signature Type:
Update Type:
Current Engine Version:
Previous Engine Version:
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install.

CodeIntegrity:
===================================

Date: 2017-09-23 22:50:15.401
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-09-23 22:50:13.604
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-09-23 22:50:11.820
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-09-23 22:50:10.029
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-09-21 16:21:21.543
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-09-21 16:21:19.607
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-09-20 16:25:58.825
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-09-20 16:25:57.029
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: AMD A10-5750M APU with Radeon(tm) HD Graphics
Percentage of memory in use: 28%
Total physical RAM: 7375.26 MB
Available physical RAM: 5239.86 MB
Total Virtual: 23375.26 MB
Available Virtual: 21294.49 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:892.1 GB) (Free:716.26 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.05 GB) NTFS

\\?\Volume{57b78abf-800a-45aa-8fb7-91c689685e05}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.63 GB) NTFS
\\?\Volume{0dbf722b-977e-40aa-b7b8-98dae241279d}\ (PBR_DRV) (Fixed) (Total:12.08 GB) (Free:3.82 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: C575724C)

Partition: GPT.

==================== End of Addition.txt ============================
Lassie is offline  
Sponsored Links
Advertisement
 
Old 12-05-2018, 03:43 AM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello Lassie. Not seeing anything malicious in your logs so far.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

https://windows.microsoft.com/en-us/w...backup-restore

------------------------------------------------------

It appears that you have two antivirus programs installed and running, Avast and Avira.

While this may seem like better protection, they can actually conflict with one another and cause system instability or even system hangs.

It could even be contributing to your problem.

Please choose one to keep and uninstall the other via Programs and Features in your Control Panel.

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    Avira (HKLM-x32\...\{CD8E6EDB-A5F2-48C0-A5C0-AFAB152F59D6}) (Version: 1.2.124.25995 - Avira Operations GmbH & Co. KG) Hidden
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-1456974907-2201685202-3690727835-1002 -> {436A5558-1E8E-4E2C-BA31-B4D8FE8646C9} URL =
    U3 aswbdisk; no ImagePath
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 12-05-2018, 01:44 PM   #5
Registered Member
 
Join Date: Aug 2006
Location: NE Scotland
Posts: 54
OS: Windows 8.1



Hi Chemist

Here is the log you requested:

Fix result of Farbar Recovery Scan Tool (x64) Version: 01.12.2018 01
Ran by Moira (05-12-2018 21:12:07) Run:1
Running from C:\Users\Moira\Desktop
Loaded Profiles: Moira (Available Profiles: Moira)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
createrestorepoint:
Avira (HKLM-x32\...\{CD8E6EDB-A5F2-48C0-A5C0-AFAB152F59D6}) (Version: 1.2.124.25995 - Avira Operations GmbH & Co. KG) Hidden
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1456974907-2201685202-3690727835-1002 -> {436A5558-1E8E-4E2C-BA31-B4D8FE8646C9} URL =
U3 aswbdisk; no ImagePath
EmptyTemp:
end
*****************

Restore point was successfully created.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CD8E6EDB-A5F2-48C0-A5C0-AFAB152F59D6}\\SystemComponent" => not found
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
HKU\S-1-5-21-1456974907-2201685202-3690727835-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{436A5558-1E8E-4E2C-BA31-B4D8FE8646C9} => removed successfully
HKLM\Software\Classes\CLSID\{436A5558-1E8E-4E2C-BA31-B4D8FE8646C9} => not found
HKLM\System\CurrentControlSet\Services\aswbdisk => could not remove, key could be protected

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 26691353 B
Java, Flash, Steam htmlcache => 4156 B
Windows/system/drivers => 8086844 B
Edge => 0 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 405260 B
NetworkService => 0 B
Moira => 507601310 B

RecycleBin => 1302265 B
EmptyTemp: => 526.9 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 05-12-2018 21:32:58)


Result of scheduled keys to remove after reboot:

HKLM\System\CurrentControlSet\Services\aswbdisk => could not remove, key could be protected

==== End of Fixlog 21:32:59 ====

I was a little worried because after the reboot, the screen went totally black and the desktop didn't load. After several reboots, it eventually loaded.
Lassie is offline  
Old 12-05-2018, 06:17 PM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Lassie. Reboot again. Any trouble loading?

Did you remove Avast or Avira? Any improvement with IE?

------------------------------------------------------

CCleaner

We do not recommend the use of registry cleaners, or the registry cleaner feature of CCleaner. Our colleague miekiemoes has an excellent writeup here

------------------------------------------------------

I recommend installing Cybereason Ransom Free. I use it on all my machines.

It recently detected, and prevented, an attempted ransomware infection on one of my laptops.

Download RansomFree and save it to your desktop.

Right-click CybereasonRansomFree.msi > Install and follow the prompts to install it.

------------------------------------------------------
  • Launch Malwarebytes' Anti-Malware
  • On the Dashboard, click the Scan Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Quarantine Selected to allow MBAM to quarantine what was detected.
  • In most cases, a restart will be required and a prompt will be shown.
  • Wait for the prompt to restart the computer to appear, then click on Yes
  • After the restart, wait for MBAM to open back up, then click Export Summary
  • If no threats were found, simply click Export Summary
  • Click Text file (*.txt)
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named File Saved should appear stating "Your file has been successfully exported".
  • Click Ok
  • Please post that saved log in your next reply.
------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

Go here and click 'SCAN NOW' under 'ESET Online Scanner' to check for remnants.
  • You will be prompted to download and install esetonlinescanner_enu.exe. Click on the link and save the file to a convenient location.
  • Double-click on esetonlinescanner_enu.exe to install and a new window will open. Follow the prompts.
  • Turn off the real-time scanner of any existing antivirus program before performing the online scan. Here's how
  • At the bottom of the Terms of use window, tick the option Download latest version of ESET Online Scanner then click Accept
  • When/if prompted by UAC, 'Do you want to allow this app to make changes to your PC?', please choose Yes
  • Tick the option Enable detection of potentially unwanted applications
  • Click on Advanced settings
  • Make sure that the option Clean threats automatically is unticked.
  • Ensure these options are ticked:
    • Enable detection of potentially unsafe applications
    • Enable detection of suspicious applications
    • Scan archives
    • Enable Anti-Stealth technology
  • Click Scan
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says Threats found, click Save to text file... then name it and save it to your desktop.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Please copy/paste the contents of the log in your next reply.
  • To close ESET Online Scanner, select Do not clean then Finish
------------------------------------------------------

Please post the following in your next reply:

MBAM log
ESET report
report on system behavior
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 12-08-2018, 08:59 AM   #7
Registered Member
 
Join Date: Aug 2006
Location: NE Scotland
Posts: 54
OS: Windows 8.1



Hi Chemist :)

I've rebooted and so far so good. Everything loads as it should.

I totally removed Avira and have left Avast.

Cybereason Ransom Free has been downloaded and installed.

Malwarebytes has been run and here is the log (I keep getting messages that it has expired):

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 12/6/18
Scan Time: 8:08 PM
Log File: b0e5186c-f992-11e8-9ecc-28e3478c9d9e.json

-Software Information-
Version: 3.6.1.2711
Components Version: 1.0.482
Update Package Version: 1.0.8199
License: Expired

-System Information-
OS: Windows 8.1
CPU: x64
File System: NTFS
User: MAR\Moira

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 273776
Threats Detected: 1
Threats Quarantined: 1
Time Elapsed: 5 min, 56 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 1
PUM.Optional.NoDrives, HKU\S-1-5-21-1456974907-2201685202-3690727835-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NODRIVES, Replaced, [13000], [293339],1.0.8199

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

ESET was launched and after finishing scanning showed that no threats were found.

IE seem to be much more stable. Should I uninstall Malwarebytes?
Lassie is offline  
Old 12-08-2018, 01:20 PM   #8
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Lassie. Glad to hear your issues have been addressed.

Quote:
I keep getting messages that it has expired
I'm pretty sure it just means your 14-day free trial of the Premium version has expired.

Not sure why you keep getting that message repeatedly though.

Once you decline the purchase of the Premium version, it shouldn't keep giving you an expired message.

If those messages continue, you can get help with that here:

https://support.malwarebytes.com/community/consumer

Quote:
Should I uninstall Malwarebytes?
No need to uninstall it. You can use it as an on-demand, malware scanner. I use it this way on all my machines.

------------------------------------------------------

Congratulations. Well done! Your logs appear clean. You should be good to go.

------------------------------------------------------
  • Press the Windows "logo" key and "R" key then type cleanmgr into the Run box and click OK.
  • If prompted, select your hard drive(usually C:\) then click 'OK'.
  • You should see the scanning screenshot for a few seconds.
  • Click 'Clean up system files'
  • If prompted by UAC, then click 'Yes'.
  • If prompted, select your hard drive(usually C:\) then click 'OK'.
  • You should see the scanning screenshot again, for a few seconds up to a few minutes.
  • Click on the 'More Options' tab, and click on the 'Clean up' button under the 'System Restore and Shadow Copies' section.
  • Click/tap on the 'Delete' button in the confirm deletion window, then press 'OK'.
  • Click/tap on the 'Delete files' button in the confirm deletion window.
This will remove all but the most recent System Restore Point.

------------------------------------------------------

Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.

Run AdwCleaner and go Settings > Remove AdwCleaner > Remove

------------------------------------------------------

Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

cmd /c rd /s /q "C:\FRST"

A DOS window will open and close again, this is normal.

------------------------------------------------------

Please read this and, if possible, contribute as much as you can:

https://www.bleepingcomputer.com/ann...dom-of-speech/

------------------------------------------------------

You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.

Keep MBAM, update and run a Scan('Threat Scan' by default, or 'Scan Now' under the Dashboard tab) weekly.

Empty your Recycle Bin if it does not do so automatically.

------------------------------------------------------

MICROSOFT UPDATES
It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.

------------------------------------------------------

Make sure you backup your system, so possible reformatting in the future isn't necessary:

https://windows.microsoft.com/en-us/...backup-restore

https://blogs.technet.com/b/keithmay...poftheday.aspx

------------------------------------------------------

SPYWARE PREVENTION
In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read this well written article: To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware, or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an add-on available for IE, Firefox, and Chrome.
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting them to 0.0.0.0, which is the IP of your local computer. See guide for Windows 8/Windows 10 here
Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 12-10-2018, 12:12 PM   #9
Registered Member
 
Join Date: Aug 2006
Location: NE Scotland
Posts: 54
OS: Windows 8.1



Hi Chemist

I have done cleanmgr, removed AdwCleaner and pasted the code you quoted . Some sort of log has been generated and it looks as though it is this thread for some reason.... I have saved it should you require to see it.
Lassie is offline  
Old 12-10-2018, 06:06 PM   #10
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Strange. What is the name of the log? Can you post the contents of the log?
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 12-11-2018, 02:18 PM   #11
Registered Member
 
Join Date: Aug 2006
Location: NE Scotland
Posts: 54
OS: Windows 8.1



Hi Chemist

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "https://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<html xmlns="https://www.w3.org/1999/xhtml" dir="ltr" lang="en">
<head>
<base href="https://www.techsupportforum.com/forums/" /><!--[if IE]></base><![endif]-->
<!-- noIndex scan clean - 10670 words detected -->
<link rel='amphtml' href='https://www.techsupportforum.com/forums/f50/ie-on-severe-go-slow-1233576.html?amp=1' />
<title> IE on severe go slow... - Tech Support Forum</title>

<!-- Amazon Tag Top -->
<script type='text/javascript' src='//c.amazon-adsystem.com/aax2/amzn_ads.js'></script>
<script type='text/javascript'>
try {
amznads.getAds('3274');
} catch (e) { /*ignore*/ }
</script>
<!-- /Amazon Tag Top -->
<meta name="google-site-verification" content="KR16XajjF3ymJs3qsgxoUJLJ3TBWG4U-GgNlaOOkKJA" />

<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
<meta name="generator" content="vBulletin 3.8.8" />

<meta name="keywords" content="IE,on,severe,go,slow, IE on severe go slow..., tech support, computer support, windows support, computer problems, microsoft windows, windows 7, windows vista, windows xp, windows 95, problems, windows 98, win98, win2k, microsoft windows 2000, linux, hardware, software, microsoft, spyware, networking" />
<meta name="description" content="Hi there :) I came here before for help with a problem and Chemist very kindly helped me out. Basically, for the past few weeks and its been steadily getting worse, IE will run extremely slow and end" />


<!-- CSS Stylesheet -->
<link href="https://www.techsupportforum.com/forums/clientscript/vbulletin_css/style-8d6c2969-00023.css" rel="stylesheet">
<link rel="stylesheet" type="text/css" href="https://www.techsupportforum.com/forums/clientscript/vbulletin_important.css?v=388" />


<!-- / CSS Stylesheet -->
<link rel="canonical" href="https://www.techsupportforum.com/forums/f50/ie-on-severe-go-slow-1233576.html#"/>

<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/yui/2/build/yahoo-dom-event/yahoo-dom-event.js"></script>
<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/yui/2/build/connection/connection-min.js"></script>
<script type="text/javascript">
<!--
var SESSIONURL = "";
var SECURITYTOKEN = "guest";
var IMGDIR_MISC = "images/sk/misc";
var vb_disable_ajax = parseInt("1", 10);
// -->
</script>
<script type="text/javascript" src="https://www.techsupportforum.com/forums/clientscript/vbulletin_global.js?v=388"></script>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.js"></script>
<script type="text/javascript">

jQuery.noConflict();

</script>

<script type="text/javascript" src="https://www.techsupportforum.com/forums/clientscript/vbulletin_menu.js?v=388"></script>


<link rel="alternate" type="application/rss+xml" title="Tech Support Forum RSS Feed" href="https://feeds.feedburner.com/VBSEO_FEEDBURNER" />

<link rel="alternate" type="application/rss+xml" title="Tech Support Forum - Virus/Trojan/Spyware Help - RSS Feed" href="https://www.techsupportforum.com/forums/external.php?type=RSS2&amp;forumids=50" />



<!--
<script type="text/javascript" src="https://www.techsupportforum.com/forums/clientscript/hoverIntent.js"></script>
<script type="text/javascript" src="https://www.techsupportforum.com/forums/clientscript/superfish.js"></script>

<script>

jQuery(document).ready(function() {
jQuery('ul.sf-menu').superfish();
});

</script>
-->

<style>
#TechSupportForum_com_300x250_TopRight_TECH_Forum {min-width:300px !important; min-height:250px !important;}
#TechSupportForum_com_300x250_TopLeft_TECH_Forum {min-width:300px !important; min-height:250px !important;}
#TechSupportForum_com_300x250_TopRightVideo_TECH_Forum {min-height:250px !important;}
</style>

<!-- REGISTRATION CODE STARTS -->

<!-- REGISTRATION CODE ENDS -->

<style>
.ams_gtsearch{min-height:20px;}
#navbar_search_menu input.gsc-input{min-width:120px; min-height:20px;}
</style>
<script type="text/javascript" src="https://www.techsupportforum.com/forums/clientscript/ame.js" ></script><script type="text/javascript" src="https://www.techsupportforum.com/forums/clientscript/ncode_imageresizer.js"></script>

<script type="text/javascript">
<!--
NcodeImageResizer.MODE = 'enlarge';
NcodeImageResizer.MAXWIDTH = 640;
NcodeImageResizer.MAXHEIGHT = 0;

NcodeImageResizer.BBURL = 'https://www.techsupportforum.com/forums';

vbphrase['ncode_imageresizer_warning_small'] = 'Click this bar to view the full image.';
vbphrase['ncode_imageresizer_warning_filesize'] = 'This image has been resized. Click this bar to view the full image.';
vbphrase['ncode_imageresizer_warning_no_filesize'] = 'This image has been resized. Click this bar to view the full image.';
vbphrase['ncode_imageresizer_warning_fullsize'] = 'Click this bar to view the small image.';
//-->
</script><script type="text/javascript">
<!--
function vba_attach_win(threadid)
{
openWindow('https://www.techsupportforum.com/forums/misc.php?do=showattachments&t=' + threadid, 480, 300);
}
-->
</script><!-- Analytics -->
<script type="text/javascript">
var _gaq = _gaq || [];
_gaq.push(['_setAccount', 'UA-30600410-16']);
_gaq.push(['_setDomainName', '.techsupportforum.com']);
_gaq.push(['_setCustomVar',1,'grp','guest', 2]);
_gaq.push (['_gat._anonymizeIp']); _gaq.push(['_trackPageview']);
(function() {
var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'https://www') + '.google-analytics.com/ga.js';
var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
})();
</script>
<!-- /Analytics -->

<script>
window.googlefc = window.googlefc || {}; googlefc.callbackQueue = googlefc.callbackQueue || [];
</script><!-- Comscore --><script type="text/javascript">
if (typeof googlefc == "object") {
googlefc.callbackQueue.push(function() {
if ( gfchelper.isAdProviderAllowed("comscore") ) {

var _comscore = _comscore || [];
_comscore.push({ c1: "2", c2: "6036030", c4: "techsupportforum.com" });
(function() {
var s = document.createElement("script"), el =
document.getElementsByTagName("script")[0]; s.async = true;
s.src = (document.location.protocol == "https:" ? "https://sb" :
"https://b") + ".scorecardresearch.com/beacon.js";
el.parentNode.insertBefore(s, el);
})();

};
});
}
</script><!-- /Comscore -->



<!-- Video Player -->
<script type="text/javascript" src="/videoplayer/jwplayer.js?v=1407419863"></script>
<script type="text/javascript" src="/videoplayer/playerscripts.min.js.php?v=1522173927"></script>
<!-- /Video Player -->

<!-- App Indexing for Google Search -->
<link href="android-app://com.quoord.tapatalkpro.activity/tapatalk/www.techsupportforum.com/forums?location=topic&amp;fid=50&amp;tid=1233576&amp;channel=google-indexing" rel="alternate" />
<link href="ios-app://307880732/tapatalk/www.techsupportforum.com/forums?location=topic&amp;fid=50&amp;tid=1233576&amp;channel=google-indexing" rel="alternate" />

<link href="https://groups.tapatalk-cdn.com/static/manifest/manifest.json" rel="manifest">

<meta name="apple-itunes-app" content="app-id=307880732, affiliate-data=at=10lR7C, app-argument=tapatalk://www.techsupportforum.com/forums?location=topic&fid=50&tid=1233576" />

<script type="text/javascript" src="https://www.techsupportforum.com/forums/clientscript/vbulletin_post_loader.js?v=388"></script>
<style type="text/css" id="vbulletin_showthread_css">
<!--

#links div { white-space: nowrap; }
#links img { vertical-align: middle; }
-->
</style>
<!-- Taboola Header -->
<script type="text/javascript">
if (typeof googlefc == "object") {
googlefc.callbackQueue.push(function() {
if ( gfchelper.isAdProviderAllowed("taboola") ) {
window._taboola = window._taboola || [];
_taboola.push({article:"auto"});
!function (e, f, u) {
e.async = 1;
e.src = u;
f.parentNode.insertBefore(e, f);
}(document.createElement("script"),
document.getElementsByTagName("script")[0],
'//cdn.taboola.com/libtrc/verticalscope-network/loader.js');
}
});
}
</script>
<!-- /Taboola Header -->

<link rel="stylesheet" type="text/css" href="vbseo/resources/css/vbseo_buttons.css?v=a4" />
<script type="text/javascript" src="vbseo/resources/scripts/vbseo_ui.js?v=a4"></script>

<script type="text/javascript">
YAHOO.util.Event.onDOMReady(function (){
vbseoui = new vBSEO_UI();
vbseoui.page_init(Array('postbody','blogbit','content','postcontainer','vbseo_like_postbit'), Array("php",1));
});
</script>

<style>
div.ams_gtsearch { min-height:20px; }
#navbar_search_menu input.gsc-input { min-width:120px; min-height:20px; }
div.ams_gtsearch .gsc-clear-button { display: none !important }
div.ams_gtsearch input {width: auto !important;}
div.ams_gtsearch input.gsc-input[type="text"] {padding-left: 2% !important; padding-right: 2% !important; width: 95% !important;}
div.ams_gtsearch input[type="submit"] , div.ams_gtsearch input[type="button"] {width: auto !important;}
.search_side_google_short .ams_gtsearch {width: auto !important}
.search_side_google_short+table {width: 100%}
.search_side_google_short div.ams_gtsearch input.gsc-input[type="text"] {width: 120px !important;}
</style>
<script>
vsamsgtsearches=[];
</script>

<!-- AMS TAG -->

<script type='text/javascript'>
var googletag = googletag || {};
googletag.cmd = googletag.cmd || [];
(function() {
var gads = document.createElement('script');
gads.async = true;
gads.type = 'text/javascript';
var useSSL = 'https:' == document.location.protocol;
gads.src = (useSSL ? 'https:' : 'http:') + '//www.googletagservices.com/tag/js/gpt.js';
var node = document.getElementsByTagName('script')[0];
node.parentNode.insertBefore(gads, node);
})();
</script>
<script id='dfpsetup' type='text/javascript'>
googletag.cmd.push(function() {

var dfpMapping728x90 = googletag.sizeMapping()
.addSize([320, 400], [320, 50])
.addSize([320, 700], [320, 50])
.addSize([480, 200], [320, 50])
.addSize([768, 200], [728, 90])
.addSize([1024, 200], [728, 90])
.build();

var dfpMapping728x90_Top = googletag.sizeMapping()
.addSize([320, 400], [320, 50])
.addSize([320, 700], [320, 50])
.addSize([480, 200], [320, 50])
.addSize([768, 200], [[728, 90], [970, 250]])
.addSize([1024, 200], [[728, 90], [970, 250]])
.build();

googletag
.defineSlot('/1030735/TechSupportForum_com_728x90_Top_TECH_Forum', [[728, 90], [320, 50]], 'TechSupportForum_com_728x90_Top_TECH_Forum')
.defineSizeMapping(dfpMapping728x90_Top)
.addService(googletag.pubads());

googletag
.defineSlot('/1030735/TechSupportForum_com_300x250_TopLeft_TECH_Forum', [300, 250], 'TechSupportForum_com_300x250_TopLeft_TECH_Forum')
.addService(googletag.pubads());

googletag
.defineSlot('/1030735/TechSupportForum_com_300x250_TopRight_TECH_Forum', [[300, 250], [300, 600]], 'TechSupportForum_com_300x250_TopRight_TECH_Forum')
.addService(googletag.pubads());

googletag
.defineSlot('/1030735/TechSupportForum_com_728x90_Bottom_TECH_Forum', [[728, 90], [320, 50]], 'TechSupportForum_com_728x90_Bottom_TECH_Forum')
.defineSizeMapping(dfpMapping728x90)
.addService(googletag.pubads());

googletag
.defineSlot('/1030735/TechSupportForum_com_300x250_TopRightVideo_TECH_Forum', [[300, 250], [300, 600]], 'TechSupportForum_com_300x250_TopRightVideo_TECH_Forum')
.addService(googletag.pubads());

googletag
.defineSlot('/1030735/TechSupportForum_com_300x250_TopRight1_TECH_Forum', [300, 250], 'TechSupportForum_com_300x250_TopRight1_TECH_Forum')
.addService(googletag.pubads());

googletag
.defineSlot('/1030735/TechSupportForum_com_1x1_SlimCut_TECH_Forum', [1, 1], 'TechSupportForum_com_1x1_SlimCut_TECH_Forum')
.addService(googletag.pubads());

googletag
.defineSlot('/1030735/TechSupportForum_com_1x1_SharethroughPostbit_TECH_Forum', [[1, 1], 'fluid'], 'TechSupportForum_com_1x1_SharethroughPostbit_TECH_Forum')
.addService(googletag.pubads());

googletag.pubads().setTargeting("sitename", "TechSupportForum.com");
googletag.pubads().setTargeting("make", "");
googletag.pubads().setTargeting("model", "");
googletag.pubads().setTargeting("group_id", "1");
googletag.pubads().setTargeting("group_name", "TSF Unregistered / Not Logged In");
googletag.pubads().setTargeting("forum_id", "50");
googletag.pubads().setTargeting("forum_name", "Virus/Trojan/Spyware Help");
googletag.pubads().setTargeting("PageID", "1233576");
googletag.pubads().setTargeting("VS1", "0");
googletag.pubads().setTargeting("VS2", "0");
googletag.pubads().setTargeting("registered", "false");
if (typeof(ccauds) != "undefined" && typeof(ccauds.Profile.tpid) != "undefined" && ccauds.Profile.tpid != "") {
googletag.pubads().setTargeting("tpid", ccauds.Profile.tpid);
} else {
googletag.pubads().setTargeting("tpid", "0");
}

googletag.pubads().enableSingleRequest();
deployads.push(function () { deployads.gpt.enableServices() });
});
googletag.cmd.push(function() {
googletag.pubads().set("adsense_background_color", "FFFFFF");
googletag.pubads().set("adsense_border_color", "FFFFFF");
googletag.pubads().set("adsense_link_color", "014a8f");
googletag.pubads().set("adsense_text_color", "000000");
googletag.pubads().set("adsense_url_color", "014a8f");
googletag.pubads().set("google_ad_bg", "FFFFFF");
googletag.pubads().set("google_ad_border", "FFFFFF");
googletag.pubads().set("google_ad_link", "014a8f");
googletag.pubads().set("google_ad_text", "000000");
googletag.pubads().set("google_ad_url", "014a8f");
googletag.pubads().set("page_url", "https://www.techsupportforum.com/forums/showthread.php?t=1233576");
});
</script>
<!-- Amazon Tag Bottom -->
<script type='text/javascript'>
var googletag = googletag || {};
googletag.cmd = googletag.cmd || [];
try { amznads.setTargetingForGPTAsync('passback'); } catch(e) { /*ignore*/}
</script>
<!-- /Amazon Tag Bottom -->

<!-- /AMS TAG -->

<script async type="text/javascript" src="https://cdn.threadloom.com/ga/d04da43010abd747e66832032480be0c.js"></script></head>
<body onload="">

<!-- Captify -->
<script type="text/javascript">
if (typeof googlefc == "object") {
googlefc.callbackQueue.push(function() {
if ( gfchelper.isAdProviderAllowed("captify") ) {
var _captifyAnalytics = _captifyAnalytics || [];
_captifyAnalytics.push("3");
(function(){var s=document.createElement("script"),
t=document.getElementsByTagName("script")[0];s.type="text/javascript";s.async=true;
s.defer=true;s.src="//p.cpx.to/p/11003/px.js?r="+(65536*(1+Math.random())|0).
toString(16);t.parentNode.insertBefore(s,t)})();
}
});
}
</script>
<!-- /Captify -->

<!-- Fcconsent -->
<script src="https://contributor.google.com/scripts/5e763cfe1b429dfd/loader.js"></script><script>window.googlefc = window.googlefc || {}; googlefc.callbackQueue = googlefc.callbackQueue || [];</script><script src="https://fundingchoices.google.com/f/AGSKWxWU-J4z37MRts2tjjLYAZbmNxzDm5E4Ym2j6ppGE6yTN_fbYq9I5Dk5RoXNqmp5j4_d-Y1crhw="></script><iframe name="googlefcPresent" style="display: none; width: 0px; height: 0px; border: none; z-index: -1000; left: -1000px; top: -1000px;"></iframe>
<script>
var gfchelper = window.gfchelper || {
adProviders: {"appnexus":"80","comscore":"62","dfp":"229","indexexchange":"126","liveramp":"12","openx":"363","rubicon":"1029","sovrn":"2706","taboola":"86","viglink":"fc-company-5e763cfe1b429dfd-6e55e8f0536e1a25","captify":"fc-company-5e763cfe1b429dfd-1b92ece10f25f7a"},
isAdProviderAllowed: function( providerName ) {
if (!providerName || typeof googlefc === "undefined" || typeof googlefc.getConsentedProviderIds === "undefined") {
return false;
}
// get google FC Consented provider Ids for the current site
let consentedIds = googlefc.getConsentedProviderIds() || [];
// Allow only those we want and are allowed
return !!consentedIds.find( p => gfchelper.adProviders[ providerName.toLowerCase() ] && p === gfchelper.adProviders[ providerName.toLowerCase() ] );
}
};
</script>
<!-- /Fcconsent -->


<!-- Captify -->
<script type="text/javascript">
if (typeof googlefc == "object") {
googlefc.callbackQueue.push(function() {
if ( gfchelper.isAdProviderAllowed("captify") ) {
var _captifyAnalytics = _captifyAnalytics || [];
_captifyAnalytics.push("3");
(function(){var s=document.createElement("script"),
t=document.getElementsByTagName("script")[0];s.type="text/javascript";s.async=true;
s.defer=true;s.src="//p.cpx.to/p/11003/px.js?r="+(65536*(1+Math.random())|0).
toString(16);t.parentNode.insertBefore(s,t)})();
}
});
}
</script>
<!-- /Captify -->

<!-- Fcconsent -->
<script src="https://contributor.google.com/scripts/5e763cfe1b429dfd/loader.js"></script><script>window.googlefc = window.googlefc || {}; googlefc.callbackQueue = googlefc.callbackQueue || [];</script><script src="https://fundingchoices.google.com/f/AGSKWxWU-J4z37MRts2tjjLYAZbmNxzDm5E4Ym2j6ppGE6yTN_fbYq9I5Dk5RoXNqmp5j4_d-Y1crhw="></script><iframe name="googlefcPresent" style="display: none; width: 0px; height: 0px; border: none; z-index: -1000; left: -1000px; top: -1000px;"></iframe>
<script>
var gfchelper = window.gfchelper || {
adProviders: {"appnexus":"80","comscore":"62","dfp":"229","indexexchange":"126","liveramp":"12","openx":"363","rubicon":"1029","sovrn":"2706","taboola":"86","viglink":"fc-company-5e763cfe1b429dfd-6e55e8f0536e1a25","captify":"fc-company-5e763cfe1b429dfd-1b92ece10f25f7a"},
isAdProviderAllowed: function( providerName ) {
if (!providerName || typeof googlefc === "undefined" || typeof googlefc.getConsentedProviderIds === "undefined") {
return false;
}
// get google FC Consented provider Ids for the current site
let consentedIds = googlefc.getConsentedProviderIds() || [];
// Allow only those we want and are allowed
return !!consentedIds.find( p => gfchelper.adProviders[ providerName.toLowerCase() ] && p === gfchelper.adProviders[ providerName.toLowerCase() ] );
}
};
</script>
<!-- /Fcconsent -->


<div id="page_wrap">
<!-- logo -->
<div id="site_header">

<div id="in_header">


<div id="head_image">
<a href="https://www.techsupportforum.com/forums/">
<img src="/forums/clear.gif" width="170" height="80" />
</a>
</div><!-- #head_image -->

<div id="head_right">
<div class="ams-vb-hook ams-728x90_Top" style="width:100%; text-align:center;"><div id="TechSupportForum_com_728x90_Top_TECH_Forum" style="width:auto; height:auto;">
<script type="text/javascript">
googletag.cmd.push(function() { googletag.display("TechSupportForum_com_728x90_Top_TECH_Forum"); });
</script>
</div></div>
</div><!-- #head_right -->

<div class="clear"></div>

<div id="nav_wrap">
<ul class="sf-menu sf-js-enabled sf-shadow">
<li class="current"><a href="/forums/">Tech Support Forum</a>
<ul>
<li><a href="/forums/f27/">Security Center</a>
<ul>
<li><a href="/forums/f50/">Virus/Trojan/Spyware Help</a></li>
<li><a href="/forums/f112/">General Computer Security</a></li>
<li><a href="/forums/f90/">Computer Security News</a></li>
</ul>
</li>
<li><a href="/forums/f4/">Microsoft Support</a>
<ul>
<li><a href="/forums/f299/">BSOD, Crashes And Hangs</a></li>
<li><a href="/forums/f338/">Windows 10 Support</a></li>
<li><a href="/forums/f320/">Windows 8, 8.1 Support</a></li>
<li><a href="/forums/f217/">Windows 7, Vista Support</a>
<li><a href="/forums/f10/">Windows XP Support</a></li>
<!--<li><a href="/forums/f6/">Win 98 &amp; ME Support</a></li>-->
<li><a href="/forums/f8/">Windows Servers</a></li>
<li><a href="/forums/f57/">Microsoft Office Support</a></li>
<li><a href="/forums/f361/">Internet Browsers and Email</a>
<ul>
<li><a href="/forums/f56/">Internet Explorer & Edge Forum</a></li>

<li><a href="/forums/f131/">Mozilla / Firefox Browsers</a></li>

<li><a href="/forums/f120/">Other Browsers</a></li>
<li><a href="/forums/f409/">Other Windows Software</a></li>

<li><a href="/forums/f369/">Email</a></li>
</ul>
</li>
</ul>
</li>
<li><a href="/forums/f130/">Alternative Computing</a>
<ul>
<li><a href="/forums/f64/">Linux Support</a></li>
<li><a href="/forums/f65/">Mac Support</a></li>
<li><a href="/forums/f132/">Other Operating Systems</a></li>


</ul>
</li>
<li><a href="/forums/f14/">Hardware Support</a>
<ul>
<li><a href="/forums/f273/">Overclocking</a></li>
<li><a href="/forums/f15/">Motherboards, Bios &amp; CPU</a></li>
<li><a href="/forums/f16/">Hard Drive Support</a></li>
<li><a href="/forums/f149/">Removable Media Drives</a></li>
<li><a href="/forums/f210/">RAM &amp; Power Supply</a></li>
<li><a href="/forums/f23/">Sound Cards</a></li>
<li><a href="/forums/f76/">Case Mod</a></li>
<li><a href="/forums/f19/">Driver Support</a></li>
<li><a href="/forums/f24/">Video Card Support</a></li>
<li><a href="/forums/f109/">Printer Support</a></li>
<li><a href="/forums/f108/">Laptop Support</a></li>
<li><a href="/forums/f255/">Building</a></li>
<li><a href="/forums/f25/">Other Hardware Support</a></li>
</ul>
</li>
<li><a href="/forums/f134/">Networking Forum</a>
<ul>
<li><a href="/forums/f31/">Networking Support</a></li>
<li><a href="/forums/f135/">Modems / Cable / DSL / Satellite</a></li>
<li><a href="/forums/f136/">Cabling &amp; Network Cards</a></li>
<li><a href="/forums/f137/">Protocols &amp; Routing</a></li>
<li><a href="/forums/f138/">File &amp; Application Sharing</a></li>
<li><a href="/forums/f139/">Security &amp; Firewalls</a></li>
</ul>
</li>
<li><a href="/forums/f211/">The IT Pro</a>
<ul>
<li><a href="/forums/f30/">Certification &amp; Career</a></li>
<li><a href="/forums/f433/">Computer Business</a></li>
<li><a href="/forums/f128/">Programming</a></li>
</ul>
</li>
<li><a href="/forums/f141/">Gaming Forum</a>
<ul>
<li><a href="/forums/f59/">PC Gaming Support</a></li>
<li><a href="/forums/f269/">Game Installation Support</a></li>
<li><a href="/forums/f142/">Console Gaming Support</a></li>
<li><a href="/forums/f222/">Online/Network Gaming Support</a></li>
<li><a href="/forums/f290/">Mods &amp; Maps</a></li>
<li><a href="/forums/f219/">Gaming Discussion</a></li>
</ul>
</li>
<li><a href="/forums/f165/">Design Forum</a>
<ul>
<li><a href="/forums/f49/">Web Design &amp; Dev</a></li>
<li><a href="/forums/f159/">Graphic Design/Multimedia</a></li>
<li><a href="/forums/f167/">Web Serving &amp; Management</a></li>
<li><a href="/forums/f168/">Design Discussion &amp; FAQ</a></li>
<li><a href="/forums/f185/">Website Design Counsel</a></li>
</ul>
</li>
<li><a href="/forums/f316/">Smart Devices</a>
<ul>
<li><a href="/forums/f310/">Apple iOS</a></li>
<li><a href="/forums/f312/">Android OS</a></li>
<!--<li><a href="/forums/f315/">Blackberry/RIM OS</a></li>-->
<li><a href="/forums/f311/">Palm WebOS</a></li>
<li><a href="/forums/f317/">Windows Mobile</a></li>
<li><a href="/forums/f313/">Other Mobile</a></li>
</ul>
</li>
</ul>
</li>
<li><a href="/">Tech Support Articles</a>
<ul>
<li><a href="/category/apple/">Apple</a></li>
<li><a href="/category/certification/">Certification</a></li>
<li><a href="/category/gaming/">Gaming</a></li>
<li><a href="/category/general/">General</a></li>
<li><a href="/category/hardware/">Hardware</a></li>
<li><a href="/category/internet/">Internet</a></li>
<li><a href="/category/linux/">Linux</a></li>
<li><a href="/category/networking/">Networking</a></li>
<li><a href="/category/photography-imaging/">Photography</a></li>
<li><a href="/category/security/">Security</a></li>
<li><a href="/category/software/">Software</a></li>
<li><a href="/category/tips-tricks/">Tips &amp; Tricks</a></li>
<li><a href="/category/windows/">Windows</a></li>
</ul>
</li>

<li><a href="/forums/security-center/hijackthis-log-help/305963-new-instructions-read-before-posting-malware-removal-help.html">Spyware 1st Steps</a></li>
<li><a rel="nofollow" href="/forums/misc.php?do=sknetwork&amp;page=rules">Rules</a></li>

<li class="searchbar">
<form action="https://www.techsupportforum.com/forums/searchresults.php" id="cse-search-box" target="_top">
<input type="hidden" name="cx" value="partner-pub-7865546952023728:1689100987" />
<input type="hidden" name="cof" value="FORID:9" />
<input class="inputbox inlineimg googlesearch" type="text" name="q" size="18" size="25" />
<input type="image" src="images/sk/misc/search_button.png" class="inlineimg" name="sa" value="Go" />
</form><script type="text/javascript" src="https://www.google.com/coop/cse/brand?form=cse-search-box&amp;lang=en"></script>
</li>
</ul>
</div><!-- #nav_wrap -->

<div id="below_nav">
&nbsp;
</div>

</div><!-- #in_header -->

</div><!-- #site_header -->
<!-- /logo -->

<!-- content table -->
<!-- open content container -->

<div align="center">
<div class="page" style="width:100%; text-align:left">
<div style="padding:0px 25px 0px 25px" align="left">




<!-- AMS HEADER ABOVE BODY -->

<!-- AMS TOP LINK UNIT -->

<center>
<style>
.ad-300x250{ width:900px; position:relative; margin: 0px auto 15px; }
.ad-300x250 div{ position:absolute; width:300px; height:250px; top: 4px; left: 4px;overflow:hidden }

</style>
<div class="ad-300x250">

<div class="ams-vb-hook ams-300x250_TopLeft" style="width:100%; text-align:center;"><div id="TechSupportForum_com_300x250_TopLeft_TECH_Forum" style="width:auto; height:auto;">
<script type="text/javascript">
googletag.cmd.push(function() { googletag.display("TechSupportForum_com_300x250_TopLeft_TECH_Forum"); });
</script>
</div></div>

<img src="https://www.techsupportforum.com/forums/images/sk/misc/registration_bg.jpg" alt="" width="900" height="258" ism="false"/></div>
</center><p>



<!-- breadcrumb, login, pm info -->
<div class="tborder">
<table cellpadding="8" cellspacing="0" border="0" width="100%" align="center">
<tr>
<td class="alt1" width="100%">

<table cellpadding="0" cellspacing="0" border="0">
<tr valign="bottom">
<td><a href="https://www.techsupportforum.com/forums/f50/ie-on-severe-go-slow-1233576.html#" onclick="history.back(1); return false;"><img src="https://www.techsupportforum.com/forums/images/sk/misc/navbits_start.gif" alt="Go Back" border="0" /></a></td>
<td>&nbsp;</td>
<td width="100%"><span class="navbar"><a href="https://www.techsupportforum.com/forums/" accesskey="1">Tech Support Forum</a></span>
<span class="navbar">&gt; <a href="https://www.techsupportforum.com/forums/f27/">Security Center</a></span>


<span class="navbar">&gt; <a href="https://www.techsupportforum.com/forums/f50/">Virus/Trojan/Spyware Help</a></span>

</td>
</tr>
<tr>
<td class="navbar" style="font-size:10pt; padding-top:1px" colspan="3"><a href="https://www.techsupportforum.com/forums/f50/ie-on-severe-go-slow-1233576.html"><img class="inlineimg" src="https://www.techsupportforum.com/forums/images/sk/misc/navbits_finallink_ltr.gif" alt="Reload this Page" border="0" /></a> <strong>
IE on severe go slow...

</strong></td>
</tr>
</table>

</td>



<td class="alt2" nowrap="nowrap" style="padding:0px">

<!-- login form -->
<form action="https://www.techsupportforum.com/forums/login.php?do=login" method="post" onsubmit="md5hash(vb_login_password, vb_login_md5password, vb_login_md5password_utf, 1)">
<table cellpadding="0" cellspacing="3" border="0">
<tr>
<td class="smallfont" style="white-space: nowrap;"><label for="navbar_username">User Name</label></td>
<td><input type="text" class="bginput" style="font-size: 11px" name="vb_login_username" id="navbar_username" size="10" accesskey="u" tabindex="101" value="User Name" onfocus="if (this.value == 'User Name') this.value = '';" /></td>
<td class="smallfont" nowrap="nowrap"><label for="cb_cookieuser_navbar"><input type="checkbox" name="cookieuser" value="1" tabindex="103" id="cb_cookieuser_navbar" accesskey="c" />Remember Me?</label></td>
</tr>
<tr>
<td class="smallfont"><label for="navbar_password">Password</label></td>
<td><input type="password" class="bginput" style="font-size: 11px" name="vb_login_password" id="navbar_password" size="10" tabindex="102" /></td>
<td><input type="submit" class="button" value="Log in" tabindex="104" title="Enter your username and password in the boxes provided to login, or click the 'register' button to create a profile for yourself." accesskey="s" /></td>
</tr>
</table>
<input type="hidden" name="s" value="" />
<input type="hidden" name="securitytoken" value="guest" />
<input type="hidden" name="do" value="login" />
<input type="hidden" name="vb_login_md5password" />
<input type="hidden" name="vb_login_md5password_utf" />
</form>
<!-- / login form -->

</td>



</tr>
</table>
<!-- / breadcrumb, login, pm info -->

<!-- nav buttons bar -->
<div style="padding:0px; border-top-width:0px">
<table cellpadding="0" cellspacing="0" border="0" width="100%" align="center">
<tr align="center">
<td class="vbmenu_control"><a href="https://www.techsupportforum.com/forums/"></a></td>


<td id="sitemap" class="vbmenu_control"><a href="https://www.techsupportforum.com/forums/f50/ie-on-severe-go-slow-1233576.html#sitemap">Site Map</a> <script type="text/javascript"> vbmenu_register("sitemap"); </script></td>

<td class="vbmenu_control"><a rel="nofollow" href="https://www.techsupportforum.com/cmps_index.php?page=postinghelp">Posting Help</a></td>


<td class="vbmenu_control"><a href="https://www.techsupportforum.com/forums/register.php" onclick="evokeRegistrationPopup(event)" rel="nofollow">Register</a></td>


<td class="vbmenu_control"><a rel="nofollow" href="https://www.techsupportforum.com/forums/misc.php?do=sknetwork&amp;page=rules" accesskey="5">Rules</a></td>






<td class="vbmenu_control"><a href="https://www.techsupportforum.com/forums/search.php?do=getdaily" accesskey="2">Today's Posts</a></td>

<td id="navbar_search" class="vbmenu_control"><a href="https://www.techsupportforum.com/forums/search.php" accesskey="4" rel="nofollow">Search</a> <script type="text/javascript"> vbmenu_register("navbar_search"); </script></td>









<td class="vbmenu_control"><a href="https://www.techsupportforum.com/forums/advertise.php">Advertise</a></td>


</tr>
</table>
</div>
<!-- / nav buttons bar -->
</div>

<br />






<!-- NAVBAR POPUP MENUS -->

<!-- Site Map Menu -->
<div class="vbmenu_popup" id="sitemap_menu" style="display:none">
<table cellpadding="4" cellspacing="1" border="0">

<tr><td class="thead">Site Map</td></tr>
<tr><td class="vbmenu_option"><a href="https://www.techsupportforum.com">Home</a></tr>

<tr><td class="vbmenu_option"><a rel="nofollow" href="https://www.techsupportforum.com/forums/misc.php?do=sknetwork&amp;page=rules">Forum Rules</a></tr>

<td class="vbmenu_control"><a href="https://www.techsupportforum.com/forums/glossary.php"></a></td>



<tr><td class="vbmenu_option"><a href="https://www.techsupportforum.com/forums/members/list/">Members List</a></tr>


<tr><td class="vbmenu_option"><a href="https://www.techsupportforum.com/forums/sendmessage.php">Contact Us</a></tr>




</table>
</div>
<!-- / Site Map Menu -->


<!-- community link menu -->
<div class="vbmenu_popup" id="community_menu" style="display:none;margin-top:3px" align="left">
<table cellpadding="4" cellspacing="1" border="0">
<tr><td class="thead">Community Links</td></tr>



<tr><td class="vbmenu_option"><a href="https://www.techsupportforum.com/forums/members/albums.html">Pictures &amp; Albums </a></td></tr>



<tr><td class="vbmenu_option"><a href="https://www.techsupportforum.com/forums/members/list/">Members List</a></td></tr>

<tr><td class="vbmenu_option"><a rel="nofollow" href="https://www.techsupportforum.com/forums/usertag.php?do=statistics">User Tagging Statistics</a></td></tr>
<!--DBT_PRO_START--><tr><td class="vbmenu_option"><a rel="nofollow" href="https://www.techsupportforum.com/forums/usertag.php?do=list&amp;action=hashes">Hash Tag Subscriptions</a></td></tr><!--DBT_PRO_END-->
</table>
</div>
<!-- / community link menu -->



<!-- header quick search form -->
<div class="vbmenu_popup" id="navbar_search_menu" style="display:none;margin-top:3px" align="left">
<table cellpadding="4" cellspacing="1" border="0">
<tr>
<td class="thead">Search Forums</td>
</tr>
<tr>
<td class="vbmenu_option" title="nohilite">
<form action="https://www.techsupportforum.com/forums/search.php?do=process" method="post">
<input type="hidden" name="do" value="process" />
<input type="hidden" name="quicksearch" value="1" />
<input type="hidden" name="childforums" value="1" />
<input type="hidden" name="exactname" value="1" />
<input type="hidden" name="s" value="" />
<input type="hidden" name="securitytoken" value="guest" />
<div><input type="text" class="bginput" name="query" size="25" tabindex="1001" /><input type="submit" class="button" value="Go" tabindex="1004" /></div>
<div style="margin-top:8px">
<label for="rb_nb_sp0"><input type="radio" name="showposts" value="0" id="rb_nb_sp0" tabindex="1002" checked="checked" />Show Threads</label>
&nbsp;
<label for="rb_nb_sp1"><input type="radio" name="showposts" value="1" id="rb_nb_sp1" tabindex="1003" />Show Posts</label>
</div>
</form>
</td>
</tr>

<tr>
<td class="vbmenu_option"><a href="https://www.techsupportforum.com/forums/tags/" rel="nofollow">Tag Search</a></td>
</tr>

<tr>
<td class="vbmenu_option"><a href="https://www.techsupportforum.com/forums/search.php" accesskey="4" rel="nofollow">Advanced Search</a></td>
</tr>
<tr>
<td class='thead' align='left'>Google Search</td>
</tr>
<tr>
<td class='vbmenu_option' title='nohilite'><div class="ams_gtsearch" style="width: 250px; margin:auto;" id="cse_gtsearch_form"></div>
<script>
vsamsgtsearches.push("cse_gtsearch_form");
</script></td>
</tr>
</table>
</div>
<!-- / header quick search form -->




<!-- view posts menu -->
<div class="vbmenu_popup" id="viewposts_menu" style="display:none" align="left">
<table cellpadding="4" cellspacing="1" border="0">
<tr><td class="thead">View Posts</td></tr>
<tr><td class="vbmenu_option"><a rel="nofollow" href="https://www.techsupportforum.com/forums/search.php?do=getnew">New Posts</a></td></tr>
<tr><td class="vbmenu_option"><a rel="nofollow" href="https://www.techsupportforum.com/forums/search.php?do=finduser&amp;userid=0">Your Posts</a></td></tr>
</table>
</div>

<!-- / NAVBAR POPUP MENUS -->

<!-- PAGENAV POPUP -->

<div class="vbmenu_popup" id="pagenav_menu" style="display:none" align="left">
<table cellpadding="4" cellspacing="1" border="0">
<tr>
<td class="thead" nowrap="nowrap">Go to Page...</td>
</tr>
<tr>
<td class="vbmenu_option" title="nohilite">
<form action="https://www.techsupportforum.com/forums/" method="get" onsubmit="return this.gotopage()" id="pagenav_form">
<input type="text" class="bginput" id="pagenav_itxt" style="font-size:11px" size="4" />
<input type="button" class="button" id="pagenav_ibtn" value="Go" />
</form>
</td>
</tr>
</table>
</div>

<!-- / PAGENAV POPUP -->










<!-- forum side column -->
<!-- AMS NAVBAR BOTTOM -->



<table align="center" class="page" cellspacing="0" cellpadding="0" width="100%">
<tr valign="top">


<td valign="top">




<form method="post" action="https://www.techsupportforum.com/forums/usertag.php">
<table class="tborder" cellpadding="8" cellspacing="0" border="0" width="100%" align="center">
<thead>
<tr style="padding-top:5px;">
<td class="tcat"><a rel="nofollow" href="https://www.techsupportforum.com/forums/usertag.php?do=list&amp;action=tags&amp;t=1233576">User Tag List</a></td>
</tr>
</thead>
<tbody>


</tbody>
</table>
<input type="hidden" name="s" value="" />
<input type="hidden" name="securitytoken" value="guest" />
<input type="hidden" name="do" value="threadtag" />
<input type="hidden" name="action" value="update" />
<input type="hidden" name="threadid" value="1233576" />
</form>
<br />


<font size=1pt><h1>IE on severe go slow...</h1></font>
<p id="relevant_replacement">This is a discussion on <em>IE on severe go slow...</em> within the <b>Virus/Trojan/Spyware Help</b> forums, part of the Tech Support Forum category. Hi there :)

I came here before for help with a problem and Chemist very kindly helped me out. Basically, </p>
<br>




<a name="poststop" id="poststop"></a>

<!-- controls above postbits -->
<table cellpadding="0" cellspacing="0" border="0" width="100%" style="margin-bottom:3px">
<tr valign="bottom">

<td class="smallfont"><a href="https://www.techsupportforum.com/forums/newreply.php?do=newreply&amp;noquote=1&amp;p=7717532" rel="nofollow"><img src="https://www.techsupportforum.com/forums/images/sk/buttons_v5/reply.gif" alt="Reply" border="0" /></a></td>


</tr>
</table>
<!-- / controls above postbits -->

<!-- toolbar -->
<table class="tborder" cellpadding="8" cellspacing="0" width="100%" align="center">

<tr>
<td class="tcat" width="100%">
<div class="smallfont">

<a href="https://www.techsupportforum.com/forums/f50/ie-on-severe-go-slow-1233576.html#post7717730"><img class="inlineimg" src="https://www.techsupportforum.com/forums/images/sk/buttons_v5/firstnew.gif" alt="View First Unread" border="0" /></a>
<a href="https://www.techsupportforum.com/forums/f50/ie-on-severe-go-slow-1233576.html#post7717730"><strong>View First Unread</strong></a>

&nbsp;
</div>
</td>
<td class="tcat" id="threadtools" nowrap="nowrap">
<a rel="nofollow" href="https://www.techsupportforum.com/forums/f50/ie-on-severe-go-slow-1233576.html?nojs=1#goto_threadtools" accesskey="3">Thread Tools</a>
<script type="text/javascript"> vbmenu_register("threadtools"); </script>
</td>

<td class="tcat" id="threadsearch" nowrap="nowrap">
<a rel="nofollow" href="https://www.techsupportforum.com/forums/f50/ie-on-severe-go-slow-1233576.html?nojs=1#goto_threadsearch">Search this Thread</a>
<script type="text/javascript"> vbmenu_register("threadsearch"); </script>
</td>






</tr>





</table>
<!-- / toolbar -->



<!-- end content table -->

<!-- / end content table -->





<div id="posts"><!-- AMS TOP SHOWTHREAD LINK UNIT -->
<!-- post #7717532 -->


<div id="edit7717532" style="padding:0px 0px 8px 0px">
<!-- this is not the last post shown on the page -->



<table id="post7717532" class="tborder vbseo_like_postbit" style="border:1px solid #adadad;" cellpadding="8" cellspacing="0" border="0" width="100%" align="center">
<tr>

<td class="thead" style="font-weight:normal; border: 0px solid #ffffff; border-right: 0px" >
<!-- status icon and date -->
<a name="post7717532"><img class="inlineimg" src="https://www.techsupportforum.com/forums/images/sk/statusicon_2/post_old.gif" alt="Old" border="0" /></a>
12-03-2018, 02:16 PM

<!-- / status icon and date -->
</td>
<td class="thead" style="font-weight:normal; border: 0px solid #ffffff; border-left: 0px" align="right">
&nbsp;
#<a href="https://www.techsupportforum.com/forums/f50/ie-on-severe-go-slow-1233576.html#post7717532" id="postcount7717532" name="1" title="permalink"><strong>1</strong></a>

</td>

</tr>
<tr valign="top">
<td class="userarea" width="150">

<div id="postmenu_7717532">

<a rel="nofollow" class="bigusername" href="https://www.techsupportforum.com/forums/members/lassie-119157.html">Lassie</a>


</div>

<div class="smallfont">Registered Member</div>








<div class="smallfont">
&nbsp;<br />
<div>Join Date: Aug 2006</div>
<div>Location: NE Scotland</div>

<div>
Posts: 50
</div>
<div>
<b>OS</b>: Windows 8.1
</div>
<!--System Specs-->
<br />

<br />
<!--/System Specs-->





<div> </div>
</div>

</td>

<td class="alt1" id="td_post_7717532" style="border-right: 0px solid #ffffff">



<!-- icon and title -->
<div class="smallfont">


</div>
<hr size="1" style="color:#ffffff; background-color:#ffffff" />
<!-- / icon and title -->


<!-- message -->
<div id="post_message_7717532">

Hi there :)<br />
<br />
I came here before for help with a problem and Chemist very kindly helped me out. Basically, for the past few weeks and its been steadily getting worse, IE will run extremely slow and end up freezing. When I hit F5, the page seems to take forever to load.<br />
<br />
Everything seems to be up to date on here. I have to download DDS from the given link but it will not run as it says it can't run in compatability mode. <br />
<br />
<br />
<br />
Sorry, I cannot post any logs until I can get DDS to run..<img src="https://www.techsupportforum.com/images/smilies/1-confused.gif" border="0" alt="" title="1 Confused" class="inlineimg" /><!-- AMS FIRST IN POST -->
</div>
<!-- / message -->




<div class="vbseo_buttons" id="lkbtn_1.1233576.7717532">

<div class="alt2 vbseo_liked" style="display:none"></div>


</div>

<!-- Start Video -->



<!-- Start of Brightcove Player -->

<div style="display:none">

</div>

<!-- TAG START { player: "IDG.US_NET_TechSupportForums.com", owner: "IDG", for: "IDG" } -->
<div class="vdb_player vdb_5559f665e4b04a592de57cd351b6b137e4b024cd0d33d90c">
<script type='text/javascript' src="//delivery.vidible.tv/jsonp/pid=5559f665e4b04a592de57cd3/51b6b137e4b024cd0d33d90c.js"></script>
</div>
<!-- TAG END { date: 05/18/15 } -->


<!-- End of Brightcove Player -->


<!-- guests -->
<!-- End Video -->












</td>
</tr>
<tr>
<td class="userarea" width="150">
<img class="inlineimg" src="https://www.techsupportforum.com/forums/images/sk/statusicon_2/user_offline.gif" alt="Lassie is offline" border="0" />






&nbsp;
</td>

<td class="alt1" align="right" style="border: 0px solid #ffffff; border-left: 0px; border-top: 0px">

<!-- controls -->



<a href="https://www.techsupportforum.com/forums/newreply.php?do=newreply&amp;p=7717532" rel="nofollow"><img src="https://www.techsupportforum.com/forums/images/sk/buttons_v5/quote.gif" alt="Reply With Quote" border="0" /></a>










<!-- / controls -->
</td>
</tr>
</table>


<!-- post 7717532 popup menu -->

<!-- / post 7717532 popup menu -->
<!--System Specs-->

<!--/System Specs--><!-- AMS BELOW 1 POST -->


</div>


<!-- / post #7717532 -->

<div id="edit_vp1" class="vs_dfp_standard_postbit_container" style="padding:0px 0px 6px 0px; ">
<table class="tborder vs_dfp_standard_postbit_ad" cellpadding="8" cellspacing="0" width="100%" align="center" style="border:1px solid #adadad;">
<tbody>
<tr>
<td class="thead" style="line-height:1.4em;" colspan="2">
<div>
<span style="float:right;font-weight:normal">
<a href="https://www.techsupportforum.com/forums/register.php" onclick="evokeRegistrationPopup(event)">Remove Advertisements</a>
</span>
</div>Sponsored Links
</td>
</tr>
<tr valign="top">
<td class="userarea" width="150px">
<div>
<a class="bigusername" style="font-size: 10pt;" href="https://www.techsupportforum.com/forums">TechSupportForum.com</a>
</div>
<div class="smallfont">Advertisement</div>
<div>&nbsp;<br></div>
</td>
<td class="alt1">
<table cellpadding="2" cellspacing="2" border="0" width="100%" align="left">
<tbody><tr> <td align="left">
<div style="width:100%; text-align:left;">

<span id="nointelliTXT">
<script type="text/javascript"><!--
google_ad_client = "ca-pub-7865546952023728";
google_ad_slot = "4896757644";
google_override_format = true;
google_ad_width = 500;
google_ad_height = 250;
google_ad_type = "text";
google_color_link = "014a8f";
google_color_url = "014a8f";
google_color_bg = "FFFFFF";

google_language = "en";
//-->
</script>
<script type="text/javascript" src="https://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
</span>

</div>
</td><td></td></tr></tbody>
</table>
</td>
</tr>
</tbody>
</table>
</div>
<!-- AMS BELOW FIRST POST -->
<!-- post #7717570 -->


<div id="edit7717570" style="padding:0px 0px 8px 0px">
<!-- this is not the last post shown on the page -->



<table id="post7717570" class="tborder vbseo_like_postbit" style="border:1px solid #adadad;" cellpadding="8" cellspacing="0" border="0" width="100%" align="center">
<tr>

<td class="thead" style="font-weight:normal; border: 0px solid #ffffff; border-right: 0px" >
<!-- status icon and date -->
<a name="post7717570"><img class="inlineimg" src="https://www.techsupportforum.com/forums/images/sk/statusicon_2/post_old.gif" alt="Old" border="0" /></a>
12-04-2018, 04:39 AM

<!-- / status icon and date -->
</td>
<td class="thead" style="font-weight:normal; border: 0px solid #ffffff; border-left: 0px" align="right">
&nbsp;
#<a href="https://www.techsupportforum.com/forums/f50/ie-on-severe-go-slow-1233576.html#post7717570" id="postcount7717570" name="2" title="permalink"><strong>2</strong></a>

</td>

</tr>
<tr valign="top">
<td class="userarea" width="150">

<div id="postmenu_7717570">

<a rel="nofollow" class="bigusername" href="https://www.techsupportforum.com/forums/members/chemist-190057.html"><font color=red><b>chemist</font></b></a>


</div>

<div class="smallfont">Security Team <br>Moderator, Analyst <br>Rangemaster, TSF Academy</div>




<div class="smallfont">
&nbsp;<br /><a rel="nofollow" href="https://www.techsupportforum.com/forums/members/chemist-190057.html"><img src="/attachments/customavatars/avatar190057_1.gif" width="75" height="71" alt="chemist's Avatar" border="0" /></a>
</div>
Lassie is offline  
Old 12-11-2018, 02:20 PM   #12
Registered Member
 
Join Date: Aug 2006
Location: NE Scotland
Posts: 54
OS: Windows 8.1



<img src="/forums/clear.gif" width="10" height="6"><br />
<img src="/forums/images/sk/misc/ms_mvp.png" alt="Microsoft Most Valuable Professional" />


<div class="smallfont">
&nbsp;<br />
<div>Join Date: Oct 2007</div>
<div>Location: Georgia</div>

<div>
Posts: 29,718
</div>
<div>
<b>OS</b>: XP/Win7/Win10
</div>
<!--System Specs-->
<br />

<br />
<!--/System Specs-->





<div> </div>
</div>

</td>

<td class="alt1" id="td_post_7717570" style="border-right: 0px solid #ffffff">



<!-- icon and title -->
<div class="smallfont">


</div>
<hr size="1" style="color:#ffffff; background-color:#ffffff" />
<!-- / icon and title -->


<!-- message -->
<div id="post_message_7717570">

Hello and Welcome to TSF. <br />
<br />
If you haven't already, please <b>Subscribe to this Thread</b> to get immediate notification of replies as soon as they are posted. To do this click <b>Thread Tools</b>, then click <b>Subscribe to this Thread</b>. Make sure it is set to <b>Instant notification by email</b>, then click <b>Add Subscription</b>.<br />
<br />
<font color="blue">Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.</font><br />
<br />
------------------------------------------------------<br />
<br />
Please download <font color="blue"><b>AdwCleaner</b></font> from <a rel="nofollow" href="https://www.bleepingcomputer.com/download/adwcleaner/" target="_blank">here</a> and save it to your desktop.<ul><li>Run <b>AdwCleaner</b> and select <b><font color="red">Scan</font></b></li>
<li>Once the Scan is done, select <b><font color="red">Clean</font></b></li>
<li>Once done it will ask to reboot, please allow the reboot.</li>
<li>On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt</li>
<li>Please copy/paste the contents of the log in your next reply.</li>
</ul>------------------------------------------------------<br />
<br />
Please download <a rel="nofollow" href="https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/" target="_blank">Farbar Recovery Scan Tool</a> and save it to your desktop.<ul><li>Double-click <b>FRST64</b> to run it. When the tool opens click <b>Yes</b> to the disclaimer.</li>
<li>Make sure the <b>Addition.txt</b> button is ticked.</li>
<li>Press <b>Scan</b> button.</li>
<li>It will make a log (<b>FRST.txt</b>) in the same directory the tool is run. Please copy and paste it to your reply.</li>
<li>It also makes another log (<b>Addition.txt</b>). Please attach it to your reply.</li>
</ul>------------------------------------------------------<!-- AMS SECOND IN POST -->
</div>
<!-- / message -->




<div class="vbseo_buttons" id="lkbtn_1.1233576.7717570">

<div class="alt2 vbseo_liked" style="display:none"></div>


</div>






<!-- sig -->
<div>
__________________<br />
<div align="center"><font size="1"><font color="Blue">Our services are free, but you may contribute to the author of ComboFix via <a rel="nofollow" href="https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=combofix%40live%2ecom&item_name=ComboFix&no_shipping=0&no_note=1&tax=0&currency_code=USD&bn=PP%2dDonationsBF&charset=UTF%2d8" target="_blank">PayPal</a></font></font></div><br />
<div align="center"><img src="https://www.techsupportforum.com/banners/tsf-sec.gif" border="0" alt="" onload="NcodeImageResizer.createOn(this);" /></div><div align="center"><font size="1"><font color="blue">Proud member of</font> <a rel="nofollow" href="https://www.uniteagainstmalware.com/" target="_blank"><font color="blue">UNITE</font></a></font></div><br />
<div align="center"><font color="blue">Microsoft MVP</font> - Consumer Security 2014, 2015</div>
</div>
<!-- / sig -->






</td>
</tr>
<tr>
<td class="userarea" width="150">
<img class="inlineimg" src="https://www.techsupportforum.com/forums/images/sk/statusicon_2/user_offline.gif" alt="chemist is offline" border="0" />






&nbsp;
</td>

<td class="alt1" align="right" style="border: 0px solid #ffffff; border-left: 0px; border-top: 0px">

<!-- controls -->



<a href="https://www.techsupportforum.com/forums/newreply.php?do=newreply&amp;p=7717570" rel="nofollow"><img src="https://www.techsupportforum.com/forums/images/sk/buttons_v5/quote.gif" alt="Reply With Quote" border="0" /></a>










<!-- / controls -->
</td>
</tr>
</table>


<!-- post 7717570 popup menu -->

<!-- / post 7717570 popup menu -->
<!--System Specs-->

<!--/System Specs--><!-- AMS BELOW 2 POST -->


</div>


<!-- / post #7717570 -->

<!-- post #7717640 -->


<div id="edit7717640" style="padding:0px 0px 8px 0px">
<!-- this is not the last post shown on the page -->



<table id="post7717640" class="tborder vbseo_like_postbit" style="border:1px solid #adadad;" cellpadding="8" cellspacing="0" border="0" width="100%" align="center">
<tr>

<td class="thead" style="font-weight:normal; border: 0px solid #ffffff; border-right: 0px" >
<!-- status icon and date -->
<a name="post7717640"><img class="inlineimg" src="https://www.techsupportforum.com/forums/images/sk/statusicon_2/post_old.gif" alt="Old" border="0" /></a>
12-04-2018, 02:17 PM

<!-- / status icon and date -->
</td>
<td class="thead" style="font-weight:normal; border: 0px solid #ffffff; border-left: 0px" align="right">
&nbsp;
#<a href="https://www.techsupportforum.com/forums/f50/ie-on-severe-go-slow-1233576.html#post7717640" id="postcount7717640" name="3" title="permalink"><strong>3</strong></a>

</td>

</tr>
<tr valign="top">
<td class="userarea" width="150">

<div id="postmenu_7717640">

<a rel="nofollow" class="bigusername" href="https://www.techsupportforum.com/forums/members/lassie-119157.html">Lassie</a>


</div>

<div class="smallfont">Registered Member</div>








<div class="smallfont">
&nbsp;<br />
<div>Join Date: Aug 2006</div>
<div>Location: NE Scotland</div>

<div>
Posts: 50
</div>
<div>
<b>OS</b>: Windows 8.1
</div>
<!--System Specs-->
<br />

<br />
<!--/System Specs-->





<div> </div>
</div>

</td>

<td class="alt1" id="td_post_7717640" style="border-right: 0px solid #ffffff">



<!-- icon and title -->
<div class="smallfont">


</div>
<hr size="1" style="color:#ffffff; background-color:#ffffff" />
<!-- / icon and title -->


<!-- message -->
<div id="post_message_7717640">

Hi Chemist :)<br />
<br />
Here is the log from AdwCleaner:<br />
<br />
# -------------------------------<br />
# Malwarebytes AdwCleaner 7.2.4.0<br />
# -------------------------------<br />
# Build: 09-25-2018<br />
# Database: 2018-12-03.1 (Cloud)<br />
# Support: <a rel="nofollow" href="https://www.malwarebytes.com/support" target="_blank">https://www.malwarebytes.com/support</a><br />
#<br />
# -------------------------------<br />
# Mode: Clean<br />
# -------------------------------<br />
# Start: 12-04-2018<br />
# Duration: 00:00:06<br />
# OS: Windows 8.1<br />
# Cleaned: 1<br />
# Failed: 0<br />
<br />
<br />
***** [ Services ] *****<br />
<br />
No malicious services cleaned.<br />
<br />
***** [ Folders ] *****<br />
<br />
No malicious folders cleaned.<br />
<br />
***** [ Files ] *****<br />
<br />
No malicious files cleaned.<br />
<br />
***** [ DLL ] *****<br />
<br />
No malicious DLLs cleaned.<br />
<br />
***** [ WMI ] *****<br />
<br />
No malicious WMI cleaned.<br />
<br />
***** [ Shortcuts ] *****<br />
<br />
No malicious shortcuts cleaned.<br />
<br />
***** [ Tasks ] *****<br />
<br />
No malicious tasks cleaned.<br />
<br />
***** [ Registry ] *****<br />
<br />
No malicious registry entries cleaned.<br />
<br />
***** [ Chromium (and derivatives) ] *****<br />
<br />
No malicious Chromium entries cleaned.<br />
<br />
***** [ Chromium URLs ] *****<br />
<br />
Deleted Ask Jeeves<br />
<br />
***** [ Firefox (and derivatives) ] *****<br />
<br />
No malicious Firefox entries cleaned.<br />
<br />
***** [ Firefox URLs ] *****<br />
<br />
No malicious Firefox URLs cleaned.<br />
<br />
<br />
*************************<br />
<br />
[+] Delete Tracing Keys<br />
[+] Reset Winsock<br />
<br />
*************************<br />
<br />
AdwCleaner[S00].txt - [1255 octets] - [04/12/2018 20:52:31]<br />
<br />
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########<br />
<br />
<br />
Logs from FRST64:<br />
<br />
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11.03.2018 01<br />
Ran by Moira (administrator) on MAR (04-12-2018 21<img src="https://www.techsupportforum.com/images/smilies/06.png" border="0" alt="" title="06" class="inlineimg" />44)<br />
Running from C:\Users\Moira\Desktop\FRST-OlderVersion<br />
Loaded Profiles: Moira (Available Profiles: Moira)<br />
Platform: Windows 8.1 (Update) (X64) Language: English (United States)<br />
Internet Explorer Version 11 (Default browser: IE)<br />
Boot Mode: Normal<br />
Tutorial for Farbar Recovery Scan Tool: <a rel="nofollow" href="https://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/" target="_blank">FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials</a><br />
<br />
==================== Processes (Whitelisted) =================<br />
<br />
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)<br />
<br />
(AMD) C:\windows\System32\atiesrxx.exe<br />
(AMD) C:\windows\System32\atieclxx.exe<br />
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe<br />
(Avira Operations GmbH &amp; Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe<br />
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe<br />
(Avira Operations GmbH &amp; Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe<br />
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe<br />
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe<br />
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe<br />
(Conexant Systems Inc.) C:\windows\System32\CxAudMsg64.exe<br />
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE<br />
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE<br />
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE<br />
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE<br />
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe<br />
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe<br />
(Nalpeiron Ltd.) C:\windows\SysWOW64\NLSSRV32.EXE<br />
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe<br />
(Conexant Systems, Inc.) C:\windows\SysWOW64\SASrv.exe<br />
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe<br />
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe<br />
(Avira Operations GmbH &amp; Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe<br />
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe<br />
(Avira Operations GmbH &amp; Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe<br />
(Microsoft Corporation) C:\windows\System32\dllhost.exe<br />
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe<br />
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe<br />
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe<br />
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe<br />
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe<br />
(Microsoft Corporation) C:\windows\System32\SkyDrive.exe<br />
(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe<br />
(Realtek semiconductor) C:\windows\RTFTrack.exe<br />
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe<br />
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe<br />
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe<br />
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe<br />
(Avira Operations GmbH &amp; Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe<br />
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe<br />
(Avira Operations GmbH &amp; Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe<br />
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe<br />
<br />
==================== Registry (Whitelisted) ===========================<br />
<br />
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)<br />
<br />
HKLM\...\Run: [ETDCtrl] =&gt; C:\Program Files\Elantech\ETDCtrl.exe [2894664 2013-08-08] (ELAN Microelectronics Corp.)<br />
HKLM\...\Run: [RtsFT] =&gt; C:\windows\RTFTrack.exe [6340312 2013-07-19] (Realtek semiconductor)<br />
HKLM\...\Run: [Energy Management] =&gt; C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17111056 2014-03-05] (Lenovo (Beijing) Limited)<br />
HKLM\...\Run: [EnergyUtility] =&gt; C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [193008 2014-03-05] (Lenovo(beijing) Limited)<br />
HKLM\...\Run: [iTunesHelper] =&gt; C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-04-08] (Apple Inc.)<br />
HKLM\...\Run: [AvastUI.exe] =&gt; C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-11-21] (AVAST Software)<br />
HKLM-x32\...\Run: [StartCCC] =&gt; C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-10-14] (Advanced Micro Devices, Inc.)<br />
HKLM-x32\...\Run: [UpdateP2GShortCut] =&gt; C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-07] (CyberLink Corp.)<br />
HKLM-x32\...\Run: [EEventManager] =&gt; C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)<br />
HKLM-x32\...\Run: [Avira SystrayStartTrigger] =&gt; C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [98024 2018-11-20] (Avira Operations GmbH &amp; Co. KG)<br />
HKLM\...\Policies\Explorer\Run: [BtvStack] =&gt; C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-09-25] (Qualcomm®Atheros®)<br />
HKU\S-1-5-21-1456974907-2201685202-3690727835-1002\...\Run: [Amazon Music] =&gt; C:\Users\Moira\AppData\Local\Amazon Music\Amazon Music Helper.exe [6277952 2014-11-19] ()<br />
HKU\S-1-5-21-1456974907-2201685202-3690727835-1002\...\Run: [iCloudServices] =&gt; C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2018-03-18] (Apple Inc.)<br />
HKU\S-1-5-21-1456974907-2201685202-3690727835-1002\...\Run: [AppleIEDAV] =&gt; C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [68408 2018-03-18] (Apple Inc.)<br />
HKU\S-1-5-21-1456974907-2201685202-3690727835-1002\...\Run: [iCloudDrive] =&gt; C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2018-03-18] (Apple Inc.)<br />
HKU\S-1-5-21-1456974907-2201685202-3690727835-1002\...\Run: [iCloudPhotos] =&gt; C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2018-03-18] (Apple Inc.)<br />
HKU\S-1-5-21-1456974907-2201685202-3690727835-1002\...\Run: [Spotify Web Helper] =&gt; C:\Users\Moira\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1431664 2016-11-19] (Spotify Ltd)<br />
HKU\S-1-5-21-1456974907-2201685202-3690727835-1002\...\Run: [Spotify] =&gt; C:\Users\Moira\AppData\Roaming\Spotify\Spotify.exe [6987376 2016-11-19] (Spotify Ltd)<br />
HKU\S-1-5-21-1456974907-2201685202-3690727835-1002\...\Run: [EPSON PX710W Series (Copy 1)] =&gt; C:\windows\system32\spool\DRIVERS\x64\3\E_IATIFSE.EXE [223232 2009-02-23] (SEIKO EPSON CORPORATION)<br />
HKU\S-1-5-21-1456974907-2201685202-3690727835-1002\...\Run: [HP ENVY 5640 series (NET)] =&gt; C:\Program Files\HP\HP ENVY 5640 series\Bin\ScanToPCActivationApp.exe [3769992 2017-05-23] (HP Inc.)<br />
HKU\S-1-5-21-1456974907-2201685202-3690727835-1002\...\Run: [CCleaner Smart Cleaning] =&gt; C:\Program Files\CCleaner\CCleaner64.exe [19467544 2018-11-06] (Piriform Ltd)<br />
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2015-11-03]<br />
ShortcutTarget: Adobe Gamma Loader.lnk -&gt; C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)<br />
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LUMIX Simple Viewer.lnk [2017-04-28]<br />
ShortcutTarget: LUMIX Simple Viewer.lnk -&gt; C:\Program Files (x86)\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe (Matsushita Electric Industrial Co., Ltd.)<br />
<br />
==================== Internet (Whitelisted) ====================<br />
<br />
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)<br />
<br />
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254<br />
Tcpip\..\Interfaces\{A9DE8BD5-9B88-4508-AE95-560D23A7CE19}: [DhcpNameServer] 192.168.1.254<br />
<br />
Internet Explorer:<br />
==================<br />
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about<b></b>:blank<br />
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about<b></b>:blank<br />
HKU\S-1-5-21-1456974907-2201685202-3690727835-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.co.uk/<br />
SearchScopes: HKLM -&gt; {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = <br />
SearchScopes: HKLM-x32 -&gt; {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = <br />
SearchScopes: HKU\S-1-5-21-1456974907-2201685202-3690727835-1002 -&gt; {436A5558-1E8E-4E2C-BA31-B4D8FE8646C9} URL = <br />
BHO: Groove GFS Browser Helper -&gt; {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -&gt; C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)<br />
BHO: Office Document Cache Handler -&gt; {B4F3A835-0E21-4959-BA22-42B3008E02FF} -&gt; C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)<br />
BHO-x32: Groove GFS Browser Helper -&gt; {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -&gt; C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)<br />
BHO-x32: Office Document Cache Handler -&gt; {B4F3A835-0E21-4959-BA22-42B3008E02FF} -&gt; C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)<br />
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab<br />
DPF: HKLM-x32 {F0DDF1F8-0CAD-4A90-9F15-41D22234A4EA} hxxps://lloydslink.online.lloydsbank.com/thinlink/cabfiles/tcalnk32.cab<br />
<br />
FireFox:<br />
========<br />
FF ProfilePath: C:\Users\Moira\AppData\Roaming\Mozilla\Firefox\Profiles\CHXLMILb.default [2017-09-28]<br />
FF Plugin: @<a rel="nofollow" href="https://www.techsupportforum.com/forums/members/microsoft-69390.html" target="_blank">microsoft</a>.com/NpCtrl,version=1.0 -&gt; c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)<br />
FF Plugin: @<a rel="nofollow" href="https://www.techsupportforum.com/forums/members/microsoft-69390.html" target="_blank">microsoft</a>.com/OfficeAuthz,version=14.0 -&gt; C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)<br />
FF Plugin-x32: @<a rel="nofollow" href="https://www.techsupportforum.com/forums/members/microsoft-69390.html" target="_blank">microsoft</a>.com/NpCtrl,version=1.0 -&gt; c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)<br />
FF Plugin-x32: @<a rel="nofollow" href="https://www.techsupportforum.com/forums/members/microsoft-69390.html" target="_blank">microsoft</a>.com/OfficeAuthz,version=14.0 -&gt; C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)<br />
FF Plugin-x32: @<a rel="nofollow" href="https://www.techsupportforum.com/forums/members/microsoft-69390.html" target="_blank">microsoft</a>.com/SharePoint,version=14.0 -&gt; C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)<br />
FF Plugin-x32: @<a rel="nofollow" href="https://www.techsupportforum.com/forums/members/nitro-2220.html" target="_blank">Nitro</a>pdf.com/NitroPDF -&gt; C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2013-08-18] (Nitro PDF)<br />
FF Plugin-x32: Adobe Reader -&gt; C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.)<br />
<br />
Chrome: <br />
=======<br />
CHR Profile: C:\Users\Moira\AppData\Local\Google\Chrome\User Data\Default [2018-03-22]<br />
CHR Extension: (Google Slides) - C:\Users\Moira\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-09-28]<br />
CHR Extension: (Docs) - C:\Users\Moira\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-09-28]<br />
CHR Extension: (Google Drive) - C:\Users\Moira\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-09-28]<br />
CHR Extension: (YouTube) - C:\Users\Moira\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-09-28]<br />
CHR Extension: (Google Docs Offline) - C:\Users\Moira\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-09-28]<br />
CHR Extension: (Chrome Web Store Payments) - C:\Users\Moira\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-28]<br />
CHR Extension: (Gmail) - C:\Users\Moira\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-09-28]<br />
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx<br />
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx<br />
<br />
==================== Services (Whitelisted) ====================<br />
<br />
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)<br />
<br />
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-10-14] (Advanced Micro Devices, Inc.) [File not signed]<br />
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [891472 2018-11-12] (Avira Operations GmbH &amp; Co. KG)<br />
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [248312 2018-11-12] (Avira Operations GmbH &amp; Co. KG)<br />
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [248312 2018-11-12] (Avira Operations GmbH &amp; Co. KG)<br />
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1162120 2018-11-12] (Avira Operations GmbH &amp; Co. KG)<br />
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-03-29] (Apple Inc.)<br />
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [8188768 2018-11-21] (AVAST Software)<br />
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-09-25] (Windows (R) Win 7 DDK provider) [File not signed]<br />
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [324000 2018-11-21] (AVAST Software)<br />
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [434248 2018-11-20] (Avira Operations GmbH &amp; Co. KG)<br />
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [92160 2013-07-29] (ELAN Microelectronics Corp.)<br />
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272864 2015-12-10] (Lenovo)<br />
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)<br />
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-08-18] (Nitro PDF Software)<br />
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()<br />
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2014-03-05] ()<br />
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)<br />
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)<br />
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-09-25] (Atheros) [File not signed]<br />
<br />
===================== Drivers (Whitelisted) ======================<br />
<br />
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)<br />
<br />
R2 APXACC; C:\windows\system32\DRIVERS\appexDrv.sys [219360 2013-04-18] (AppEx Networks Corporation)<br />
S3 aswArPot; C:\windows\System32\drivers\aswArPot.sys [201240 2018-11-21] (AVAST Software)<br />
S3 aswbidsdriver; C:\windows\System32\drivers\aswbidsdrivera.sys [230344 2018-11-21] (AVAST Software)<br />
S3 aswbidsh; C:\windows\System32\drivers\aswbidsha.sys [201768 2018-11-21] (AVAST Software)<br />
S3 aswblog; C:\windows\System32\drivers\aswbloga.sys [346592 2018-11-21] (AVAST Software)<br />
S3 aswbuniv; C:\windows\System32\drivers\aswbuniva.sys [59496 2018-11-21] (AVAST Software)<br />
R1 aswHdsKe; C:\windows\System32\drivers\aswHdsKe.sys [239840 2018-11-26] (AVAST Software)<br />
S3 aswHwid; C:\windows\System32\drivers\aswHwid.sys [46384 2018-11-21] (AVAST Software)<br />
R1 aswKbd; C:\windows\System32\drivers\aswKbd.sys [42288 2018-11-21] (AVAST Software)<br />
R2 aswMonFlt; C:\windows\System32\drivers\aswMonFlt.sys [163208 2018-11-21] (AVAST Software)<br />
S3 aswRdr; C:\windows\System32\drivers\aswRdr2.sys [111800 2018-11-21] (AVAST Software)<br />
R0 aswRvrt; C:\windows\System32\drivers\aswRvrt.sys [87432 2018-11-21] (AVAST Software)<br />
S3 aswSnx; C:\windows\System32\drivers\aswSnx.sys [1028680 2018-11-21] (AVAST Software)<br />
R1 aswSP; C:\windows\System32\drivers\aswSP.sys [469272 2018-11-21] (AVAST Software)<br />
S3 aswStm; C:\windows\System32\drivers\aswStm.sys [208472 2018-11-21] (AVAST Software)<br />
S3 aswVmm; C:\windows\System32\drivers\aswVmm.sys [380464 2018-11-21] (AVAST Software)<br />
R3 athr; C:\windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-16] (Qualcomm Atheros Communications, Inc.)<br />
R3 AtiHDAudioService; C:\windows\system32\drivers\AtihdWB6.sys [138240 2013-06-22] (Advanced Micro Devices)<br />
R0 avdevprot; C:\windows\System32\DRIVERS\avdevprot.sys [69656 2018-08-11] (Avira Operations GmbH &amp; Co. KG)<br />
R2 avgntflt; C:\windows\System32\DRIVERS\avgntflt.sys [179376 2018-07-10] (Avira Operations GmbH &amp; Co. KG)<br />
R1 avipbb; C:\windows\system32\DRIVERS\avipbb.sys [169864 2018-07-10] (Avira Operations GmbH &amp; Co. KG)<br />
R1 avkmgr; C:\windows\system32\DRIVERS\avkmgr.sys [44488 2017-09-14] (Avira Operations GmbH &amp; Co. KG)<br />
R2 avnetflt; C:\windows\system32\DRIVERS\avnetflt.sys [88488 2017-09-14] (Avira Operations GmbH &amp; Co. KG)<br />
R0 avusbflt; C:\windows\System32\Drivers\avusbflt.sys [38048 2017-09-14] (Avira Operations GmbH &amp; Co. KG)<br />
R3 BTATH_LWFLT; C:\windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-25] (Qualcomm Atheros)<br />
S0 HpSAMD; C:\windows\System32\drivers\HpSAMD.sys [64352 2013-08-22] () [File not signed]<br />
R3 MBAMSwissArmy; C:\windows\System32\Drivers\mbamswissarmy.sys [260480 2018-12-04] (Malwarebytes)<br />
S3 NETwNe64; C:\windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)<br />
R3 rtsuvc; C:\windows\system32\DRIVERS\rtsuvc.sys [8247640 2013-07-19] (Realtek Semiconductor Corp.)<br />
S3 WdBoot; C:\windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)<br />
S3 WdFilter; C:\windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)<br />
S3 WdNisDrv; C:\windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)<br />
S3 wsvd; C:\windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] (&quot;CyberLink)<br />
U3 aswbdisk; no ImagePath<br />
<br />
==================== NetSvcs (Whitelisted) ===================<br />
<br />
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)<br />
<br />
<br />
==================== One Month Created files and folders ========<br />
<br />
(If an entry is included in the fixlist, the file/folder will be moved.)<br />
<br />
2018-12-04 21:02 - 2018-12-04 21:03 - 002417152 _____ (Farbar) C:\Users\Moira\Desktop\FRST64.exe<br />
2018-12-04 21:00 - 2018-12-04 21:00 - 000001421 _____ C:\Users\Moira\Desktop\AdwCleaner[C00].txt<br />
2018-12-04 20:55 - 2018-12-04 20:55 - 000260480 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamswissarmy.sys<br />
2018-12-04 20:50 - 2018-12-04 20:50 - 007321808 _____ (Malwarebytes) C:\Users\Moira\Desktop\adwcleaner_7.2.5.0.exe<br />
2018-11-27 21:43 - 2018-11-27 21:43 - 000001143 _____ C:\Users\Public\Desktop\Avira.lnk<br />
2018-11-25 18:44 - 2018-11-25 18:44 - 000001894 _____ C:\Users\Public\Desktop\Malwarebytes.lnk<br />
2018-11-25 18:44 - 2018-11-25 18:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes<br />
2018-11-25 18:44 - 2018-10-18 08:44 - 000152688 _____ (Malwarebytes) C:\windows\system32\Drivers\mbae64.sys<br />
2018-11-21 20:01 - 2018-11-21 20:00 - 000378584 _____ (AVAST Software) C:\windows\system32\aswBoot.exe<br />
2018-11-15 18:42 - 2018-11-15 18:42 - 000387131 _____ C:\Users\Moira\Desktop\Mam and Annie from Wilma Tait on Facebook.htm<br />
2018-11-15 18:17 - 2018-11-15 18:17 - 000026112 _____ C:\Users\Moira\Desktop\FW Young Leader Training Mission 1.msg<br />
2018-11-14 19:18 - 2018-10-18 02:48 - 025737728 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll<br />
2018-11-14 19:18 - 2018-10-18 02:17 - 020281344 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll<br />
2018-11-14 19:17 - 2018-10-25 00:54 - 000151552 _____ (Microsoft Corporation) C:\windows\system32\wshom.ocx<br />
2018-11-14 19:17 - 2018-10-25 00:51 - 000121344 _____ (Microsoft Corporation) C:\windows\SysWOW64\wshom.ocx<br />
2018-11-14 19:17 - 2018-10-25 00:46 - 000205824 _____ (Microsoft Corporation) C:\windows\system32\scrrun.dll<br />
2018-11-14 19:17 - 2018-10-25 00:45 - 000168448 _____ (Microsoft Corporation) C:\windows\SysWOW64\scrrun.dll<br />
2018-11-14 19:17 - 2018-10-16 03:46 - 007371720 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe<br />
2018-11-14 19:17 - 2018-10-16 03:39 - 002171800 _____ (Microsoft Corporation) C:\windows\system32\combase.dll<br />
2018-11-14 19:17 - 2018-10-16 03:39 - 001662504 _____ (Microsoft Corporation) C:\windows\system32\ole32.dll<br />
2018-11-14 19:17 - 2018-10-16 03:39 - 001063368 _____ (Microsoft Corporation) C:\windows\system32\WinTypes.dll<br />
2018-11-14 19:17 - 2018-10-16 03:18 - 001137472 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll<br />
2018-11-14 19:17 - 2018-10-16 03:02 - 001563584 _____ (Microsoft Corporation) C:\windows\SysWOW64\combase.dll<br />
2018-11-14 19:17 - 2018-10-16 03:02 - 001214920 _____ (Microsoft Corporation) C:\windows\SysWOW64\ole32.dll<br />
2018-11-14 19:17 - 2018-10-12 20:35 - 000862208 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll<br />
2018-11-14 19:17 - 2018-10-12 20:26 - 000498176 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll<br />
2018-11-14 19:17 - 2018-10-12 20:25 - 000189440 _____ (Microsoft Corporation) C:\windows\SysWOW64\scrobj.dll<br />
2018-11-14 19:17 - 2018-10-12 20:22 - 002295808 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll<br />
2018-11-14 19:17 - 2018-10-12 20:17 - 000662016 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll<br />
2018-11-14 19:17 - 2018-10-12 20:16 - 000148992 _____ (Microsoft Corporation) C:\windows\SysWOW64\wscript.exe<br />
2018-11-14 19:17 - 2018-10-12 20:16 - 000131584 _____ (Microsoft Corporation) C:\windows\SysWOW64\cscript.exe<br />
2018-11-14 19:17 - 2018-10-12 20:03 - 004494848 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll<br />
2018-11-14 19:17 - 2018-10-12 20:00 - 000880640 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll<br />
2018-11-14 19:17 - 2018-10-12 19:59 - 013680640 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll<br />
2018-11-14 19:17 - 2018-10-12 19:57 - 000230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll<br />
2018-11-14 19:17 - 2018-10-12 19:56 - 000696320 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll<br />
2018-11-14 19:17 - 2018-10-12 19:51 - 000267776 _____ (Microsoft Corporation) C:\windows\SysWOW64\wincorlib.dll<br />
2018-11-14 19:17 - 2018-10-12 19:47 - 001049600 _____ (Microsoft Corporation) C:\windows\SysWOW64\actxprxy.dll<br />
2018-11-14 19:17 - 2018-10-12 19:42 - 004386816 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll<br />
2018-11-14 19:17 - 2018-10-12 19:38 - 001330176 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll<br />
2018-11-14 19:17 - 2018-10-12 19:36 - 000710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll<br />
2018-11-14 19:17 - 2018-10-12 02:16 - 000028672 _____ (Microsoft Corporation) C:\windows\system32\dispex.dll<br />
2018-11-14 19:17 - 2018-10-12 02:12 - 002902016 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll<br />
2018-11-14 19:17 - 2018-10-12 02:10 - 000576512 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll<br />
2018-11-14 19:17 - 2018-10-12 02:10 - 000235520 _____ (Microsoft Corporation) C:\windows\system32\scrobj.dll<br />
2018-11-14 19:17 - 2018-10-12 02:01 - 000615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll<br />
2018-11-14 19:17 - 2018-10-12 01:59 - 005779456 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll<br />
2018-11-14 19:17 - 2018-10-12 01:59 - 000794624 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll<br />
2018-11-14 19:17 - 2018-10-12 01:58 - 000172032 _____ (Microsoft Corporation) C:\windows\system32\wscript.exe<br />
2018-11-14 19:17 - 2018-10-12 01:58 - 000158720 _____ (Microsoft Corporation) C:\windows\system32\cscript.exe<br />
2018-11-14 19:17 - 2018-10-12 01:35 - 001033216 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll<br />
2018-11-14 19:17 - 2018-10-12 01:30 - 000262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll<br />
2018-11-14 19:17 - 2018-10-12 01:27 - 000809472 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll<br />
2018-11-14 19:17 - 2018-10-12 01:27 - 000728064 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe<br />
2018-11-14 19:17 - 2018-10-12 01:25 - 015283712 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll<br />
2018-11-14 19:17 - 2018-10-12 01:19 - 004859904 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll<br />
2018-11-14 19:17 - 2018-10-12 01:17 - 000809984 _____ (Microsoft Corporation) C:\windows\system32\rpcss.dll<br />
2018-11-14 19:17 - 2018-10-12 01:12 - 002882048 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll<br />
2018-11-14 19:17 - 2018-10-12 01:06 - 001555968 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll<br />
2018-11-14 19:17 - 2018-10-12 00:55 - 000800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll<br />
2018-11-14 19:17 - 2018-10-06 18:14 - 001547192 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys<br />
2018-11-14 19:17 - 2018-10-06 18:14 - 000388536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgmms1.sys<br />
2018-11-14 19:17 - 2018-10-06 18:04 - 001308976 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll<br />
2018-11-14 19:17 - 2018-10-06 18:03 - 000356288 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msrpc.sys<br />
2018-11-14 19:17 - 2018-10-06 16:48 - 004168192 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys<br />
2018-11-14 19:17 - 2018-10-06 15:41 - 002465792 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll<br />
2018-11-14 19:17 - 2018-10-06 15:34 - 002175488 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll<br />
2018-11-14 19:17 - 2018-10-06 15:32 - 000747520 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll<br />
2018-11-14 19:17 - 2018-09-28 13:38 - 000031232 _____ (Microsoft Corporation) C:\windows\system32\msisip.dll<br />
2018-11-14 19:17 - 2018-09-28 13:34 - 000025088 _____ (Microsoft Corporation) C:\windows\SysWOW64\msisip.dll<br />
2018-11-14 19:17 - 2018-09-23 16:47 - 000337408 _____ (Microsoft Corporation) C:\windows\system32\SearchProtocolHost.exe<br />
2018-11-14 19:17 - 2018-09-23 16:45 - 000468992 _____ (Microsoft Corporation) C:\windows\system32\mssph.dll<br />
2018-11-14 19:17 - 2018-09-23 16:45 - 000248832 _____ (Microsoft Corporation) C:\windows\system32\mssphtb.dll<br />
2018-11-14 19:17 - 2018-09-23 16:37 - 000774144 _____ (Microsoft Corporation) C:\windows\system32\mssvp.dll<br />
2018-11-14 19:17 - 2018-09-23 16:24 - 003631616 _____ (Microsoft Corporation) C:\windows\system32\tquery.dll<br />
2018-11-14 19:17 - 2018-09-23 16:23 - 000391680 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssph.dll<br />
2018-11-14 19:17 - 2018-09-23 16:23 - 000272896 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchProtocolHost.exe<br />
2018-11-14 19:17 - 2018-09-23 16:20 - 002750464 _____ (Microsoft Corporation) C:\windows\SysWOW64\tquery.dll<br />
2018-11-14 19:17 - 2018-09-23 16:17 - 000699392 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssvp.dll<br />
2018-11-14 19:17 - 2018-09-23 16:00 - 000200192 _____ (Microsoft Corporation) C:\windows\system32\SearchFilterHost.exe<br />
2018-11-14 19:17 - 2018-09-23 16:00 - 000133120 _____ (Microsoft Corporation) C:\windows\system32\mssprxy.dll<br />
2018-11-14 19:17 - 2018-09-23 15:58 - 000904192 _____ (Microsoft Corporation) C:\windows\system32\SearchIndexer.exe<br />
2018-11-14 19:17 - 2018-09-23 15:56 - 002551808 _____ (Microsoft Corporation) C:\windows\system32\mssrch.dll<br />
2018-11-14 19:17 - 2018-09-23 15:53 - 000168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchFilterHost.exe<br />
2018-11-14 19:17 - 2018-09-23 15:51 - 001920000 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssrch.dll<br />
2018-11-14 19:17 - 2018-09-23 15:50 - 000709632 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchIndexer.exe<br />
2018-11-14 19:17 - 2018-09-12 18:30 - 000137008 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe<br />
2018-11-14 19:17 - 2018-09-11 15:30 - 003718144 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll<br />
2018-11-14 19:17 - 2018-08-26 03:38 - 001200640 _____ (Microsoft Corporation) C:\windows\system32\Windows.Globalization.dll<br />
2018-11-14 19:17 - 2018-08-26 03:38 - 000323072 _____ (Microsoft Corporation) C:\windows\system32\GlobCollationHost.dll<br />
2018-11-14 19:17 - 2018-08-26 03:21 - 000868864 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Globalization.dll<br />
2018-11-14 19:17 - 2018-08-26 03:21 - 000200704 _____ (Microsoft Corporation) C:\windows\SysWOW64\GlobCollationHost.dll<br />
2018-11-14 19:17 - 2018-08-26 01:45 - 000513448 _____ C:\windows\SysWOW64\locale.nls<br />
2018-11-14 19:17 - 2018-08-26 01:45 - 000513448 _____ C:\windows\system32\locale.nls<br />
2018-11-14 19:17 - 2018-08-21 13:39 - 000435200 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll<br />
2018-11-14 19:17 - 2018-08-21 13:35 - 000358912 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll<br />
2018-11-14 19:17 - 2018-08-19 16:22 - 000445440 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll<br />
2018-11-14 19:17 - 2018-08-19 15:52 - 001436672 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll<br />
2018-11-14 19:17 - 2018-08-19 15:43 - 000324096 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll<br />
<br />
==================== One Month Modified files and folders ========<br />
<br />
(If an entry is included in the fixlist, the file/folder will be moved.)<br />
<br />
2018-12-04 21:06 - 2018-03-14 16:45 - 000000000 ____D C:\Users\Moira\Desktop\FRST-OlderVersion<br />
2018-12-04 21:06 - 2017-05-09 11:27 - 000000000 ____D C:\FRST<br />
2018-12-04 21:02 - 2014-06-28 16:50 - 000003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1456974907-2201685202-3690727835-1002<br />
2018-12-04 21:00 - 2014-06-28 16:49 - 000000000 ___DO C:\Users\Moira\SkyDrive<br />
2018-12-04 20:55 - 2013-08-22 14:45 - 000000006 ____H C:\windows\Tasks\SA.DAT<br />
2018-12-04 20:54 - 2013-08-22 13:25 - 000262144 ___SH C:\windows\system32\config\BBI<br />
2018-12-04 20:53 - 2014-03-05 17:32 - 000039424 _____ C:\windows\system32\VfService.trf<br />
2018-12-04 20:52 - 2018-03-22 23:07 - 000000000 ____D C:\AdwCleaner<br />
2018-12-04 20:47 - 2014-06-28 17:18 - 000003762 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{E25012D7-3390-47E0-B0A1-D80A2DD8C2A5}<br />
2018-12-04 20:38 - 2014-06-29 19:46 - 000000000 ____D C:\Users\Moira\Documents\Outlook Files<br />
2018-12-04 20:30 - 2016-03-21 17:48 - 000000000 ____D C:\Users\Moira\AppData\Local\92202143-C807-4E07-B38A-BC6C26A6A17B.aplzod<br />
2018-12-03 22:08 - 2014-08-24 21:44 - 000000000 ____D C:\Users\Moira\AppData\Local\CrashDumps<br />
2018-12-03 18:13 - 2017-10-04 11:24 - 000003162 _____ C:\windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1456974907-2201685202-3690727835-1002<br />
2018-12-03 18:13 - 2017-10-03 21:10 - 000002347 _____ C:\Users\Moira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk<br />
2018-12-03 18:03 - 2015-11-13 18:03 - 000000260 _____ C:\windows\Tasks\Epson Printer Software Downloader.job<br />
2018-11-27 21:43 - 2017-09-28 20:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira<br />
2018-11-27 21:43 - 2014-03-05 16:38 - 000000000 ____D C:\ProgramData\Package Cache<br />
2018-11-26 18:46 - 2018-09-09 13:23 - 000239840 _____ (AVAST Software) C:\windows\system32\Drivers\aswHdsKe.sys<br />
2018-11-25 18:43 - 2017-05-19 11:16 - 000000000 ____D C:\ProgramData\Malwarebytes<br />
2018-11-25 18:43 - 2015-08-23 20:18 - 003386368 ___SH C:\Users\Moira\Desktop\Thumbs.db<br />
2018-11-25 18:43 - 2013-08-22 13:36 - 000000000 ____D C:\windows\Inf<br />
2018-11-25 16:59 - 2017-09-28 19:41 - 000000000 ____D C:\Program Files\CCleaner<br />
2018-11-22 21:54 - 2013-08-22 15:20 - 000000000 ____D C:\windows\CbsTemp<br />
2018-11-21 20:02 - 2018-09-09 13:24 - 000004168 _____ C:\windows\System32\Tasks\Avast Emergency Update<br />
2018-11-21 20:00 - 2018-09-09 13:23 - 000469272 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys<br />
2018-11-21 20:00 - 2018-09-09 13:23 - 000380464 _____ (AVAST Software) C:\windows\system32\Drivers\aswVmm.sys<br />
2018-11-21 20:00 - 2018-09-09 13:23 - 000208472 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys<br />
2018-11-21 20:00 - 2018-09-09 13:23 - 000201240 _____ (AVAST Software) C:\windows\system32\Drivers\aswArPot.sys<br />
2018-11-21 20:00 - 2018-09-09 13:23 - 000163208 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys<br />
2018-11-21 20:00 - 2018-09-09 13:23 - 000111800 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys<br />
2018-11-21 20:00 - 2018-09-09 13:23 - 000087432 _____ (AVAST Software) C:\windows\system32\Drivers\aswRvrt.sys<br />
2018-11-21 20:00 - 2018-09-09 13:23 - 000046384 _____ (AVAST Software) C:\windows\system32\Drivers\aswHwid.sys<br />
2018-11-21 19:59 - 2018-10-29 20:42 - 000042288 _____ (AVAST Software) C:\windows\system32\Drivers\aswKbd.sys<br />
2018-11-21 19:59 - 2018-09-09 13:23 - 001028680 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys<br />
2018-11-21 19:58 - 2018-09-09 13:23 - 000346592 _____ (AVAST Software) C:\windows\system32\Drivers\aswbloga.sys<br />
2018-11-21 19:58 - 2018-09-09 13:23 - 000230344 _____ (AVAST Software) C:\windows\system32\Drivers\aswbidsdrivera.sys<br />
2018-11-21 19:58 - 2018-09-09 13:23 - 000201768 _____ (AVAST Software) C:\windows\system32\Drivers\aswbidsha.sys<br />
2018-11-21 19:58 - 2018-09-09 13:23 - 000059496 _____ (AVAST Software) C:\windows\system32\Drivers\aswbuniva.sys<br />
2018-11-20 15:17 - 2013-08-22 14:44 - 000507968 _____ C:\windows\system32\FNTCACHE.DAT<br />
2018-11-16 21:29 - 2018-10-12 19:32 - 000834960 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe<br />
2018-11-16 21:29 - 2018-10-12 19:32 - 000179600 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl<br />
2018-11-16 19:12 - 2014-06-29 22:08 - 000000000 ____D C:\windows\system32\MRT<br />
2018-11-16 18:50 - 2014-06-29 22:08 - 137810048 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe<br />
2018-11-13 17:39 - 2015-05-02 19:56 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk<br />
<br />
==================== Bamital &amp; volsnap ======================<br />
<br />
(There is no automatic fix for files that do not pass verification.)<br />
<br />
C:\windows\system32\winlogon.exe =&gt; File is digitally signed<br />
C:\windows\system32\wininit.exe =&gt; File is digitally signed<br />
C:\windows\explorer.exe =&gt; File is digitally signed<br />
C:\windows\SysWOW64\explorer.exe =&gt; File is digitally signed<br />
C:\windows\system32\svchost.exe =&gt; File is digitally signed<br />
C:\windows\SysWOW64\svchost.exe =&gt; File is digitally signed<br />
C:\windows\system32\services.exe =&gt; File is digitally signed<br />
C:\windows\system32\User32.dll =&gt; File is digitally signed<br />
C:\windows\SysWOW64\User32.dll =&gt; File is digitally signed<br />
C:\windows\system32\userinit.exe =&gt; File is digitally signed<br />
C:\windows\SysWOW64\userinit.exe =&gt; File is digitally signed<br />
C:\windows\system32\rpcss.dll =&gt; File is digitally signed<br />
C:\windows\system32\dnsapi.dll =&gt; File is digitally signed<br />
C:\windows\SysWOW64\dnsapi.dll =&gt; File is digitally signed<br />
C:\windows\system32\Drivers\volsnap.sys =&gt; File is digitally signed<br />
<br />
LastRegBack: 2016-01-02 19:15<br />
<br />
==================== End of FRST.txt ============================<br />
<br />
And Addition:<br />
dditional scan result of Farbar Recovery Scan Tool (x64) Version: 11.03.2018 01<br />
Ran by Moira (04-12-2018 21:09:08)<br />
Running from C:\Users\Moira\Desktop\FRST-OlderVersion<br />
Windows 8.1 (Update) (X64) (2014-06-28 16:43:19)<br />
Boot Mode: Normal<br />
==========================================================<br />
<br />
<br />
==================== Accounts: =============================<br />
<br />
Administrator (S-1-5-21-1456974907-2201685202-3690727835-500 - Administrator - Disabled)<br />
Guest (S-1-5-21-1456974907-2201685202-3690727835-501 - Limited - Disabled)<br />
HomeGroupUser$ (S-1-5-21-1456974907-2201685202-3690727835-1004 - Limited - Enabled)<br />
Moira (S-1-5-21-1456974907-2201685202-3690727835-1002 - Administrator - Enabled) =&gt; C:\Users\Moira<br />
<br />
==================== Security Center ========================<br />
<br />
(If an entry is included in the fixlist, it will be removed.)<br />
<br />
AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}<br />
AV: Avast Antivirus (Disabled - Out of date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}<br />
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}<br />
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}<br />
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}<br />
AS: Avast Antivirus (Disabled - Out of date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}<br />
<br />
==================== Installed Programs ======================<br />
<br />
(Only the adware programs with &quot;Hidden&quot; flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)<br />
<br />
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.008.20081 - Adobe Systems Incorporated)<br />
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 31.0.0.96 - Adobe Systems Incorporated)<br />
Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)<br />
Amazon Music (HKU\S-1-5-21-1456974907-2201685202-3690727835-1002\...\Amazon Amazon Music) (Version: 3.7.0.693 - Amazon Services LLC)<br />
AMD Catalyst Install Manager (HKLM\...\{4FA5FECF-B537-2B14-1CA8-F6C9A5053281}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)<br />
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.4.4.2 - AppEx Networks)<br />
Apple Application Support (32-bit) (HKLM-x32\...\{543F829B-4591-4B2F-AF63-6E6E6AE59EB2}) (Version: 6.4 - Apple Inc.)<br />
Apple Application Support (64-bit) (HKLM\...\{0ECA3BB5-4410-414B-B226-241FF1C12CD0}) (Version: 6.4 - Apple Inc.)<br />
Apple Mobile Device Support (HKLM\...\{9E005AAA-81A3-478E-8944-532D350952EE}) (Version: 11.3.1.6 - Apple Inc.)<br />
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)<br />
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.8.2356 - AVAST Software)<br />
Avira (HKLM-x32\...\{76fe45e1-e9bc-4194-b7da-2e48aa3d685a}) (Version: 1.2.124.25995 - Avira Operations GmbH &amp; Co. KG)<br />
Avira (HKLM-x32\...\{CD8E6EDB-A5F2-48C0-A5C0-AFAB152F59D6}) (Version: 1.2.124.25995 - Avira Operations GmbH &amp; Co. KG) Hidden<br />
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.43.24 - Avira Operations GmbH &amp; Co. KG)<br />
bNet - Banff and Buchan College Extranet (HKU\S-1-5-21-1456974907-2201685202-3690727835-1002\...\d1a34ed3906cf569) (Version: 1.0.0.458 - Banff and Buchan College)<br />
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)<br />
CCleaner (HKLM\...\CCleaner) (Version: 5.46 - Piriform)<br />
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.21.50 - Conexant)<br />
CutePDF Writer 3.2 (HKLM\...\CutePDF Writer Installation) (Version: 3.2 - Acro Software Inc.)<br />
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)<br />
CyberLink PowerDirector 10 (HKLM\...\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.) Hidden<br />
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)<br />
Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)<br />
DolbyGUI (HKLM\...\DolbyGUI) (Version: - Conexant Systems)<br />
Energy Management (HKLM-x32\...\{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.14 - Lenovo) Hidden<br />
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.14 - Lenovo)<br />
Epson Easy Photo Print 2 (HKLM-x32\...\{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}) (Version: 2.1.0.0 - SEIKO EPSON CORPORATION)<br />
Epson Event Manager (HKLM-x32\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 2.30.01 - SEIKO EPSON Corporation)<br />
Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.00.00 - SEIKO EPSON CORPORATION)<br />
Epson Printer Software Downloader (HKLM-x32\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF4434001}) (Version: 2.0.0 - SEIKO EPSON CORPORATION) Hidden<br />
Epson Printer Software Downloader (HKLM-x32\...\Epson Printer Software Downloader) (Version: - )<br />
EPSON PX710W Series Printer Uninstall (HKLM\...\EPSON PX710W Series) (Version: - SEIKO EPSON Corporation)<br />
EPSON PX730 Series Printer Uninstall (HKLM\...\EPSON PX730 Series) (Version: - SEIKO EPSON Corporation)<br />
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )<br />
Epson Stylus Photo PX710W_PX810FW_TX710W_TX810FW Manual (HKLM-x32\...\Epson Stylus Photo PX710W_PX810FW_TX710W_TX810FW User’s Guide) (Version: - )<br />
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4i - SEIKO EPSON CORPORATION)<br />
EpsonNet Setup (HKLM-x32\...\{FFFAE01B-466F-4C07-9821-A94FD753BDDA}) (Version: 3.1b - SEIKO EPSON CORPORATION)<br />
Excel Password Recovery Master 4.1 (HKLM-x32\...\Excel Password Recovery Master_is1) (Version: - )<br />
HP Dropbox Plugin (HKLM-x32\...\{D12BC084-97D6-438A-AA7C-5962608D17A0}) (Version: 36.0.41.58587 - HP)<br />
HP ENVY 5640 series Basic Device Software (HKLM\...\{098DF09B-2BB6-4F24-A778-A57DB1466BD1}) (Version: 40.11.1135.17143 - HP Inc.)<br />
HP ENVY 5640 series Help (HKLM-x32\...\{B04B1DB6-0AA9-4790-95CE-5A45C8F647FD}) (Version: 34.0.0 - Hewlett Packard)<br />
HP Google Drive Plugin (HKLM-x32\...\{BFA42100-DB54-467A-BB87-CF70732B4065}) (Version: 36.0.41.58587 - HP)<br />
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)<br />
iCloud (HKLM\...\{5BD11939-D2C2-4F1B-AAAF-5ECE19A801F7}) (Version: 7.4.0.111 - Apple Inc.)<br />
iTunes (HKLM\...\{20308529-E7D5-4F32-BE0F-1D63B4EB6B87}) (Version: 12.7.4.80 - Apple Inc.)<br />
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10240 - Realtek Semiconductor Corp.)<br />
Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.) Hidden<br />
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)<br />
Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.25.1 - ELAN Microelectronic Corp.)<br />
Lenovo PowerDVD10 (HKLM-x32\...\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.) Hidden<br />
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.)<br />
Lenovo Solution Center (HKLM\...\{4386A5EF-BD23-49F4-9DAD-CD76B4F6A8BF}) (Version: 2.8.006.00 - Lenovo Group Limited)<br />
Lenovo VeriFace (HKLM\...\Lenovo VeriFace) (Version: 5.0.13.5261 - Lenovo)<br />
LUMIX Simple Viewer (HKLM-x32\...\{2CDCCE7E-55D5-40CC-AEA0-ABA54713501F}) (Version: 0.99.0000 - Panasonic)<br />
Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)<br />
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.1.2.4000 - Maxthon International Limited)<br />
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)<br />
Microsoft OneDrive (HKU\S-1-5-21-1456974907-2201685202-3690727835-1002\...\OneDriveSetup.exe) (Version: 18.212.1021.0008 - Microsoft Corporation)<br />
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)<br />
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)<br />
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)<br />
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)<br />
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)<br />
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)<br />
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)<br />
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)<br />
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)<br />
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)<br />
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)<br />
Nitro Pro 8 (HKLM\...\{392C767D-4EE2-49B5-A3B4-A4C3AB6DC145}) (Version: 8.5.7.1 - Nitro)<br />
OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)<br />
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.10525 - CyberLink Corp.)<br />
Product Improvement Study for HP ENVY 5640 series (HKLM\...\{C6936AA8-42A6-4D09-8B6C-1C473AD1AA36}) (Version: 40.11.1135.17143 - HP Inc.)<br />
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.306 - Qualcomm Atheros Communications)<br />
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)<br />
Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)<br />
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)<br />
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39048 - Realtek Semiconductor Corp.)<br />
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)<br />
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)<br />
Spotify (HKU\S-1-5-21-1456974907-2201685202-3690727835-1002\...\Spotify) (Version: 1.0.42.151.g19de0aa6 - Spotify AB)<br />
UserGuide (HKLM-x32\...\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.17 - Lenovo) Hidden<br />
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.17 - Lenovo)<br />
Windows Driver Package - Lenovo (ACPIVPC) System (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)<br />
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)<br />
<br />
==================== Custom CLSID (Whitelisted): ==========================<br />
<br />
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)<br />
<br />
ShellIconOverlayIdentifiers: [00asw] -&gt; {472083B0-C522-11CF-8763-00608CC02F24} =&gt; C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-21] (AVAST Software)<br />
ContextMenuHandlers1: [Atheros] -&gt; {B8952421-0E55-400B-94A6-FA858FC0A39F} =&gt; C:\Program Files (x86)\Bluetooth Suite\BtvAppExt.dll [2013-09-25] (Qualcomm®Atheros®)<br />
ContextMenuHandlers1: [avast] -&gt; {472083B0-C522-11CF-8763-00608CC02F24} =&gt; C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-21] (AVAST Software)<br />
ContextMenuHandlers1: [DefragglerShellExtension] -&gt; {4380C993-0C43-4E02-9A7A-0D40B6EA7590} =&gt; C:\Program Files\Defraggler\DefragglerShell64.dll [2016-03-08] (Piriform Ltd)<br />
ContextMenuHandlers1: [NP8ShellExtension] -&gt; {9C4B85B8-956C-49BF-9BA5-101384E562B2} =&gt; C:\Program Files\Common Files\Nitro\Pro\8.0\NPShellExtension64.dll [2013-08-18] (Nitro PDF)<br />
ContextMenuHandlers1: [PhotoStreamsExt] -&gt; {89D984B3-813B-406A-8298-118AFA3A22AE} =&gt; C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2018-03-18] (Apple Inc.)<br />
ContextMenuHandlers1: [Shell Extension for Malware scanning] -&gt; {45AC2688-0253-4ED8-97DE-B5370FA7D48A} =&gt; C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2018-10-28] (Avira Operations GmbH &amp; Co. KG)<br />
ContextMenuHandlers3: [00asw] -&gt; {472083B0-C522-11CF-8763-00608CC02F24} =&gt; C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-21] (AVAST Software)<br />
ContextMenuHandlers3: [FTShellContext] -&gt; {AFF81F7B-6942-40c4-AADA-7214EF7B6DD1} =&gt; C:\Program Files (x86)\Bluetooth Suite\ShellContextExt.dll [2013-09-25] (Qualcomm®Atheros®)<br />
ContextMenuHandlers3: [MBAMShlExt] -&gt; {57CE581A-0CB6-4266-9CA0-19364C90A0B3} =&gt; C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)<br />
ContextMenuHandlers5: [ACE] -&gt; {5E2121EE-0300-11D4-8D3B-444553540000} =&gt; C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2013-10-14] (Advanced Micro Devices, Inc.)<br />
ContextMenuHandlers6: [avast] -&gt; {472083B0-C522-11CF-8763-00608CC02F24} =&gt; C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-21] (AVAST Software)<br />
ContextMenuHandlers6: [DefragglerShellExtension] -&gt; {4380C993-0C43-4E02-9A7A-0D40B6EA7590} =&gt; C:\Program Files\Defraggler\DefragglerShell64.dll [2016-03-08] (Piriform Ltd)<br />
ContextMenuHandlers6: [MBAMShlExt] -&gt; {57CE581A-0CB6-4266-9CA0-19364C90A0B3} =&gt; C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)<br />
ContextMenuHandlers6: [Shell Extension for Malware scanning] -&gt; {45AC2688-0253-4ED8-97DE-B5370FA7D48A} =&gt; C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2018-10-28] (Avira Operations GmbH &amp; Co. KG)<br />
<br />
==================== Scheduled Tasks (Whitelisted) =============<br />
<br />
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)<br />
<br />
Task: {04DC1984-84CC-42E1-8119-86D01CC400FA} - System32\Tasks\Avast Software\Overseer =&gt; C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2018-11-10] (AVAST Software)<br />
Task: {25E0D406-13E4-4511-8D30-4F1B7C7F70AD} - System32\Tasks\Adobe Acrobat Update Task =&gt; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-13] (Adobe Systems Incorporated)<br />
Task: {2897DC6D-7984-43A3-890B-12B6A001C687} - System32\Tasks\PDVDServ Task =&gt; C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE [2013-03-08] (CyberLink Corp.)<br />
Task: {32A7CA83-9E78-4AAA-BCD4-AA994DA34322} - System32\Tasks\HPCustParticipation HP ENVY 5640 series =&gt; C:\Program Files\HP\HP ENVY 5640 series\Bin\HPCustPartic.exe [2017-05-23] (HP Inc.)<br />
Task: {6B191D77-C7DC-433B-AFAC-D4AA887EDB44} - System32\Tasks\Apple\AppleSoftwareUpdate =&gt; C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)<br />
Task: {722F3F33-EA9C-416B-B13C-28D36698E392} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 =&gt; C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2015-12-10] (Lenovo)<br />
Task: {78B850AD-18AC-458D-B8EA-BA3C31463242} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications =&gt; C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2015-12-10] (Lenovo)<br />
Task: {7DB51543-5CFD-48F1-8A8B-01D780A3C29D} - System32\Tasks\CCleaner Update =&gt; C:\Program Files\CCleaner\CCUpdate.exe [2018-08-24] (Piriform Ltd)<br />
Task: {9329110C-8C3B-4849-B2C9-35DF35D909FD} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory =&gt; C:\windows\system32\rundll32.exe C:\windows\system32\pla.dll,PlaHost &quot;LSC Memory&quot; &quot;$(Arg0)&quot;<br />
Task: {A6EFE9C2-6CDC-4732-9660-A47B89504875} - System32\Tasks\Avira_Antivirus_Systray =&gt; C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2018-11-12] (Avira Operations GmbH &amp; Co. KG)<br />
Task: {B82DAB28-E023-432F-907A-0C2F26D4936D} - System32\Tasks\Lenovo\LSC\LSCHardwareScan =&gt; C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-12-10] (Lenovo)<br />
Task: {BDE7BF74-2BBB-4D33-90D0-C046FC5BC787} - System32\Tasks\CCleanerSkipUAC =&gt; C:\Program Files\CCleaner\CCleaner.exe [2018-11-06] (Piriform Ltd)<br />
Task: {C74A2790-EFF7-47C3-B275-52F8B6EF126E} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program =&gt; C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe<br />
Task: {DB9C8BBD-CD10-4715-8BEE-BDA4D13FE972} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher =&gt; C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2015-12-10] (Lenovo)<br />
Task: {E34146E1-F57C-49F2-BD53-C23CFEB334D0} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB =&gt; C:\windows\system32\MRT.exe [2018-11-16] (Microsoft Corporation)<br />
Task: {E84DBC2A-5CD0-45B8-8DE0-45CDE329A240} - System32\Tasks\Epson Printer Software Downloader =&gt; C:\Program Files (x86)\EPSON\EPAPDL\E_SAPDL2.EXE [2009-05-26] (SEIKO EPSON CORPORATION)<br />
Task: {F348FAAF-CD8B-457E-926D-BAAFB1AC9B70} - System32\Tasks\Avast Emergency Update =&gt; C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-11-21] (AVAST Software)<br />
Task: {FB56A106-3042-4A41-B126-AD56EC20AD46} - System32\Tasks\Maxthon Update =&gt; C:\Program Files (x86)\Maxthon\Bin\mxup.exe [2015-05-08] (Maxthon International ltd.)<br />
Task: {FBA26617-EF82-4EF8-9B7A-27F965CF7D80} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone =&gt; C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-12-10] (Lenovo)<br />
<br />
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)<br />
<br />
Task: C:\windows\Tasks\Epson Printer Software Downloader.job =&gt; C:\Program Files (x86)\EPSON\EPAPDL\E_SAPDL2.EXE<br />
<br />
==================== Shortcuts &amp; WMI ========================<br />
<br />
(The entries could be listed to be restored or removed.)<br />
<br />
<br />
==================== Loaded Modules (Whitelisted) ==============<br />
<br />
2017-07-15 15:28 - 2017-05-26 05:47 - 000090096 _____ () C:\windows\System32\cpwmon64_v32.dll<br />
2013-10-14 13:52 - 2013-10-14 13:52 - 000127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll<br />
2017-12-08 01:48 - 2017-12-08 01:48 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll<br />
2018-03-16 14:19 - 2018-03-16 14:19 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll<br />
2014-03-05 17:19 - 2012-04-24 10:43 - 000390632 ____N () C:\Program Files\CyberLink\Shared files\RichVideo64.exe<br />
2014-03-05 17:32 - 2014-03-05 17:32 - 000068368 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe<br />
2014-03-05 17:32 - 2014-03-05 17:32 - 000669288 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfDataStorageInterface.dll<br />
2018-11-25 18:44 - 2018-10-18 08:44 - 002695360 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll<br />
2018-10-17 19:53 - 2018-10-17 19:53 - 004310312 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF<br />
2010-10-20 14:23 - 2010-10-20 14:23 - 008801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll<br />
2013-09-25 11:04 - 2013-09-25 11:04 - 000011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll<br />
2013-09-25 11:01 - 2013-09-25 11:01 - 000086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll<br />
2013-09-25 11:08 - 2013-09-25 11:08 - 000012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe<br />
2018-11-21 19:59 - 2018-11-21 19:59 - 000919256 _____ () C:\Program Files\AVAST Software\Avast\anen.dll<br />
2018-11-21 19:59 - 2018-11-21 19:59 - 000596696 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll<br />
2018-12-04 20:29 - 2018-12-04 20:29 - 005787280 _____ () C:\Program Files\AVAST Software\Avast\defs\18120404\algo.dll<br />
2018-11-21 19:59 - 2018-11-21 19:59 - 000496344 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll<br />
2018-11-21 19:58 - 2018-11-21 19:58 - 000150744 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll<br />
2018-11-21 19:59 - 2018-11-21 19:59 - 001112280 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll<br />
2018-08-11 21:16 - 2018-11-12 17:27 - 001205792 _____ () C:\Program Files (x86)\Avira\Antivirus\crypto-42.dll<br />
2018-08-11 21:16 - 2018-11-12 17:27 - 000244672 _____ () C:\Program Files (x86)\Avira\Antivirus\ssl-44.dll<br />
2018-09-09 13:26 - 2018-09-09 13:26 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll<br />
2018-03-16 14:20 - 2018-03-16 14:20 - 001042232 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll<br />
2017-12-08 01:49 - 2017-12-08 01:49 - 000076088 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll<br />
<br />
==================== Alternate Data Streams (Whitelisted) =========<br />
<br />
(If an entry is included in the fixlist, only the ADS will be removed.)<br />
<br />
<br />
==================== Safe Mode (Whitelisted) ===================<br />
<br />
(If an entry is included in the fixlist, it will be removed from the registry. The &quot;AlternateShell&quot; will be restored.)<br />
<br />
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService =&gt; &quot;&quot;=&quot;Service&quot;<br />
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService =&gt; &quot;&quot;=&quot;Service&quot;<br />
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe =&gt; &quot;&quot;=&quot;&quot;<br />
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn =&gt; &quot;&quot;=&quot;&quot;<br />
<br />
==================== Association (Whitelisted) ===============<br />
<br />
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)<br />
<br />
<br />
==================== Internet Explorer trusted/restricted ===============<br />
<br />
(If an entry is included in the fixlist, it will be removed from the registry.)<br />
<br />
IE trusted site: HKU\S-1-5-21-1456974907-2201685202-3690727835-1002\...\sharepoint.com -&gt; hxxps://nescol.sharepoint.com<br />
<br />
==================== Hosts content: ===============================<br />
<br />
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)<br />
<br />
2013-08-22 13:25 - 2013-08-22 13:25 - 000000824 _____ C:\windows\system32\Drivers\etc\hosts<br />
<br />
<br />
==================== Other Areas ============================<br />
<br />
(Currently there is no automatic fix for this section.)<br />
<br />
HKU\S-1-5-21-1456974907-2201685202-3690727835-1002\Control Panel\Desktop\\Wallpaper -&gt; C:\Users\Moira\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img0.jpg<br />
DNS Servers: 192.168.1.254<br />
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System =&gt; (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)<br />
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer =&gt; (SmartScreenEnabled: RequireAdmin)<br />
Windows Firewall is enabled.<br />
<br />
==================== MSCONFIG/TASK MANAGER disabled items ==<br />
<br />
HKLM\...\StartupApproved\StartupFolder: =&gt; &quot;Adobe Gamma Loader.lnk&quot;<br />
HKLM\...\StartupApproved\StartupFolder: =&gt; &quot;LUMIX Simple Viewer.lnk&quot;<br />
HKLM\...\StartupApproved\Run: =&gt; &quot;EnergyUtility&quot;<br />
HKLM\...\StartupApproved\Run: =&gt; &quot;Energy Management&quot;<br />
HKLM\...\StartupApproved\Run: =&gt; &quot;iTunesHelper&quot;<br />
HKLM\...\StartupApproved\Run: =&gt; &quot;StartCCC&quot;<br />
HKLM\...\StartupApproved\Run32: =&gt; &quot;BCSSync&quot;<br />
HKLM\...\StartupApproved\Run32: =&gt; &quot;UpdateP2GShortCut&quot;<br />
HKLM\...\StartupApproved\Run32: =&gt; &quot;EEventManager&quot;<br />
HKLM\...\StartupApproved\Run32: =&gt; &quot;ETDCtrl&quot;<br />
HKLM\...\StartupApproved\Run32: =&gt; &quot;RtsFT&quot;<br />
HKLM\...\StartupApproved\Run32: =&gt; &quot;SmartAudio&quot;<br />
HKU\S-1-5-21-1456974907-2201685202-3690727835-1002\...\StartupApproved\Run: =&gt; &quot;Amazon Music&quot;<br />
HKU\S-1-5-21-1456974907-2201685202-3690727835-1002\...\StartupApproved\Run: =&gt; &quot;Skype&quot;<br />
HKU\S-1-5-21-1456974907-2201685202-3690727835-1002\...\StartupApproved\Run: =&gt; &quot;AppleIEDAV&quot;<br />
HKU\S-1-5-21-1456974907-2201685202-3690727835-1002\...\StartupApproved\Run: =&gt; &quot;EPSON PX710W Series (Copy 1)&quot;<br />
HKU\S-1-5-21-1456974907-2201685202-3690727835-1002\...\StartupApproved\Run: =&gt; &quot;iCloudDrive&quot;<br />
HKU\S-1-5-21-1456974907-2201685202-3690727835-1002\...\StartupApproved\Run: =&gt; &quot;iCloudPhotos&quot;<br />
HKU\S-1-5-21-1456974907-2201685202-3690727835-1002\...\StartupApproved\Run: =&gt; &quot;iCloudServices&quot;<br />
HKU\S-1-5-21-1456974907-2201685202-3690727835-1002\...\StartupApproved\Run: =&gt; &quot;Spotify&quot;<br />
HKU\S-1-5-21-1456974907-2201685202-3690727835-1002\...\StartupApproved\Run: =&gt; &quot;Spotify Web Helper&quot;<br />
HKU\S-1-5-21-1456974907-2201685202-3690727835-1002\...\StartupApproved\Run: =&gt; &quot;HP ENVY 5640 series (NET)&quot;<br />
HKU\S-1-5-21-1456974907-2201685202-3690727835-1002\...\StartupApproved\Run: =&gt; &quot;CCleaner Monitoring&quot;<br />
<br />
==================== FirewallRules (Whitelisted) ===============<br />
<br />
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)<br />
<br />
FirewallRules: [{9CD6BAC9-5E1E-460B-B19A-CA4CFF33702B}] =&gt; (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe<br />
FirewallRules: [{EC8765D4-ACE4-431C-9852-6E559B935DE6}] =&gt; (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe<br />
FirewallRules: [{EDA51181-D86A-4F10-BA14-A726DC599084}] =&gt; (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe<br />
FirewallRules: [{15EE89AF-2C6B-42EF-8CF1-76578C7F961F}] =&gt; (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe<br />
FirewallRules: [{BFAD8286-DC36-4929-9791-C2715B8CFD25}] =&gt; (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE<br />
FirewallRules: [{4568EABD-98B7-4FE2-ACF9-77E647592867}] =&gt; (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe<br />
FirewallRules: [{065085B3-1A95-49E9-8458-5A1BD328D8F5}] =&gt; (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE<br />
FirewallRules: [{230B4B75-684E-4FCC-B743-0B66D78F94B4}] =&gt; (Allow) C:\Program Files\Bonjour\mDNSResponder.exe<br />
FirewallRules: [{8BC27C51-50E4-406D-A0F3-E0FE1F70F980}] =&gt; (Allow) C:\Program Files\Bonjour\mDNSResponder.exe<br />
FirewallRules: [{0EC27087-7BE9-4A88-9ECB-17A96DFB7978}] =&gt; (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe<br />
FirewallRules: [{1A0BB9C5-FB0B-4CC5-8896-BD9B1C9FB4FC}] =&gt; (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe<br />
FirewallRules: [{8215A7C1-0A5E-411E-AFBB-3A83A5B48CB6}] =&gt; (Allow) C:\Program Files\Bonjour\mDNSResponder.exe<br />
FirewallRules: [{4B5BBB51-05DC-4190-AE98-371092C13688}] =&gt; (Allow) C:\Program Files\Bonjour\mDNSResponder.exe<br />
FirewallRules: [{964F42EC-0121-4A1A-98A2-F0C28D2E8733}] =&gt; (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe<br />
FirewallRules: [{6B88EFFF-BFD8-47F5-9BC6-664EC9D54A2D}] =&gt; (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe<br />
FirewallRules: [TCP Query User{9969C47B-7257-4B4D-B1CD-29ABC07D492B}C:\program files (x86)\epson software\event manager\eeventmanager.exe] =&gt; (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe<br />
FirewallRules: [UDP Query User{E2CF0262-BE1B-44EE-A170-A37AB128FD50}C:\program files (x86)\epson software\event manager\eeventmanager.exe] =&gt; (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe<br />
FirewallRules: [TCP Query User{96267429-D23E-4A8E-AD9E-942726261781}C:\users\moira\appdata\roaming\spotify\spotify.exe] =&gt; (Allow) C:\users\moira\appdata\roaming\spotify\spotify.exe<br />
FirewallRules: [UDP Query User{F6902ED5-5A8D-45FC-A6C5-BC7A296955FF}C:\users\moira\appdata\roaming\spotify\spotify.exe] =&gt; (Allow) C:\users\moira\appdata\roaming\spotify\spotify.exe<br />
FirewallRules: [TCP Query User{7834204C-6804-4EEC-A6A0-02EA959EA327}C:\program files (x86)\epson software\event manager\eeventmanager.exe] =&gt; (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe<br />
FirewallRules: [UDP Query User{49CF17C4-80B8-4892-B8A0-7CD1C8AE3823}C:\program files (x86)\epson software\event manager\eeventmanager.exe] =&gt; (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe<br />
FirewallRules: [{4F2E4073-FE6C-48FA-89FD-C5156B3442CD}] =&gt; (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe<br />
FirewallRules: [{7AB8F443-7321-464C-9F91-4C12FD375BD6}] =&gt; (Allow) C:\Users\Moira\AppData\Local\Temp\7zS05FC\HPDiagnosticCoreUI.exe<br />
FirewallRules: [{7A38A781-565D-4CA4-95E8-D9E8CF3F7414}] =&gt; (Allow) C:\Users\Moira\AppData\Local\Temp\7zS05FC\HPDiagnosticCoreUI.exe<br />
FirewallRules: [{7FCF7ED6-082A-41F9-B6A8-BD9C3C126E67}] =&gt; (Allow) C:\Users\Moira\AppData\Local\Temp\7zS072B\HPDiagnosticCoreUI.exe<br />
FirewallRules: [{44CE1DFC-6AAC-41A4-A772-6C6531813FE1}] =&gt; (Allow) C:\Users\Moira\AppData\Local\Temp\7zS072B\HPDiagnosticCoreUI.exe<br />
FirewallRules: [{27EEF086-E218-40F9-ABB1-AEF34366E915}] =&gt; (Allow) C:\Program Files\HP\HP ENVY 5640 series\Bin\DeviceSetup.exe<br />
FirewallRules: [{B3BBD611-3DD5-4CD6-8E17-4D6DE7ABE7AF}] =&gt; (Allow) LPort=5357<br />
FirewallRules: [{7F50AAC8-63BE-481A-A717-3576AECC9209}] =&gt; (Allow) C:\Program Files\HP\HP ENVY 5640 series\Bin\HPNetworkCommunicatorCom.exe<br />
FirewallRules: [{0A39B176-A549-4882-9B36-B8B928A6E944}] =&gt; (Allow) C:\Program Files\iTunes\iTunes.exe<br />
FirewallRules: [{372380F9-57D8-40A3-80B2-33E0C04923BC}] =&gt; (Allow) C:\Program Files\CCleaner\CCUpdate.exe<br />
FirewallRules: [{35E65B6C-3191-4B0F-9283-385E9E17BFCF}] =&gt; (Allow) C:\Program Files\CCleaner\CCUpdate.exe<br />
FirewallRules: [{B1CE03DB-645F-4D55-B475-870C67B92886}] =&gt; (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe<br />
FirewallRules: [{FD5B9F97-8CF4-44A2-A5D4-C57927D6E5AB}] =&gt; (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe<br />
<br />
==================== Restore Points =========================<br />
<br />
11-10-2018 21:09:39 Windows Update<br />
16-11-2018 18:42:49 Windows Update<br />
19-11-2018 19:25:04 Windows Update<br />
22-11-2018 21:53:04 Windows Update<br />
<br />
==================== Faulty Device Manager Devices =============<br />
<br />
<br />
==================== Event log errors: =========================<br />
<br />
Application errors:<br />
==================<br />
Error: (12/03/2018 10:31:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )<br />
Description: Task Scheduling Error: m-&gt;NextScheduledSPRetry 14765<br />
<br />
Error: (12/03/2018 10:31:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )<br />
Description: Task Scheduling Error: m-&gt;NextScheduledEvent 14765<br />
<br />
Error: (12/03/2018 10:31:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )<br />
Description: Task Scheduling Error: Continuously busy for more than a second<br />
<br />
Error: (12/03/2018 10:08:08 PM) (Source: Application Error) (EventID: 1000) (User: )<br />
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.19036, time stamp: 0x5b077e91<br />
Faulting module name: atidxx32.dll, version: 8.17.10.519, time stamp: 0x525bc8c0<br />
Exception code: 0xc0000005<br />
Fault offset: 0x00072e57<br />
Faulting process id: 0x58f8<br />
Faulting application start time: 0x01d48b4ceb656e81<br />
Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE<br />
Faulting module path: C:\windows\SYSTEM32\atidxx32.dll<br />
Report Id: ea309f6c-f747-11e8-831a-28e3478c9d9e<br />
Faulting package full name: <br />
Faulting package-relative application ID:<br />
<br />
Error: (12/03/2018 08:03:54 PM) (Source: Application Hang) (EventID: 1002) (User: )<br />
Description: The program iexplore.exe version 11.0.9600.19036 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.<br />
<br />
Process ID: 4194<br />
<br />
Start Time: 01d48b3e6575a40b<br />
<br />
Termination Time: 28<br />
<br />
Application Path: C:\Program Files\Internet Explorer\iexplore.exe<br />
<br />
Report Id: 8c2c9a0e-f736-11e8-831a-28e3478c9d9e<br />
<br />
Faulting package full name: <br />
<br />
Faulting package-relative application ID:<br />
<br />
Error: (12/03/2018 06:01:47 PM) (Source: Application Hang) (EventID: 1002) (User: )<br />
Description: The program LiveComm.exe version 17.5.9600.22013 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.<br />
<br />
Process ID: 5bcc<br />
<br />
Start Time: 01d48b3173d8debe<br />
<br />
Termination Time: 4294967295<br />
<br />
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.22013_x64__8wekyb3d8bbwe\LiveComm.exe<br />
<br />
Report Id: 689d517f-f725-11e8-831a-28e3478c9d9e<br />
<br />
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.22013_x64__8wekyb3d8bbwe<br />
<br />
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1<br />
<br />
Error: (12/02/2018 10:36:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )<br />
Description: Task Scheduling Error: m-&gt;NextScheduledSPRetry 14969<br />
<br />
Error: (12/02/2018 10:36:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )<br />
Description: Task Scheduling Error: m-&gt;NextScheduledEvent 14969<br />
<br />
<br />
System errors:<br />
=============<br />
Error: (12/04/2018 08:54:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: )<br />
Description: The Windows Media Player Network Sharing Service service depends on the Windows Search service which failed to start because of the following error: <br />
The service has not been started.<br />
<br />
Error: (12/04/2018 08:54:02 PM) (Source: Service Control Manager) (EventID: 7023) (User: )<br />
Description: The Superfetch service terminated with the following error: <br />
The service has not been started.<br />
<br />
Error: (12/04/2018 08:53:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )<br />
Description: The Avira Service Host service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.<br />
<br />
Error: (12/04/2018 08:53:43 PM) (Source: Service Control Manager) (EventID: 7031) (User: )<br />
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.<br />
<br />
Error: (12/04/2018 08:53:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )<br />
Description: The Apple Mobile Device Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.<br />
<br />
Error: (12/04/2018 08:53:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )<br />
Description: The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).<br />
<br />
Error: (12/04/2018 08:53:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )<br />
Description: The AtherosSvc service terminated unexpectedly. It has done this 1 time(s).<br />
<br />
Error: (12/04/2018 08:53:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )<br />
Description: The NitroPDFDriverCreatorReadSpool8 service terminated unexpectedly. It has done this 1 time(s).<br />
<br />
<br />
Windows Defender:<br />
===================================<br />
Date: 2014-08-03 22:22:02.798<br />
Description: <br />
Windows Defender scan has been stopped before completion.<br />
Scan ID: {6BABCFF0-6D83-4FF0-A6AE-084FE887C323}<br />
Scan Type: Antimalware<br />
Scan Parameters: Quick Scan<br />
<br />
Date: 2017-09-28 19:58:37.431<br />
Description: <br />
Windows Defender Real-Time Protection feature has encountered an error and failed.<br />
Feature: On Access<br />
Error Code: 0x8007043c<br />
Error description: This service cannot be started in Safe Mode <br />
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.<br />
<br />
Date: 2017-09-13 12:33:05.020<br />
Description: <br />
Windows Defender has encountered an error trying to update signatures.<br />
New Signature Version: <br />
Previous Signature Version: 1.251.876.0<br />
Update Source: Microsoft Update Server<br />
Signature Type: AntiVirus<br />
Update Type: Full<br />
Current Engine Version: <br />
Previous Engine Version: 1.1.14104.0<br />
Error code: 0x80240017<br />
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. <br />
<br />
Date: 2017-08-09 08:07:36.937<br />
Description: <br />
Windows Defender has encountered an error trying to update signatures.<br />
New Signature Version: <br />
Previous Signature Version: 1.249.787.0<br />
Update Source: Microsoft Malware Protection Center<br />
Signature Type: AntiSpyware<br />
Update Type: Full<br />
Current Engine Version: <br />
Previous Engine Version: 1.1.14003.0<br />
Error code: 0x80070652<br />
Error description: Another installation is already in progress. Complete that installation before proceeding with this install. <br />
<br />
Date: 2017-08-09 08:07:36.937<br />
Description: <br />
Windows Defender has encountered an error trying to update signatures.<br />
New Signature Version: <br />
Previous Signature Version: 1.249.787.0<br />
Update Source: Microsoft Malware Protection Center<br />
Signature Type: AntiVirus<br />
Update Type: Full<br />
Current Engine Version: <br />
Previous Engine Version: 1.1.14003.0<br />
Error code: 0x80070652<br />
Error description: Another installation is already in progress. Complete that installation before proceeding with this install. <br />
<br />
Date: 2017-08-09 08:07:36.718<br />
Description: <br />
Windows Defender has encountered an error trying to update signatures.<br />
New Signature Version: <br />
Previous Signature Version: <br />
Update Source: User<br />
Signature Type: <br />
Update Type: <br />
Current Engine Version: <br />
Previous Engine Version: <br />
Error code: 0x80070652<br />
Error description: Another installation is already in progress. Complete that installation before proceeding with this install. <br />
<br />
CodeIntegrity:<br />
===================================<br />
<br />
Date: 2017-09-23 22:50:15.401<br />
Description: <br />
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.<br />
<br />
Date: 2017-09-23 22:50:13.604<br />
Description: <br />
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.<br />
<br />
Date: 2017-09-23 22:50:11.820<br />
Description: <br />
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.<br />
<br />
Date: 2017-09-23 22:50:10.029<br />
Description: <br />
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.<br />
<br />
Date: 2017-09-21 16:21:21.543<br />
Description: <br />
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.<br />
<br />
Date: 2017-09-21 16:21:19.607<br />
Description: <br />
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.<br />
<br />
Date: 2017-09-20 16:25:58.825<br />
Description: <br />
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.<br />
<br />
Date: 2017-09-20 16:25:57.029<br />
Description: <br />
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.<br />
<br />
==================== Memory info =========================== <br />
<br />
Processor: AMD A10-5750M APU with Radeon(tm) HD Graphics <br />
Percentage of memory in use: 28%<br />
Total physical RAM: 7375.26 MB<br />
Available physical RAM: 5239.86 MB<br />
Total Virtual: 23375.26 MB<br />
Available Virtual: 21294.49 MB<br />
<br />
==================== Drives ================================<br />
<br />
Drive c: (Windows8_OS) (Fixed) (Total:892.1 GB) (Free:716.26 GB) NTFS ==&gt;[system with boot components (obtained from drive)]<br />
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.05 GB) NTFS<br />
<br />
\\?\Volume{57b78abf-800a-45aa-8fb7-91c689685e05}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.63 GB) NTFS<br />
\\?\Volume{0dbf722b-977e-40aa-b7b8-98dae241279d}\ (PBR_DRV) (Fixed) (Total:12.08 GB) (Free:3.82 GB) NTFS<br />
<br />
==================== MBR &amp; Partition Table ==================<br />
<br />
========================================================<br />
Disk: 0 (Size: 931.5 GB) (Disk ID: C575724C)<br />
<br />
Partition: GPT.<br />
<br />
==================== End of Addition.txt ============================
</div>
<!-- / message -->




<div class="vbseo_buttons" id="lkbtn_1.1233576.7717640">

<div class="alt2 vbseo_liked" style="display:none"></div>


</div>











</td>
</tr>
<tr>
<td class="userarea" width="150">
<img class="inlineimg" src="https://www.techsupportforum.com/forums/images/sk/statusicon_2/user_offline.gif" alt="Lassie is offline" border="0" />






&nbsp;
</td>

<td class="alt1" align="right" style="border: 0px solid #ffffff; border-left: 0px; border-top: 0px">

<!-- controls -->



<a href="https://www.techsupportforum.com/forums/newreply.php?do=newreply&amp;p=7717640" rel="nofollow"><img src="https://www.techsupportforum.com/forums/images/sk/buttons_v5/quote.gif" alt="Reply With Quote" border="0" /></a>










<!-- / controls -->
</td>
</tr>
</table>


<!-- post 7717640 popup menu -->

<!-- / post 7717640 popup menu -->
<!--System Specs-->

<!--/System Specs--><!-- AMS BELOW 3 POST --><div id="9999999" class="vs_dfp_standard_postbit_container" style="padding:0px 0px 8px 0px; ">
<table class="tborder vs_dfp_standard_postbit_ad" cellpadding="8" cellspacing="0" border="0" width="100%" align="center">

<tr>
<td class="thead" style="line-height:1.4em;" colspan="2">
<div>
<span style="float:right;font-weight:normal"><a href="https://www.techsupportforum.com/forums/register.php">Remove Advertisements</a></span>
</div>
Sponsored Links
</td>
</tr>
<tr valign="top">
<td class="alt2" width="175px">
<div><a class="bigusername" href="https://www.techsupportforum.com/forums">TechSupportForum.com</a></div>

<div class="smallfont">Advertisement</div><div>&nbsp;<br /></div>
</td><td class="alt1" >
<table cellpadding="2" cellspacing="2" border="0" width="100%" align="left">
<tr>
<td align="left"><div id="TechSupportForum_com_1x1_SharethroughPostbit_TECH_Forum" style="width:auto; height:auto;">
<script type="text/javascript">
googletag.cmd.push(function() { googletag.display("TechSupportForum_com_1x1_SharethroughPostbit_TECH_Forum"); });
</script>
</div></td>
<td></td>
</tr>
</table>
</td>
</tr>
</table></div>


</div>


<!-- / post #7717640 -->

<!-- post #7717670 -->


<div id="edit7717670" style="padding:0px 0px 8px 0px">
<!-- this is not the last post shown on the page -->



<table id="post7717670" class="tborder vbseo_like_postbit" style="border:1px solid #adadad;" cellpadding="8" cellspacing="0" border="0" width="100%" align="center">
<tr>

<td class="thead" style="font-weight:normal; border: 0px solid #ffffff; border-right: 0px" >
<!-- status icon and date -->
<a name="post7717670"><img class="inlineimg" src="https://www.techsupportforum.com/forums/images/sk/statusicon_2/post_old.gif" alt="Old" border="0" /></a>
12-05-2018, 04:43 AM

<!-- / status icon and date -->
</td>
<td class="thead" style="font-weight:normal; border: 0px solid #ffffff; border-left: 0px" align="right">
&nbsp;
#<a href="https://www.techsupportforum.com/forums/f50/ie-on-severe-go-slow-1233576.html#post7717670" id="postcount7717670" name="4" title="permalink"><strong>4</strong></a>

</td>

</tr>
<tr valign="top">
<td class="userarea" width="150">

<div id="postmenu_7717670">

<a rel="nofollow" class="bigusername" href="https://www.techsupportforum.com/forums/members/chemist-190057.html"><font color=red><b>chemist</font></b></a>


</div>

<div class="smallfont">Security Team <br>Moderator, Analyst <br>Rangemaster, TSF Academy</div>




<div class="smallfont">
&nbsp;<br /><a rel="nofollow" href="https://www.techsupportforum.com/forums/members/chemist-190057.html"><img src="/attachments/customavatars/avatar190057_1.gif" width="75" height="71" alt="chemist's Avatar" border="0" /></a>
</div>




<img src="/forums/clear.gif" width="10" height="6"><br />
<img src="/forums/images/sk/misc/ms_mvp.png" alt="Microsoft Most Valuable Professional" />


<div class="smallfont">
&nbsp;<br />
<div>Join Date: Oct 2007</div>
<div>Location: Georgia</div>

<div>
Posts: 29,718
</div>
<div>
<b>OS</b>: XP/Win7/Win10
</div>
<!--System Specs-->
<br />

<br />
<!--/System Specs-->





<div> </div>
</div>

</td>

<td class="alt1" id="td_post_7717670" style="border-right: 0px solid #ffffff">



<!-- icon and title -->
<div class="smallfont">


</div>
<hr size="1" style="color:#ffffff; background-color:#ffffff" />
<!-- / icon and title -->


<!-- message -->
<div id="post_message_7717670">

Hello Lassie. Not seeing anything malicious in your logs so far. <br />
<br />
------------------------------------------------------<br />
Lassie is offline  
Old 12-11-2018, 06:52 PM   #13
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Lassie. I have no idea what that was. I think you hit some weird button but I could be wrong. I'm not a programmer. However, I don't think anything bad happened, and you should be good to go. Let me know.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 12-12-2018, 11:53 AM   #14
Registered Member
 
Join Date: Aug 2006
Location: NE Scotland
Posts: 54
OS: Windows 8.1



Hi Chemist

Yes, all seems to be back to normal again. Thanks once again for all your help:)
Lassie is offline  
Old 12-12-2018, 06:18 PM   #15
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



You're very welcome, Lassie! Glad to have helped.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Mysterious slow downloads
I've had this problem for a few months now. Some, but not all, of my downloads are intolerably slow. It's not a general internet speed issue; speed tests clock in at the expected rate (1.5-2 MB/s), and surfing webpages feels normal. The downloads in question are through websites like Keep2share,...
MedFive File and Application Sharing 1 03-01-2015 02:51 PM
My system running slow
:dance: Hi There!! I shall be very thankful if anybody guide/help me to resolve my computer's slow running issue. My system configuration is as follows: Windows edition: Windows 7 professional - Service pack 1 System:
Binyamin911 Windows 7 , Windows Vista Support 2 07-25-2014 02:23 PM
Win7: Suddenly SLOW, but normal mem usage
(Typing from Safe Mode) My machine: Asus G73Jh laptop Windows 7 64-bit Home Premium SP1 ATI Mobility Radeon™ HD 5800 Intel Core i7 Q720 1.60GHz 8 GB RAM 1TB hard drive, pre-partitioned into 3 segments, 2 of those with about 30% free and one nearly full (not the one with the Windows, etc....
bjj8383 Windows 7 , Windows Vista Support 2 03-29-2011 05:34 AM
Is your PC running slow...?
Version control – v2.0 – dated November 2010 Version control - v2.1 - dated April 2012 - updated SysInternals link Version control – v2.2 – dated March 2014 - general updates, links and additions for Windows 8 Introduction This article is intended to provide you with some hints and tips...
Glaswegian General Computer Security 0 11-29-2010 01:15 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 07:44 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts