slow internet - Malwarebytes says clean

[autoeng12]

My internet has slowed considerably but when I run Malwarebytes is comes back clean. Here is the latest log. I appreciate any help / direction anyone can offer.mbam-log-2015-09-02 (20-51-55).xml

[TwinHeadedEagle]

Hello,

    

 

They call me TwinHeadedEagle around here, and I'll try to help your with your issue.

 

     

    

Before we start please read and note the following:

• We're primarily oriented on malware removal here, so you must know that some issues just cannot be solved and you must be prepared for this. Some tools we use here will remove your browser search history, so backup your important links and all the files whose loss is unacceptable.
• Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
• Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time. Keep in mind that private life gets in the way too. Note that we may live in totally different time zones, what may cause some delays between answers.
• Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
• Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
• Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
• Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
• If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

I can't foresee everything, so if anything not covered in my instructions happens, please stop and inform me!

There are no silly questions. Never be afraid to ask if in doubt!

 

 

 

  Rules and policies

 

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

 

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

 

 

---

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.

Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

[autoeng12]

Here are the files

Addition_08-09-2015_07-15-21.txt

FRST_08-09-2015_07-15-21.txt

[TwinHeadedEagle]

Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

createsrpoint;autoclean;emptyalltemp;ipconfig /flushdns >>"%temp%\log.txt";b

• Right-click on icon and select Run as Administrator to start the tool.
• Wait patiently until the main console will appear, it may take a minute or two.
• In the main box please paste in the following script:
• Make sure that Scan All Users option is checked.
• Push Run Script and wait patiently. The scan may take a couple of minutes.
• When the scan completes, a zoek-results logfile should open in notepad.
• If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

---

Check Disk

• Press the + R on your keyboard at the same time. Type cmd and click OK.
• Copy/Enter the command below and press Enter:

• chkdsk C: /r

• You should get a message to schedule Check Disk at next system restart. Please type Y and press Enter.
• All you should do now is to restart your PC and let the Check Disk process finish uninterrupted.

Check Disk report:

• Press the + R on your keyboard at the same time. Type eventvwr and click OK.
• In the left panel, expand Windows Logs and then click on Application.
• Now, on the right side, click on Filter Current Log.
• Under Event Sources, check only Wininit and click OK.
• Now you'll be presented with one or multiple Wininit logs.
• Click on an entry corresponding to the date and time of the disk check.
• On the top main menu, click Action > Copy > Copy Details as Text.
• Paste the contents into your next reply.

[autoeng12]

Here is the report. I cannot run chkdsk as I get the error message that I do not have sufficient privileges and must run in elevated mode.

Zoek.exe v5.0.0.0 Updated 08-September-2015
Tool run by Kelly on Wed 09/09/2015 at 20:41:55.59.
Microsoft Windows 10 Home 10.0.10240  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Kelly\Desktop\zoek.exe [scan all users] [script inserted]

 

==== System Restore Info ======================

 

9/9/2015 8:46:46 PM Zoek.exe System Restore Point Created Successfully.

 

==== Empty Folders Check ======================

 

C:\PROGRA~2\ERUNT deleted successfully
C:\PROGRA~2\Malwarebytes' Anti-Malware deleted successfully
C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~3\Comms deleted successfully
C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) deleted successfully
C:\PROGRA~3\Rovi deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\PROGRA~3\Vivitar deleted successfully
C:\Users\DefaultAppPool\AppData\LocalLow deleted successfully
C:\Users\Kelly\AppData\Local\KodakGallery deleted successfully

 

==== Deleting CLSID Registry Keys ======================

 

HKEY_USERS\S-1-5-21-2303037246-652555962-3126454297-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1CEB3066-9D5D-42B8-B4C0-0A791297F419} deleted successfully
HKEY_USERS\S-1-5-21-2303037246-652555962-3126454297-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6} deleted successfully
HKEY_USERS\S-1-5-21-2303037246-652555962-3126454297-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8E66592B-8E7C-4A14-88A5-8BF21032F651} deleted successfully

 

==== Deleting CLSID Registry Values ======================

 

==== Deleting Services ======================

 

==== Batch Command(s) Run By Tool======================

 

Windows IP Configuration

 

Successfully flushed the DNS Resolver Cache.
C:\WINDOWS\system32\appdata deleted

 

==== Deleting Files \ Folders ======================

 

C:\PROGRA~2\ERUNT not found
C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) not found
C:\PROGRA~2\Windows Live SkyDrive deleted
C:\WINDOWS\syswow64\appdata deleted
C:\PROGRA~2\Yahoo! deleted
C:\PROGRA~3\Yahoo! deleted
C:\PROGRA~3\{93E26451-CD9A-43A5-A2FA-C42392EA4001} deleted
C:\Users\Kelly\AppData\Local\MyWinLockerInstaller.txt-20141212.log deleted
C:\Users\Kelly\AppData\Local\{485D00B3-DB2C-480C-A96B-106D9BBEF1D9} deleted
C:\Users\Kelly\AppData\Local\{62FE1C67-1742-45D6-82F7-AEEABC53D1A6} deleted
C:\Users\Kelly\AppData\Local\{93156864-4CC9-430E-95D3-E728C9E82443} deleted
C:\Users\Kelly\AppData\Local\{BD52D38F-4F0D-4325-BB9E-32223CCB54AA} deleted
C:\Users\Kelly\AppData\Local\{FFFA2FB9-4857-4475-8379-F36343DA5801} deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\Users\Kelly\AppData\LocalLow\{9E7CC171-2F59-4E9F-9D90-1E960B37F05E} deleted
C:\Users\Kelly\AppData\LocalLow\Yahoo! deleted
"C:\Users\Kelly\AppData\Roaming\????" not deleted
"C:\Users\Kelly\AppData\Roaming\Acer\Acer Assist\communicator.dat" deleted
"C:\Users\Kelly\AppData\Roaming\Acer" deleted
"C:\windows\SysNative\tasks\Acer" deleted
"C:\WINDOWS\SysNative\tasks\Acer" deleted
"C:\Users\Kelly\AppData\Roaming\Nolywa" deleted
"C:\Users\Kelly\AppData\Roaming\Skinux" deleted
"C:\Users\Kelly\AppData\Roaming\Acer\Acer Assist" deleted
"C:\windows\SysNative\tasks\Acer\Acer Assist" deleted
"C:\WINDOWS\SysNative\tasks\Acer\Acer Assist" deleted

 

==== Firefox Extensions ======================

 

==== Firefox Plugins ======================

 

==== Chromium Look ======================

 

Google Chrome Version: 45.0.2454.85

 

AdBlock - Kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Chrome Hotword Shared Module - Kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg

 

==== Chromium Fix ======================

 

C:\Users\Kelly\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.petfinder.com_0.localstorage deleted successfully
C:\Users\Kelly\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.petfinder.com_0.localstorage-journal deleted successfully
C:\Users\Kelly\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfully
C:\Users\Kelly\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully
C:\Users\Kelly\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_content.ibanking-services.com_0.localstorage deleted successfully
C:\Users\Kelly\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_content.ibanking-services.com_0.localstorage-journal deleted successfully
C:\Users\Kelly\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_services1.capitalone.com_0.localstorage deleted successfully
C:\Users\Kelly\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_services1.capitalone.com_0.localstorage-journal deleted successfully
C:\Users\Kelly\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_services2.capitalone.com_0.localstorage deleted successfully
C:\Users\Kelly\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_services2.capitalone.com_0.localstorage-journal deleted successfully
C:\Users\Kelly\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_media.mtvnservices.com_0.localstorage deleted successfully
C:\Users\Kelly\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_media.mtvnservices.com_0.localstorage-journal deleted successfully

 

==== Set IE to Default ======================

 

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.com/"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
@="http://www.google.com/search?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.com/ie"
"Default_Search_URL"="http://www.google.com/ie"

 

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.com/"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"

 

==== All HKCU SearchScopes ======================

 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_en"

 

==== shortcuts on Users Desktops ======================

 

C:\Users\Kelly\Desktop\Google Drive.lnk - C:\Users\Kelly\Google Drive
C:\Users\Kelly\Desktop\Kindle.lnk - C:\Users\Kelly\AppData\Local\Amazon\Kindle\application\Kindle.exe
C:\Users\Kelly\Desktop\ShadowExplorer.lnk - C:\Program Files (x86)\ShadowExplorer\ShadowExplorer.exe
C:\Users\Kelly\Desktop\Tor Browser\Start Tor Browser.lnk - C:\Users\Kelly\Desktop\Tor Browser\Browser\firefox.exe

 

==== shortcuts on All Users Desktop ======================

 

C:\Users\Public\Desktop\1D Cutting Optimizer.lnk - C:\Program Files (x86)\1D-Solutions\1DNest.exe
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Public\Desktop\Google Docs.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe --new_document
C:\Users\Public\Desktop\Google Sheets.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe --new_spreadsheet
C:\Users\Public\Desktop\Google Slides.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe --new_presentation
C:\Users\Public\Desktop\HP Deskjet 2540 series.lnk - C:\Program Files (x86)\HP\HP Deskjet 2540 series\Bin\HP Deskjet 2540 series.exe -Start UDCDevicePage
C:\Users\Public\Desktop\HP Photo Creations.lnk - C:\Program Files (x86)\HP Photo Creations\PhotoProduct.exe
C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk - C:\Program Files (x86)\HP\Diagnostics\PSDR\HPPSDr.exe
C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Public\Desktop\Microsoft Works.lnk - C:\Program Files (x86)\Microsoft Works\MSWorks.exe
C:\Users\Public\Desktop\QuickTime Player.lnk - C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe
C:\Users\Public\Desktop\Shop for Supplies - HP Deskjet 2540 series.lnk - C:\Program Files (x86)\HP\HP Deskjet 2540 series\Bin\hpqDTSS.exe
C:\Users\Public\Desktop\WinX DVD Ripper Platinum.lnk - C:\Program Files (x86)\Digiarty\WinX_DVD_Ripper_Platinum\WinX_DVD_Ripper_Platinum.exe

 

==== shortcuts in Users Start Menu ======================

 

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk - C:\WINDOWS\system32\magnify.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk - C:\WINDOWS\system32\narrator.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk - C:\WINDOWS\system32\osk.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk - C:\WINDOWS\system32\notepad.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk - C:\WINDOWS\system32\cmd.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk - 
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk - 
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Default Apps.lnk -  page=SettingsPageAppsDefaults
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Devices.lnk -  page=SettingsPagePCSystemDevices
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk - 
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk - 
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Windows Defender.lnk - 
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk - C:\WINDOWS\syswow64\WindowsPowerShell\v1.0\powershell.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk - C:\WINDOWS\syswow64\WindowsPowerShell\v1.0\PowerShell_ISE.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk - C:\WINDOWS\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk - C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe
C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk - C:\WINDOWS\system32\magnify.exe
C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk - C:\WINDOWS\system32\narrator.exe
C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk - C:\WINDOWS\system32\osk.exe
C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk - C:\WINDOWS\system32\notepad.exe
C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk - C:\WINDOWS\system32\cmd.exe
C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk - 
C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk - 
C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Default Apps.lnk -  page=SettingsPageAppsDefaults
C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Devices.lnk -  page=SettingsPagePCSystemDevices
C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk - 
C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk - 
C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Windows Defender.lnk - 
C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk - C:\WINDOWS\syswow64\WindowsPowerShell\v1.0\powershell.exe
C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk - C:\WINDOWS\syswow64\WindowsPowerShell\v1.0\PowerShell_ISE.exe
C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk - C:\WINDOWS\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe
C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk - C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe
C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk - C:\WINDOWS\system32\magnify.exe
C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk - C:\WINDOWS\system32\narrator.exe
C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk - C:\WINDOWS\system32\osk.exe
C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk - C:\WINDOWS\system32\notepad.exe
C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk - C:\WINDOWS\system32\cmd.exe
C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk - 
C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk - 
C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Default Apps.lnk -  page=SettingsPageAppsDefaults
C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Devices.lnk -  page=SettingsPagePCSystemDevices
C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk - 
C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk - 
C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Windows Defender.lnk - 
C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk - C:\WINDOWS\syswow64\WindowsPowerShell\v1.0\powershell.exe
C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk - C:\WINDOWS\syswow64\WindowsPowerShell\v1.0\PowerShell_ISE.exe
C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk - C:\WINDOWS\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe
C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk - C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe
C:\Users\Kelly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk - C:\Users\Kelly\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Users\Kelly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk - C:\WINDOWS\system32\magnify.exe
C:\Users\Kelly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk - C:\WINDOWS\system32\narrator.exe
C:\Users\Kelly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk - C:\WINDOWS\system32\osk.exe
C:\Users\Kelly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Kelly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk - C:\WINDOWS\system32\notepad.exe
C:\Users\Kelly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon\Amazon Kindle\Uninstall Kindle.lnk - C:\Users\Kelly\AppData\Local\Amazon\Kindle\application\uninstall.exe
C:\Users\Kelly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DVD Catalyst\Uninstall.lnk - C:\Program Files (x86)\DVD Catalyst\uninst.exe
C:\Users\Kelly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk - C:\WINDOWS\system32\cmd.exe
C:\Users\Kelly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk - 
C:\Users\Kelly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk - 
C:\Users\Kelly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Default Apps.lnk -  page=SettingsPageAppsDefaults
C:\Users\Kelly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Devices.lnk -  page=SettingsPagePCSystemDevices
C:\Users\Kelly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk - 
C:\Users\Kelly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk - 
C:\Users\Kelly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Windows Defender.lnk - 
C:\Users\Kelly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk - C:\WINDOWS\syswow64\WindowsPowerShell\v1.0\powershell.exe
C:\Users\Kelly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk - C:\WINDOWS\syswow64\WindowsPowerShell\v1.0\PowerShell_ISE.exe
C:\Users\Kelly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk - C:\WINDOWS\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe
C:\Users\Kelly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk - C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe

 

==== shortcuts in All Users Start Menu ======================

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desktop.lnk - 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Devices Flow.lnk - C:\WINDOWS\DevicesFlow\DevicesFlow.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk - C:\WINDOWS\System32\Control.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk - C:\Program Files (x86)\Microsoft Works\MSWorks.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiracastView.lnk - C:\WINDOWS\MiracastView\MiracastView.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintDialog.lnk - C:\WINDOWS\PrintDialog\PrintDialog.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk - C:\WINDOWS\Speech\Common\sapisvr.exe -SpeechUX
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk - 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk - C:\WINDOWS\system32\mspaint.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk - C:\WINDOWS\system32\mstsc.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk - 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk - C:\WINDOWS\system32\psr.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk - 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk - 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk - C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\XPS Viewer.lnk - C:\WINDOWS\system32\xpsrchvw.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk - C:\WINDOWS\system32\charmap.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk - 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk - C:\WINDOWS\system32\comexp.msc
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk - C:\WINDOWS\system32\compmgmt.msc /s
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk - C:\WINDOWS\system32\dfrgui.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk - C:\WINDOWS\system32\cleanmgr.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk - C:\WINDOWS\system32\eventvwr.msc /s
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk - C:\WINDOWS\system32\iscsicpl.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk - 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk - C:\WINDOWS\syswow64\odbcad32.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk - C:\WINDOWS\system32\odbcad32.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk - C:\WINDOWS\system32\perfmon.msc /s
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk - C:\WINDOWS\system32\perfmon.exe /res
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk - C:\WINDOWS\system32\services.msc
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk - 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk - C:\WINDOWS\system32\msinfo32.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk - C:\WINDOWS\system32\taskschd.msc /s
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk - C:\WINDOWS\system32\WF.msc
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Docs.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe --new_document
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Drive.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Sheets.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe --new_spreadsheet
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Slides.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe --new_presentation
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\About iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.Resources\en.lproj\About iTunes.rtf
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware Notifications.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Uninstall Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\Silverlight.Configuration.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works\Microsoft Works Spreadsheet.lnk - C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works\Microsoft Works Task Launcher.lnk - C:\Program Files (x86)\Microsoft Works\MSWorks.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works\Works without Ads.lnk - C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WkBoLink.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Default Programs.lnk - C:\WINDOWS\system32\control.exe /name Microsoft.DefaultPrograms
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk - C:\WINDOWS\system32\taskmgr.exe /7

 

==== shortcuts in Quick Launch ======================

 

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - 
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - 
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - 
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - 
C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - 
C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - 
C:\Users\Kelly\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Kelly\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Kelly\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe
C:\Users\Kelly\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - 
C:\Users\Kelly\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WildTangent Games App - acer.lnk - C:\Program Files (x86)\WildTangent Games\App\GameConsole-wt.exe /src quicklaunch /dp acernb
C:\Users\Kelly\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - 
C:\Users\Kelly\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Netflix.lnk - C:\ProgramData\OEM_E471269A730D\Netflix\StartUrl.exe http://homepage.acer.com/redirect.aspx?rid=09000001
C:\Users\Kelly\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Word 2013.lnk - C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE
C:\Users\Kelly\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk - 
C:\Users\Kelly\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Kelly\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Welcome Center.lnk - C:\Program Files (x86)\Acer\Welcome Center\OEMWelcomeCenter.exe
C:\Users\Kelly\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1

 

==== shortcuts After Repair ======================

 

C:\Users\Kelly\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Netflix.lnk - C:\ProgramData\OEM_E471269A730D\Netflix\StartUrl.exe

 

==== Deleting Registry Keys ======================

 

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA} deleted successfully

 

==== Empty IE Cache ======================

 

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Kelly\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Kelly\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

 

==== Empty FireFox Cache ======================

 

No FireFox Profiles found

 

==== Empty Chrome Cache ======================

 

C:\Users\Kelly\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

 

==== Empty All Flash Cache ======================

 

No Flash Cache Found

 

==== Empty All Java Cache ======================

 

Java Cache cleared successfully

 

==== C:\zoek_backup content ======================

 

C:\zoek_backup (files=34 folders=19 45443102 bytes)

 

==== Empty Temp Folders ======================

 

C:\WINDOWS\Temp will be emptied at reboot

 

==== After Reboot ======================

 

==== Empty Temp Folders ======================

 

C:\WINDOWS\Temp successfully emptied
C:\Users\Kelly\AppData\Local\Temp successfully emptied

 

==== Empty Recycle Bin ======================

 

C:\$RECYCLE.BIN successfully emptied

 

==== Deleting Files / Folders ======================

 

"C:\Users\Kelly\AppData\Roaming\????"  not deleted

 

==== EOF on Wed 09/09/2015 at 21:24:36.77 ======================

[TwinHeadedEagle]

Press Start, type CMD, then right click and Run as Administrator.

[autoeng12]

Here is the Wininit log. After chkdsk pc rebooted into safe mode. In order to use it to connect and post I used msconfig to reset the boot option. That didn't work though. It would let me paste (only by right click -paste, ctrl V wouldn't work) into a reply but when I selected "Add Reply" it would clear the text and say that I couldn't post a blank reply. I posted this from my phone.

Log Name: Application

Source: Microsoft-Windows-Wininit

Date: 9/10/2015 10:13:37 PM

Event ID: 1001

Task Category: None

Level: Information

Keywords: Classic

User: N/A

Computer: Kelly-PC

Description:

Checking file system on C:

The type of the file system is NTFS.

Volume label is ACER.

A disk check has been scheduled.

Windows will now check the disk.

Stage 1: Examining basic file system structure ...

477696 file records processed.

File verification completed.

6703 large file records processed.

0 bad file records processed.

Stage 2: Examining file name linkage ...

623106 index entries processed.

Index verification completed.

0 unindexed files scanned.

0 unindexed files recovered to lost and found.

Stage 3: Examining security descriptors ...

CHKDSK is compacting the security descriptor stream

Cleaning up 13282 unused security descriptors.

72706 data files processed.

CHKDSK is verifying Usn Journal...

36924904 USN bytes processed.

Usn Journal verification completed.

Stage 4: Looking for bad clusters in user file data ...

477680 files processed.

File data verification completed.

Stage 5: Looking for bad, free clusters ...

28485310 free clusters processed.

Free space verification is complete.

CHKDSK discovered free space marked as allocated in the volume bitmap.

Windows has made corrections to the file system.

No further action is required.

299717975 KB total disk space.

184922236 KB in 394108 files.

261128 KB in 72709 indexes.

0 KB in bad sectors.

593367 KB in use by the system.

65536 KB occupied by the log file.

113941244 KB available on disk.

4096 bytes in each allocation unit.

74929493 total allocation units on disk.

28485311 allocation units available on disk.

Internal Info:

00 4a 07 00 8b 1f 07 00 85 b4 0d 00 00 00 00 00 .J..............

5f 1d 00 00 72 00 00 00 00 00 00 00 00 00 00 00 _...r...........

Windows has finished checking your disk.

Please wait while your computer restarts.

Event Xml:

<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">

<System>

<Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />

<EventID Qualifiers="16384">1001</EventID>

<Version>0</Version>

<Level>4</Level>

<Task>0</Task>

<Opcode>0</Opcode>

<Keywords>0x80000000000000</Keywords>

<TimeCreated SystemTime="2015-09-11T02:13:37.000000000Z" />

<EventRecordID>1273</EventRecordID>

<Correlation />

<Execution ProcessID="0" ThreadID="0" />

<Channel>Application</Channel>

<Computer>Kelly-PC</Computer>

<Security />

</System>

<EventData>

<Data>

Checking file system on C:

The type of the file system is NTFS.

Volume label is ACER.

A disk check has been scheduled.

Windows will now check the disk.

Stage 1: Examining basic file system structure ...

477696 file records processed.

File verification completed.

6703 large file records processed.

0 bad file records processed.

Stage 2: Examining file name linkage ...

623106 index entries processed.

Index verification completed.

0 unindexed files scanned.

0 unindexed files recovered to lost and found.

Stage 3: Examining security descriptors ...

CHKDSK is compacting the security descriptor stream

Cleaning up 13282 unused security descriptors.

72706 data files processed.

CHKDSK is verifying Usn Journal...

36924904 USN bytes processed.

Usn Journal verification completed.

Stage 4: Looking for bad clusters in user file data ...

477680 files processed.

File data verification completed.

Stage 5: Looking for bad, free clusters ...

28485310 free clusters processed.

Free space verification is complete.

CHKDSK discovered free space marked as allocated in the volume bitmap.

Windows has made corrections to the file system.

No further action is required.

299717975 KB total disk space.

184922236 KB in 394108 files.

261128 KB in 72709 indexes.

0 KB in bad sectors.

593367 KB in use by the system.

65536 KB occupied by the log file.

113941244 KB available on disk.

4096 bytes in each allocation unit.

74929493 total allocation units on disk.

28485311 allocation units available on disk.

Internal Info:

00 4a 07 00 8b 1f 07 00 85 b4 0d 00 00 00 00 00 .J..............

5f 1d 00 00 72 00 00 00 00 00 00 00 00 00 00 00 _...r...........

Windows has finished checking your disk.

Please wait while your computer restarts.

</Data>

</EventData>

</Event>

[TwinHeadedEagle]

Scan with Farbar Recovery Scan Tool

 

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

• Right-click on icon and select Run as Administrator to start the tool.

  (XP users click run after receipt of Windows Security Warning - Open File).

• Make sure that Addition option is checked.
• Press Scan button and wait.
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please upload them into your next reply.

[autoeng12]

Had to break the FRST.txt in two pieces. Too long to post.

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-09-2015 01
Ran by Kelly (administrator) on KELLY-PC (11-09-2015 09:45:14)
Running from C:\Users\Kelly\Desktop
Loaded Profiles: Kelly (Available Profiles: Kelly & DefaultAppPool)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(www.shadowexplorer.com) C:\Program Files (x86)\ShadowExplorer\sesvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Microsoft Corporation) C:\Users\Kelly\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
(Acer Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Fred's Software) C:\Program Files (x86)\PrintKey2000\Printkey2000.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.827.16340.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\MusNotification.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officec2rclient.exe
(Microsoft Corporation) C:\Windows\System32\wermgr.exe
(Microsoft Corporation) C:\Windows\System32\MusNotification.exe
(Microsoft Corporation) C:\Windows\System32\sc.exe
(Microsoft Corporation) C:\Windows\System32\SIHClient.exe
(Microsoft Corporation) C:\Windows\System32\wsqmcons.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe

 

==================== Registry (Whitelisted) ===========================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-09-11] (Egis Technology Inc.)
HKLM\...\Run: [igfxTray] => C:\Windows\system32\igfxtray.exe
HKLM\...\Run: [iAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [823840 2009-09-30] (Acer Incorporated)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3935912 2015-08-15] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-08-13] (Apple Inc.)
HKLM-x32\...\Run: [PlayMovie] => C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe [181480 2009-10-05] (Acer Corp.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1194504 2013-06-02] (Dritek System Inc.)
HKLM-x32\...\Run: [EgisTecLiveUpdate] => C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-04] (Egis Technology Inc.)
HKLM-x32\...\Run: [backupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [261888 2009-09-24] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [ArcadeDeluxeAgent] => C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [419112 2009-10-06] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-05-15] (Apple Inc.)
HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acer Assist Launcher] => C:\Program Files (x86)\Acer\Acer Assist\launcher.exe [1261568 2007-11-19] ()
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-2303037246-652555962-3126454297-1000\...\Run: [spybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-2303037246-652555962-3126454297-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-04-13] (Google Inc.)
HKU\S-1-5-21-2303037246-652555962-3126454297-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-2303037246-652555962-3126454297-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-2303037246-652555962-3126454297-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22344224 2015-07-29] (Google)
HKU\S-1-5-21-2303037246-652555962-3126454297-1000\...\Run: [OneDrive] => C:\Users\Kelly\AppData\Local\Microsoft\OneDrive\OneDrive.exe [382144 2015-08-15] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\psdprotect.dll [2009-09-11] (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\psdprotect.dll [2009-09-11] (Egis Technology Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk [2013-08-18]
ShortcutTarget: Kodak EasyShare software.lnk -> C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Printkey2000.lnk [2013-08-18]
ShortcutTarget: Printkey2000.lnk -> C:\Program Files (x86)\PrintKey2000\Printkey2000.exe (Fred's Software)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{dd7a56c5-ac47-4aef-bcf5-98785d2c316f}: [DhcpNameServer] 192.168.254.254

 

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2303037246-652555962-3126454297-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2303037246-652555962-3126454297-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2303037246-652555962-3126454297-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\S-1-5-21-2303037246-652555962-3126454297-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-17] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-07-14] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-17] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-17] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-17] (Google Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)

 

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-17] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-07-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-29] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll [2013-09-20] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-04-04] (Adobe Systems Inc.)

 

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Web Store) - C:\Users\Kelly\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.823\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\PepperFlash\pepflashplayer.dll ()
CHR Profile: C:\Users\Kelly\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (AdBlock) - C:\Users\Kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-01-25]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-31]

 

==================== Services (Whitelisted) ========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2765496 2015-07-14] (Microsoft Corporation)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [240736 2013-09-05] (WildTangent)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [26112 2015-08-15] (Microsoft Corporation)
S3 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-11] (Egis Technology Inc.)
R2 sesvc; C:\Program Files (x86)\ShadowExplorer\sesvc.exe [9216 2013-01-02] (www.shadowexplorer.com) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [237736 2015-08-15] (Synaptics Incorporated)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [84480 2015-08-15] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [578560 2015-08-15] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)

 

===================== Drivers (Whitelisted) ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R3 MQAC; C:\Windows\System32\drivers\mqac.sys [175104 2015-08-15] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33960 2015-08-15] (Synaptics Incorporated)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
U3 idsvc; no ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2015-09-11 09:43 - 2015-09-11 09:43 - 00016148 _____ C:\WINDOWS\system32\KELLY-PC_Kelly_HistoryPrediction.bin
2015-09-10 22:13 - 2015-09-10 22:26 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2015-09-09 21:26 - 2015-09-09 21:26 - 00031045 _____ C:\Users\Kelly\Desktop\zoek-results.txt
2015-09-09 21:26 - 2015-09-09 21:26 - 00000000 ____D C:\Users\Kelly\AppData\Roaming\Skinux
2015-09-09 21:14 - 2015-09-09 21:14 - 00000000 ____D C:\bc7f80b6082e78fcb8632ce0ae
2015-09-09 21:09 - 2015-09-09 20:41 - 00024064 _____ C:\WINDOWS\zoek-delete.exe
2015-09-09 20:45 - 2015-09-09 21:24 - 00031045 _____ C:\zoek-results.log
2015-09-09 20:41 - 2015-09-09 21:06 - 00000000 ____D C:\zoek_backup
2015-09-09 20:38 - 2015-09-09 20:38 - 01308672 _____ C:\Users\Kelly\Desktop\zoek.exe
2015-09-08 07:11 - 2015-09-08 07:15 - 00059868 _____ C:\Users\Kelly\Downloads\Addition.txt
2015-09-08 07:08 - 2015-09-08 07:15 - 00101690 _____ C:\Users\Kelly\Downloads\FRST.txt
2015-09-08 07:08 - 2015-09-08 07:08 - 02190336 _____ (Farbar) C:\Users\Kelly\Downloads\FRST64.exe
2015-09-07 21:31 - 2015-09-07 21:31 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Kelly\Downloads\mbam-setup-2.1.8.1057.exe
2015-09-07 21:28 - 2015-09-07 21:28 - 00002466 _____ C:\Users\Kelly\Downloads\mbam-log-2015-09-02 (20-51-55).xml
2015-09-02 21:54 - 2015-08-20 02:07 - 08019296 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-09-02 21:54 - 2015-08-20 02:06 - 00609592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-09-02 21:54 - 2015-08-20 02:02 - 22324656 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-09-02 21:54 - 2015-08-20 01:57 - 00077400 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-09-02 21:54 - 2015-08-20 01:26 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2015-09-02 21:54 - 2015-08-20 01:21 - 21875200 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-09-02 21:54 - 2015-08-20 01:21 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2015-09-02 21:54 - 2015-08-20 01:16 - 20857848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-09-02 21:54 - 2015-08-20 01:13 - 02235904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-09-02 21:54 - 2015-08-20 00:31 - 18806272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-09-02 21:54 - 2015-08-18 03:56 - 02498808 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2015-09-02 21:54 - 2015-08-18 03:55 - 00373072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-09-02 21:54 - 2015-08-18 03:54 - 01396064 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-09-02 21:54 - 2015-08-18 03:27 - 01771592 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2015-09-02 21:54 - 2015-08-18 03:24 - 00963920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-09-02 21:54 - 2015-08-18 03:13 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2015-09-02 21:54 - 2015-08-18 03:13 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2015-09-02 21:54 - 2015-08-18 03:12 - 02225664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-09-02 21:54 - 2015-08-18 03:07 - 02226688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2015-09-02 21:54 - 2015-08-18 03:04 - 01234944 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2015-09-02 21:54 - 2015-08-18 03:04 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-09-02 21:54 - 2015-08-18 02:59 - 01294336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcnwiz.dll
2015-09-02 21:54 - 2015-08-18 02:59 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll
2015-09-02 21:54 - 2015-08-18 02:58 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2015-09-02 21:54 - 2015-08-18 02:58 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafWCN.dll
2015-09-02 21:54 - 2015-08-18 02:58 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdWCN.dll
2015-09-02 21:54 - 2015-08-18 02:58 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnNetsh.dll
2015-09-02 21:54 - 2015-08-18 02:57 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2015-09-02 21:54 - 2015-08-18 02:56 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll
2015-09-02 21:54 - 2015-08-18 02:55 - 02178560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-09-02 21:54 - 2015-08-18 02:54 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2015-09-02 21:54 - 2015-08-18 02:54 - 00247296 _____ C:\WINDOWS\system32\facecredentialprovider.dll
2015-09-02 21:54 - 2015-08-18 02:52 - 01888768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-09-02 21:54 - 2015-08-18 02:50 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-09-02 21:54 - 2015-08-18 02:49 - 01061888 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2015-09-02 21:54 - 2015-08-18 02:49 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2015-09-02 21:54 - 2015-08-18 02:49 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2015-09-02 21:54 - 2015-08-18 02:36 - 01226752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wcnwiz.dll
2015-09-02 21:54 - 2015-08-18 02:35 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WcnApi.dll
2015-09-02 21:54 - 2015-08-18 02:35 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdWCN.dll
2015-09-02 21:54 - 2015-08-18 02:34 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2015-09-02 21:54 - 2015-08-18 02:29 - 01593344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-09-02 21:54 - 2015-08-18 02:26 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2015-09-02 21:54 - 2015-08-18 00:44 - 00008847 _____ C:\WINDOWS\system32\ResPriHMImageList
2015-08-29 16:42 - 2015-08-29 16:42 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2015-08-22 15:16 - 2015-08-13 00:33 - 24593408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-08-22 15:15 - 2015-08-13 00:22 - 02093056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2015-08-22 15:15 - 2015-08-13 00:20 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2015-08-22 15:15 - 2015-08-13 00:07 - 19323392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-08-22 15:15 - 2015-08-12 23:53 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2015-08-22 15:15 - 2015-08-11 06:04 - 04532304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-08-22 15:15 - 2015-08-11 06:04 - 02462648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-08-22 15:15 - 2015-08-11 06:04 - 01087296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2015-08-22 15:15 - 2015-08-11 06:03 - 00442208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2015-08-22 15:15 - 2015-08-11 06:02 - 00554744 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2015-08-22 15:15 - 2015-08-11 06:02 - 00292856 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2015-08-22 15:15 - 2015-08-11 06:02 - 00080720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2015-08-22 15:15 - 2015-08-11 05:57 - 03622256 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-08-22 15:15 - 2015-08-11 05:52 - 00993104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2015-08-22 15:15 - 2015-08-11 05:50 - 01643872 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-08-22 15:15 - 2015-08-11 05:40 - 04048808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-08-22 15:15 - 2015-08-11 05:40 - 02151208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2015-08-22 15:15 - 2015-08-11 05:40 - 00918320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2015-08-22 15:15 - 2015-08-11 05:38 - 00454000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2015-08-22 15:15 - 2015-08-11 05:37 - 00243800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2015-08-22 15:15 - 2015-08-11 05:31 - 02880032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-08-22 15:15 - 2015-08-11 05:26 - 00845664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2015-08-22 15:15 - 2015-08-11 05:23 - 16706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-08-22 15:15 - 2015-08-11 05:21 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2015-08-22 15:15 - 2015-08-11 05:21 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
2015-08-22 15:15 - 2015-08-11 05:20 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2015-08-22 15:15 - 2015-08-11 05:19 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2015-08-22 15:15 - 2015-08-11 05:18 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2015-08-22 15:15 - 2015-08-11 05:16 - 02416640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-08-22 15:15 - 2015-08-11 05:14 - 00404480 _____ C:\WINDOWS\system32\diagtrack_wininternal.dll
2015-08-22 15:15 - 2015-08-11 05:13 - 00413184 _____ C:\WINDOWS\system32\diagtrack_win.dll
2015-08-22 15:15 - 2015-08-11 05:11 - 02446336 _____ C:\WINDOWS\system32\InputService.dll
2015-08-22 15:15 - 2015-08-11 05:11 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2015-08-22 15:15 - 2015-08-11 05:10 - 00778752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2015-08-22 15:15 - 2015-08-11 05:10 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-08-22 15:15 - 2015-08-11 05:10 - 00293376 _____ C:\WINDOWS\system32\TextInputFramework.dll
2015-08-22 15:15 - 2015-08-11 05:09 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2015-08-22 15:15 - 2015-08-11 05:08 - 00893440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2015-08-22 15:15 - 2015-08-11 05:08 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2015-08-22 15:15 - 2015-08-11 05:07 - 01178112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2015-08-22 15:15 - 2015-08-11 05:07 - 00593920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-08-22 15:15 - 2015-08-11 05:07 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeParserTask.exe
2015-08-22 15:15 - 2015-08-11 05:06 - 07523328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-08-22 15:15 - 2015-08-11 05:06 - 02662400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2015-08-22 15:15 - 2015-08-11 05:05 - 03527168 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-08-22 15:15 - 2015-08-11 05:05 - 00996352 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-08-22 15:15 - 2015-08-11 05:05 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationGeofences.dll
2015-08-22 15:15 - 2015-08-11 05:05 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2015-08-22 15:15 - 2015-08-11 05:05 - 00137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPermissions.dll
2015-08-22 15:15 - 2015-08-11 05:05 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dll
2015-08-22 15:15 - 2015-08-11 05:03 - 02558976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-08-22 15:15 - 2015-08-11 05:02 - 03588096 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-08-22 15:15 - 2015-08-11 05:02 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2015-08-22 15:15 - 2015-08-11 05:02 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2015-08-22 15:15 - 2015-08-11 05:01 - 01334784 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-08-22 15:15 - 2015-08-11 05:00 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-08-22 15:15 - 2015-08-11 05:00 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncutil.dll
2015-08-22 15:15 - 2015-08-11 04:59 - 01106432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2015-08-22 15:15 - 2015-08-11 04:59 - 00642560 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdbui.dll
2015-08-22 15:15 - 2015-08-11 04:59 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2015-08-22 15:15 - 2015-08-11 04:59 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tetheringclient.dll
2015-08-22 15:15 - 2015-08-11 04:58 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2015-08-22 15:15 - 2015-08-11 04:57 - 13024768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-08-22 15:15 - 2015-08-11 04:57 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2015-08-22 15:15 - 2015-08-11 04:51 - 01916928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-08-22 15:15 - 2015-08-11 04:51 - 01823232 _____ C:\WINDOWS\SysWOW64\InputService.dll
2015-08-22 15:15 - 2015-08-11 04:50 - 00420352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2015-08-22 15:15 - 2015-08-11 04:50 - 00200704 _____ C:\WINDOWS\SysWOW64\TextInputFramework.dll
2015-08-22 15:15 - 2015-08-11 04:50 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2015-08-22 15:15 - 2015-08-11 04:49 - 00586752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2015-08-22 15:15 - 2015-08-11 04:49 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-08-22 15:15 - 2015-08-11 04:48 - 00671232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2015-08-22 15:15 - 2015-08-11 04:47 - 00448512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2015-08-22 15:15 - 2015-08-11 04:45 - 01820672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2015-08-22 15:15 - 2015-08-11 04:43 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-08-22 15:15 - 2015-08-11 04:42 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2015-08-22 15:15 - 2015-08-11 04:40 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-08-22 15:15 - 2015-08-11 04:40 - 01112064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-08-22 15:15 - 2015-08-11 04:39 - 00280576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-08-22 15:15 - 2015-08-11 04:38 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReInfo.dll
2015-08-18 17:11 - 2015-08-18 17:11 - 00001826 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-08-18 17:11 - 2015-08-18 17:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-08-18 17:11 - 2015-08-18 17:11 - 00000000 ____D C:\Program Files\iPod
2015-08-18 17:11 - 2015-08-18 17:11 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-08-18 17:10 - 2015-08-18 17:11 - 00000000 ____D C:\Program Files\iTunes
2015-08-16 21:23 - 2015-08-16 21:23 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2015-08-15 14:34 - 2015-08-15 11:29 - 00000000 ___DC C:\WINDOWS\Panther
2015-08-15 14:29 - 2015-08-15 14:29 - 00000000 ____D C:\Windows.old
2015-08-15 14:28 - 2015-08-15 14:28 - 01561872 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2015-08-15 14:28 - 2015-08-15 14:28 - 01356368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2015-08-15 14:28 - 2015-08-15 14:28 - 01043968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll
2015-08-15 14:28 - 2015-08-15 14:28 - 00896144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2015-08-15 14:28 - 2015-08-15 14:28 - 00877016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2015-08-15 14:28 - 2015-08-15 14:28 - 00713312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2015-08-15 14:28 - 2015-08-15 14:28 - 00569344 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2015-08-15 14:28 - 2015-08-15 14:28 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2015-08-15 14:28 - 2015-08-15 14:28 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2015-08-15 14:28 - 2015-08-15 14:28 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2015-08-15 14:27 - 2015-08-15 14:28 - 00644128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 14241792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 12589056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 12503552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 11557888 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 11262464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 09889792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 08613200 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 07569408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 07051264 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 06878256 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 06488312 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 06305792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 06101504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 05118024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 05076480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 04791296 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 04760576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 04611584 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 04398080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 04350464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 04169728 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 03780096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 03687936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 03579904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 03443200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 03362816 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 03248640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 02741760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 02646528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 02606080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 02415104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 02207744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 02147080 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 02116448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2015-08-15 14:27 - 2015-08-15 14:27 - 02112512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 01985024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 01983840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2015-08-15 14:27 - 2015-08-15 14:27 - 01867160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 01822280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 01773056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 01714176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 01679360 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 01611264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 01601536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 01591856 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 01562968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 01533496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 01521664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 01420288 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 01418240 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2015-08-15 14:27 - 2015-08-15 14:27 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 01411072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Editing.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 01383424 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-08-15 14:27 - 2015-08-15 14:27 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 01365072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 01294352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-08-15 14:27 - 2015-08-15 14:27 - 01290752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 01274880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 01212416 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 01203200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 01203200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 01201664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 01200400 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 01169408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 01168736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-08-15 14:27 - 2015-08-15 14:27 - 01162240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 01135312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2015-08-15 14:27 - 2015-08-15 14:27 - 01123400 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-08-15 14:27 - 2015-08-15 14:27 - 01101792 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 01067520 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 01043872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 01031680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorDataService.exe
2015-08-15 14:27 - 2015-08-15 14:27 - 01025840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 01018568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-08-15 14:27 - 2015-08-15 14:27 - 01008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2015-08-15 14:27 - 2015-08-15 14:27 - 00966424 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00934752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2015-08-15 14:27 - 2015-08-15 14:27 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00902656 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2015-08-15 14:27 - 2015-08-15 14:27 - 00898560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00872448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00869376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00858408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-08-15 14:27 - 2015-08-15 14:27 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00850432 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00841728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Import.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00832512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00823336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00816576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfuimanager.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00808856 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00801632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2015-08-15 14:27 - 2015-08-15 14:27 - 00799232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpccpl.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00783872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll

 

[autoeng12]

The rest of FRST.txt

 

 

2015-08-15 14:27 - 2015-08-15 14:27 - 00783112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00762896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00754688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctfuimanager.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00750592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2015-08-15 14:27 - 2015-08-15 14:27 - 00705520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00700256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2015-08-15 14:27 - 2015-08-15 14:27 - 00695136 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2015-08-15 14:27 - 2015-08-15 14:27 - 00680448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00679424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppContracts.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00677888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00670208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00658568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00654848 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00632168 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00630160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00608936 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-08-15 14:27 - 2015-08-15 14:27 - 00601344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-08-15 14:27 - 2015-08-15 14:27 - 00599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00594472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00589824 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efscore.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00583128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00578048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-08-15 14:27 - 2015-08-15 14:27 - 00575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Import.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.Desktop.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00565088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2015-08-15 14:27 - 2015-08-15 14:27 - 00542720 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00539728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-08-15 14:27 - 2015-08-15 14:27 - 00527952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00521568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2015-08-15 14:27 - 2015-08-15 14:27 - 00521216 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00518144 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00516960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-08-15 14:27 - 2015-08-15 14:27 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00507696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00505696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2015-08-15 14:27 - 2015-08-15 14:27 - 00505344 _____ C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00501008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00498016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2015-08-15 14:27 - 2015-08-15 14:27 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00487424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00485888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00473088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00445240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppContracts.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00437248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00430592 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcomapi.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00425824 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00421888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00416256 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2015-08-15 14:27 - 2015-08-15 14:27 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00407616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00393568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2015-08-15 14:27 - 2015-08-15 14:27 - 00384000 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00373248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00366592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00365056 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00343040 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2015-08-15 14:27 - 2015-08-15 14:27 - 00335360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00335248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00333168 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00325984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2015-08-15 14:27 - 2015-08-15 14:27 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00317440 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV2.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00303616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemcpl.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00290312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2015-08-15 14:27 - 2015-08-15 14:27 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00285632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00283648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\systemcpl.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NotificationObjFactory.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00265480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00263168 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenter.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_UserAccount.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00252768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00251392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00243248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00242176 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00237392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdyboost.sys
2015-08-15 14:27 - 2015-08-15 14:27 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicesFlowBroker.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00217088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe
2015-08-15 14:27 - 2015-08-15 14:27 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe
2015-08-15 14:27 - 2015-08-15 14:27 - 00208736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\srumsvc.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe
2015-08-15 14:27 - 2015-08-15 14:27 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\OmaDmAgent.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00200528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys
2015-08-15 14:27 - 2015-08-15 14:27 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModelShim.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00191488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReInfo.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00181088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_SignInOptions.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\coredpus.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00179200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srumsvc.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2015-08-15 14:27 - 2015-08-15 14:27 - 00171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Privacy.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tunnel.sys
2015-08-15 14:27 - 2015-08-15 14:27 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TabSvc.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2015-08-15 14:27 - 2015-08-15 14:27 - 00137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2015-08-15 14:27 - 2015-08-15 14:27 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkStatus.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00102752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2015-08-15 14:27 - 2015-08-15 14:27 - 00097128 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcd.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\spbcd.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00082616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcd.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.V2.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\setbcdlocale.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spbcd.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.ProxyStub.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2015-08-15 14:27 - 2015-08-15 14:27 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
2015-08-15 14:27 - 2015-08-15 14:27 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2015-08-15 14:27 - 2015-08-15 14:27 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\unenrollhook.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00061280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2015-08-15 14:27 - 2015-08-15 14:27 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.OneCore.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe
2015-08-15 14:27 - 2015-08-15 14:27 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.PAL.Desktop.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2015-08-15 14:27 - 2015-08-15 14:27 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmprc.exe
2015-08-15 14:27 - 2015-08-15 14:27 - 00052264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wpcfltr.sys
2015-08-15 14:27 - 2015-08-15 14:27 - 00046432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpiowin32.sys
2015-08-15 14:27 - 2015-08-15 14:27 - 00046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2015-08-15 14:27 - 2015-08-15 14:27 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hmkd.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\VoiceActivationManager.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VoiceActivationManager.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00032768 _____ C:\WINDOWS\system32\LicenseManagerApi.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\calc.exe
2015-08-15 14:27 - 2015-08-15 14:27 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\calc.exe
2015-08-15 14:27 - 2015-08-15 14:27 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2015-08-15 14:22 - 2015-08-15 14:22 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2015-08-15 14:17 - 2015-08-15 14:17 - 00000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2015-08-15 14:17 - 2015-08-15 14:17 - 00000000 ____D C:\WINDOWS\system32\msmq
2015-08-15 14:17 - 2015-08-15 14:17 - 00000000 ____D C:\WINDOWS\system32\BestPractices
2015-08-15 14:17 - 2015-08-15 14:17 - 00000000 ____D C:\Program Files\Reference Assemblies
2015-08-15 14:17 - 2015-08-15 14:17 - 00000000 ____D C:\Program Files\MSBuild
2015-08-15 14:17 - 2015-08-15 14:17 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2015-08-15 14:17 - 2015-08-15 14:17 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-08-15 14:17 - 2015-08-15 14:17 - 00000000 ____D C:\inetpub
2015-08-15 14:16 - 2015-06-17 22:10 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2015-08-15 14:16 - 2015-06-17 22:10 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-15 14:16 - 2015-06-17 22:10 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-08-15 14:16 - 2015-05-30 01:07 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2015-08-15 14:16 - 2015-05-30 01:07 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-15 14:16 - 2015-05-30 01:07 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2015-08-15 11:41 - 2015-08-15 11:41 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2015-08-15 11:41 - 2015-08-15 11:41 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2015-08-15 11:41 - 2015-08-15 11:39 - 00033960 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_Intel.sys
2015-08-15 11:39 - 2015-08-15 11:39 - 01795952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01011.dll
2015-08-15 11:39 - 2015-08-15 11:39 - 00410792 _____ (Synaptics Incorporated) C:\WINDOWS\SysWOW64\SynCom.dll
2015-08-15 11:39 - 2015-08-15 11:39 - 00246952 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPCo31.dll
2015-08-15 11:39 - 2015-08-15 11:39 - 00231456 _____ C:\WINDOWS\system32\pca-manta.bin
2015-08-15 11:39 - 2015-08-15 11:39 - 00033960 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_Intel_Aux.sys
2015-08-15 11:39 - 2015-08-15 11:39 - 00033448 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_AMDASF_Aux.sys
2015-08-15 11:39 - 2015-08-15 11:39 - 00000092 _____ C:\WINDOWS\system32\calibration.bin
2015-08-15 11:38 - 2015-08-15 11:38 - 00002376 _____ C:\Users\Kelly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-08-15 11:38 - 2015-08-15 11:38 - 00000000 ___RD C:\Users\Kelly\OneDrive
2015-08-15 11:37 - 2015-08-15 11:39 - 00000000 ____D C:\Users\Kelly\AppData\Local\MicrosoftEdge
2015-08-15 11:36 - 2015-08-15 11:36 - 00000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2015-08-15 11:36 - 2015-08-15 11:36 - 00000000 ____D C:\Users\DefaultAppPool
2015-08-15 11:36 - 2015-08-15 11:01 - 00000000 ___RD C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-15 11:36 - 2015-08-15 11:01 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Local\Microsoft Help
2015-08-15 11:36 - 2015-08-15 11:01 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Local\Google
2015-08-15 11:36 - 2015-07-10 07:04 - 00000000 __RSD C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2015-08-15 11:36 - 2015-07-10 07:04 - 00000000 ___RD C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-15 11:36 - 2015-07-10 07:04 - 00000000 ___RD C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-08-15 11:36 - 2015-07-10 07:04 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-08-15 11:35 - 2015-08-15 11:35 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2015-08-15 11:31 - 2015-08-15 11:31 - 00000000 ____D C:\Users\Kelly\AppData\Local\Publishers
2015-08-15 11:29 - 2015-08-22 17:38 - 00000000 ____D C:\Users\Kelly\AppData\Local\Packages
2015-08-15 11:29 - 2015-08-15 11:29 - 00000020 ___SH C:\Users\Kelly\ntuser.ini
2015-08-15 11:29 - 2015-08-15 11:29 - 00000000 ____D C:\Users\Kelly\AppData\Local\TileDataLayer
2015-08-15 11:20 - 2015-08-15 11:20 - 00000000 __SHD C:\Recovery
2015-08-15 11:18 - 2015-08-15 11:18 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat
2015-08-15 11:17 - 2015-09-07 22:51 - 00002264 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-15 11:09 - 2015-07-10 06:59 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2015-08-15 11:01 - 2015-08-15 11:01 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-08-15 11:01 - 2015-08-15 11:01 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2015-08-15 11:01 - 2015-08-15 11:01 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2015-08-15 11:01 - 2015-08-15 11:01 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2015-08-15 11:01 - 2015-08-15 11:01 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2015-08-15 10:49 - 2015-08-15 10:49 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines
2015-08-15 10:44 - 2015-08-30 12:23 - 00000000 ____D C:\Users\Kelly
2015-08-15 10:44 - 2015-08-15 11:29 - 00000000 ___RD C:\Users\Kelly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-15 10:44 - 2015-07-10 07:04 - 00000000 __RSD C:\Users\Kelly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2015-08-15 10:44 - 2015-07-10 07:04 - 00000000 ___RD C:\Users\Kelly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-15 10:44 - 2015-07-10 07:04 - 00000000 ___RD C:\Users\Kelly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-08-15 10:44 - 2015-07-10 07:04 - 00000000 ____D C:\Users\Kelly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-08-15 10:42 - 2015-08-15 12:21 - 01005534 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-08-15 10:42 - 2015-08-15 10:43 - 00021209 _____ C:\WINDOWS\iis.log
2015-08-15 10:42 - 2015-08-15 10:42 - 00961296 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2015-08-15 10:40 - 2015-08-15 10:40 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2015-08-15 10:40 - 2015-08-15 10:40 - 00000000 ____D C:\WINDOWS\system32\DAX2
2015-08-15 10:39 - 2015-08-15 10:39 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01009.Wdf
2015-08-15 10:39 - 2015-08-15 10:39 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2015-08-15 10:39 - 2015-08-15 10:39 - 00000000 ____D C:\Program Files\Synaptics
2015-08-15 10:39 - 2015-08-15 10:39 - 00000000 ____D C:\Program Files\Realtek
2015-08-15 10:39 - 2015-08-15 10:39 - 00000000 ____D C:\Program Files\LSI SoftModem
2015-08-15 10:36 - 2015-08-15 10:37 - 00025623 _____ C:\WINDOWS\system32\NetSetupMig.log
2015-08-15 10:35 - 2015-09-09 21:22 - 00007966 _____ C:\WINDOWS\PFRO.log
2015-08-15 09:53 - 2015-08-15 11:18 - 00006639 _____ C:\WINDOWS\comsetup.log
2015-08-15 09:50 - 2015-08-15 11:19 - 00010449 _____ C:\WINDOWS\diagerr.xml
2015-08-15 09:50 - 2015-08-15 11:19 - 00009528 _____ C:\WINDOWS\diagwrn.xml
2015-08-14 13:47 - 2015-08-14 13:47 - 00000000 ____D C:\Users\Kelly\AppData\Local\GWX
2015-08-13 23:11 - 2013-10-01 22:11 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsUsbRedirectionGroupPolicyControl.exe
2015-08-13 19:00 - 2015-08-13 19:01 - 00000000 ____D C:\098cb1eb87c1097aa553

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2015-09-11 09:47 - 2015-07-10 06:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-09-11 09:46 - 2009-11-05 00:57 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-09-11 09:45 - 2014-05-14 16:50 - 00020772 _____ C:\Users\Kelly\Desktop\FRST.txt
2015-09-11 09:45 - 2014-05-14 16:50 - 00000000 ____D C:\FRST
2015-09-11 09:44 - 2014-10-14 20:23 - 00000000 ____D C:\Users\Kelly\Desktop\FRST-OlderVersion
2015-09-11 09:44 - 2014-05-14 16:49 - 02190848 _____ (Farbar) C:\Users\Kelly\Desktop\FRST64.exe
2015-09-11 09:42 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\sru
2015-09-10 23:00 - 2015-07-10 08:22 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-10 22:51 - 2013-10-11 10:24 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-10 22:31 - 2013-10-11 10:24 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-10 22:29 - 2015-07-10 08:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-09-10 22:29 - 2015-07-10 05:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-09-09 22:14 - 2013-08-18 20:26 - 00000000 ____D C:\WINDOWS\pss
2015-09-09 22:12 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\rescache
2015-09-09 21:17 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-09-09 21:17 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-09-09 21:15 - 2013-08-04 11:33 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-09-09 20:52 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-09-08 07:02 - 2014-07-10 20:01 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-09-07 21:33 - 2014-07-10 20:01 - 00001175 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-09-07 21:33 - 2014-07-10 20:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-09-07 21:33 - 2014-07-10 20:01 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-08-29 16:42 - 2015-07-10 08:20 - 00021495 _____ C:\WINDOWS\setupact.log
2015-08-29 09:46 - 2013-10-11 10:24 - 00003982 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-29 09:46 - 2013-10-11 10:24 - 00003750 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-26 18:37 - 2010-08-14 23:48 - 134753440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-08-23 03:30 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2015-08-22 16:15 - 2010-11-06 23:46 - 00000000 ____D C:\Users\Kelly\AppData\Local\Vivitar Experience Image Manager
2015-08-22 16:15 - 2010-08-03 06:10 - 00000000 ____D C:\Users\Kelly\AppData\Local\VirtualStore
2015-08-22 16:13 - 2010-08-21 12:25 - 00000000 ____D C:\Users\Kelly\AppData\Local\Apple Computer
2015-08-22 16:13 - 2010-08-03 06:15 - 00000000 ____D C:\Users\Kelly\AppData\Local\Google
2015-08-22 16:12 - 2014-01-30 22:42 - 00000000 ___RD C:\Users\Kelly\Google Drive
2015-08-22 16:03 - 2010-10-15 18:57 - 00000000 ____D C:\Users\Kelly\AppData\Roaming\YoudaGames
2015-08-22 15:59 - 2012-08-15 21:02 - 00000000 ____D C:\Users\Kelly\AppData\Roaming\Skype
2015-08-22 15:59 - 2011-12-04 16:07 - 00000000 ____D C:\Users\Kelly\AppData\Roaming\DVD Catalyst 4
2015-08-22 15:59 - 2011-12-02 14:39 - 00000000 ____D C:\Users\Kelly\AppData\Roaming\HandBrake
2015-08-22 15:58 - 2013-06-20 21:42 - 00000000 ____D C:\Users\Kelly\AppData\Roaming\Azureus
2015-08-22 15:48 - 2014-04-10 19:46 - 00000000 ____D C:\Users\Kelly\AppData\Roaming\1D Solutions
2015-08-22 15:48 - 2010-12-21 20:43 - 00000000 ____D C:\Users\Kelly\AppData\Roaming\Amazon
2015-08-22 15:48 - 2010-08-21 12:25 - 00000000 ____D C:\Users\Kelly\AppData\Roaming\Apple Computer
2015-08-22 15:48 - 2010-08-03 06:25 - 00000000 ____D C:\Users\Kelly\AppData\Roaming\Adobe
2015-08-22 15:45 - 2010-09-25 21:52 - 00000000 ____D C:\ProgramData\Kodak
2015-08-22 15:45 - 2010-09-25 12:37 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-08-22 15:42 - 2011-12-08 21:46 - 00000000 ____D C:\ProgramData\Freemake
2015-08-22 15:42 - 2010-09-03 19:28 - 00000000 ___HD C:\ProgramData\CanonBJ
2015-08-22 15:07 - 2013-03-18 21:00 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-08-22 14:50 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\restore
2015-08-19 18:24 - 2014-01-30 22:40 - 00002119 _____ C:\Users\Public\Desktop\Google Slides.lnk
2015-08-19 18:24 - 2014-01-30 22:40 - 00002117 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2015-08-19 18:24 - 2014-01-30 22:40 - 00002107 _____ C:\Users\Public\Desktop\Google Docs.lnk
2015-08-19 18:24 - 2014-01-30 22:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-08-18 17:11 - 2010-08-21 12:23 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-08-18 17:10 - 2015-05-02 11:55 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-08-16 17:35 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\appcompat
2015-08-15 14:34 - 2015-07-10 07:04 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2015-08-15 14:29 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2015-08-15 14:29 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2015-08-15 14:29 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\Provisioning
2015-08-15 14:29 - 2015-07-10 05:05 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2015-08-15 14:29 - 2015-07-10 05:05 - 00000000 ____D C:\WINDOWS\system32\Dism
2015-08-15 14:17 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2015-08-15 14:17 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2015-08-15 14:17 - 2015-07-10 07:01 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqsnap.dll
2015-08-15 14:17 - 2015-07-10 07:01 - 00562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqutil.dll
2015-08-15 14:17 - 2015-07-10 07:01 - 00265728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.dll
2015-08-15 14:17 - 2015-07-10 07:01 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
2015-08-15 14:17 - 2015-07-10 07:01 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqrt.dll
2015-08-15 14:17 - 2015-07-10 07:01 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.tlb
2015-08-15 14:17 - 2015-07-10 07:01 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa30.tlb
2015-08-15 14:17 - 2015-07-10 07:01 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa20.tlb
2015-08-15 14:17 - 2015-07-10 07:01 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
2015-08-15 14:17 - 2015-07-10 07:01 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa10.tlb
2015-08-15 14:17 - 2015-07-10 07:01 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
2015-08-15 14:17 - 2015-07-10 07:01 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
2015-08-15 14:17 - 2015-07-10 07:01 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqcertui.dll
2015-08-15 14:17 - 2015-07-10 07:01 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
2015-08-15 14:17 - 2015-07-10 07:01 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
2015-08-15 14:17 - 2015-07-10 07:01 - 00009096 _____ C:\WINDOWS\SysWOW64\msmqtrc.mof
2015-08-15 14:17 - 2015-07-10 07:00 - 01417728 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqqm.dll
2015-08-15 14:17 - 2015-07-10 07:00 - 00813056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsnap.dll
2015-08-15 14:17 - 2015-07-10 07:00 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqutil.dll
2015-08-15 14:17 - 2015-07-10 07:00 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.dll
2015-08-15 14:17 - 2015-07-10 07:00 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqrt.dll
2015-08-15 14:17 - 2015-07-10 07:00 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
2015-08-15 14:17 - 2015-07-10 07:00 - 00175104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mqac.sys
2015-08-15 14:17 - 2015-07-10 07:00 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqlogmgr.dll
2015-08-15 14:17 - 2015-07-10 07:00 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.tlb
2015-08-15 14:17 - 2015-07-10 07:00 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa30.tlb
2015-08-15 14:17 - 2015-07-10 07:00 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa20.tlb
2015-08-15 14:17 - 2015-07-10 07:00 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2015-08-15 14:17 - 2015-07-10 07:00 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
2015-08-15 14:17 - 2015-07-10 07:00 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqbkup.exe
2015-08-15 14:17 - 2015-07-10 07:00 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa10.tlb
2015-08-15 14:17 - 2015-07-10 07:00 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsvc.exe
2015-08-15 14:17 - 2015-07-10 07:00 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqcertui.dll
2015-08-15 14:17 - 2015-07-10 07:00 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2015-08-15 14:17 - 2015-07-10 07:00 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2015-08-15 14:17 - 2015-07-10 07:00 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2015-08-15 14:17 - 2015-07-10 07:00 - 00009096 _____ C:\WINDOWS\system32\msmqtrc.mof
2015-08-15 12:13 - 2015-07-10 08:20 - 00341856 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-08-15 11:39 - 2009-06-18 20:12 - 00606376 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\SynTP.sys
2015-08-15 11:39 - 2009-06-18 20:10 - 00755880 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynCOM.dll
2015-08-15 11:39 - 2009-06-18 20:10 - 00260264 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPAPI.dll
2015-08-15 11:30 - 2015-07-10 07:04 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2015-08-15 11:30 - 2015-07-10 07:04 - 00000000 ___RD C:\WINDOWS\PrintDialog
2015-08-15 11:30 - 2015-07-10 07:04 - 00000000 ___RD C:\WINDOWS\MiracastView
2015-08-15 11:30 - 2015-07-10 07:04 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-08-15 11:18 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\Registration
2015-08-15 11:18 - 2014-04-10 19:47 - 00003110 _____ C:\WINDOWS\System32\Tasks\{9C30D5F4-2DFA-454B-9079-396B60C08921}
2015-08-15 11:17 - 2015-07-10 07:04 - 00000000 __RSD C:\WINDOWS\Media
2015-08-15 11:17 - 2015-07-10 07:04 - 00000000 __RHD C:\Users\Public\Libraries
2015-08-15 11:14 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\spool
2015-08-15 11:05 - 2015-07-10 09:14 - 00000000 ____D C:\WINDOWS\ShellNew
2015-08-15 11:05 - 2015-07-10 07:04 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-15 11:05 - 2015-07-10 05:05 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2015-08-15 11:05 - 2015-05-23 11:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2015-08-15 11:05 - 2015-05-23 11:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-08-15 11:05 - 2014-12-31 14:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-15 11:05 - 2014-12-02 22:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-08-15 11:05 - 2014-10-30 21:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShadowExplorer
2015-08-15 11:05 - 2014-10-28 11:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-08-15 11:05 - 2014-04-10 19:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\1D Solutions
2015-08-15 11:05 - 2014-01-08 21:01 - 00000000 ____D C:\Users\Kelly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
2015-08-15 11:05 - 2013-05-23 09:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PS3 Media Server
2015-08-15 11:05 - 2013-03-18 21:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-08-15 11:05 - 2013-03-14 22:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-15 11:05 - 2011-12-08 21:46 - 00000000 ____D C:\Users\Kelly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2015-08-15 11:05 - 2011-12-08 21:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
2015-08-15 11:05 - 2011-12-04 16:07 - 00000000 ____D C:\Users\Kelly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DVD Catalyst
2015-08-15 11:05 - 2011-12-02 14:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Handbrake
2015-08-15 11:05 - 2011-12-02 14:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Shrink
2015-08-15 11:05 - 2011-09-11 11:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2015-08-15 11:05 - 2010-11-06 23:46 - 00000000 ____D C:\Users\Kelly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vivitar Experience Image Manager
2015-08-15 11:05 - 2010-11-06 23:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
2015-08-15 11:05 - 2010-11-06 23:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow
2015-08-15 11:05 - 2010-09-25 12:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
2015-08-15 11:05 - 2010-08-29 20:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintKey2000
2015-08-15 11:05 - 2010-03-08 08:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works
2015-08-15 11:05 - 2010-03-08 08:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2015-08-15 11:05 - 2010-03-08 08:35 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Arcade Deluxe
2015-08-15 11:05 - 2010-03-08 08:33 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Launch Manager
2015-08-15 11:05 - 2009-11-05 01:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Backup Manager
2015-08-15 11:05 - 2009-11-05 01:01 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-08-15 11:05 - 2009-11-05 00:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® Matrix Storage Manager
2015-08-15 11:05 - 2009-10-28 13:36 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2015-08-15 11:05 - 2009-10-28 13:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GridVista
2015-08-15 11:05 - 2009-10-28 13:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NTI Backup Now 5
2015-08-15 11:05 - 2009-10-28 13:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NTI Media Maker 8
2015-08-15 11:05 - 2009-10-28 13:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AcerSystem
2015-08-15 11:05 - 2009-07-14 01:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-08-15 11:01 - 2015-07-10 07:05 - 00004362 _____ C:\WINDOWS\DtcInstall.log
2015-08-15 11:01 - 2015-07-10 07:04 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-15 11:01 - 2015-07-10 07:04 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-15 11:01 - 2009-07-13 23:20 - 00000000 ____D C:\Users\Default.migrated
2015-08-15 10:52 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\SysWOW64\zh-HK
2015-08-15 10:52 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\SysWOW64\tr-TR
2015-08-15 10:52 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2015-08-15 10:52 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2015-08-15 10:52 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2015-08-15 10:52 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\zh-HK
2015-08-15 10:52 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\tr-TR
2015-08-15 10:52 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-08-15 10:52 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\IME
2015-08-15 10:52 - 2011-06-26 12:05 - 00000000 ____D C:\WINDOWS\system32\SPReview
2015-08-15 10:52 - 2011-06-26 12:04 - 00000000 ____D C:\WINDOWS\system32\EventProviders
2015-08-15 10:52 - 2010-08-06 22:11 - 00000000 ____D C:\WINDOWS\SysWOW64\Adobe
2015-08-15 10:52 - 2010-03-08 08:29 - 00000000 ____D C:\WINDOWS\SysWOW64\x64
2015-08-15 10:52 - 2010-03-08 08:29 - 00000000 ____D C:\WINDOWS\SysWOW64\Lang
2015-08-15 10:50 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\schemas
2015-08-15 10:50 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-08-15 10:50 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-08-15 10:50 - 2015-04-16 19:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-08-15 10:50 - 2014-06-20 23:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digiarty
2015-08-15 10:50 - 2011-11-19 21:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aiseesoft
2015-08-15 10:50 - 2010-12-21 20:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon
2015-08-15 10:50 - 2010-12-09 21:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iSkysoft
2015-08-15 10:50 - 2010-09-25 21:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodak
2015-08-15 10:50 - 2009-11-05 01:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EgisTec
2015-08-15 10:50 - 2009-10-28 14:00 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-08-15 10:49 - 2015-07-10 07:04 - 00000000 __SHD C:\Program Files\Windows Sidebar
2015-08-15 10:49 - 2015-07-10 07:04 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2015-08-15 10:49 - 2015-07-10 07:04 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-08-15 10:49 - 2009-10-28 13:36 - 00000000 ____D C:\Program Files (x86)\Acer
2015-08-15 10:49 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\Microsoft Games
2015-08-15 10:49 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\DVD Maker
2015-08-15 10:48 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\Recovery
2015-08-15 10:47 - 2015-03-22 12:18 - 00000000 ____D C:\Users\Kelly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2015-08-15 10:47 - 2013-08-19 20:21 - 00000000 ____D C:\Users\Kelly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Acer
2015-08-15 10:42 - 2015-07-10 05:05 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-08-15 10:35 - 2015-07-10 05:05 - 00000000 __RHD C:\Users\Default
2015-08-15 10:04 - 2009-07-14 00:45 - 00025840 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-15 10:04 - 2009-07-14 00:45 - 00025840 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-15 10:03 - 2010-03-08 08:29 - 01362846 _____ C:\WINDOWS\WindowsUpdate (1).log
2015-08-15 09:50 - 2015-07-10 09:39 - 00000000 ___HD C:\$Windows.~BT
2015-08-13 19:45 - 2013-03-25 18:41 - 00000000 ____D C:\Users\Kelly\Downloads\Man Of Purpose
2015-08-13 19:45 - 2013-03-02 06:42 - 00000000 ____D C:\Users\Kelly\Downloads\Power Of Purpose
2015-08-13 19:45 - 2011-12-04 15:33 - 00000000 ____D C:\Users\Kelly\dc4.0rt
2015-08-13 19:36 - 2014-04-16 20:12 - 00000000 ____D C:\Users\Kelly\Desktop\Pics
2015-08-13 19:36 - 2013-11-13 20:01 - 00000000 ____D C:\Users\Kelly\Desktop\References
2015-08-13 19:36 - 2011-11-09 20:43 - 00000000 __RSD C:\Users\Kelly\Documents\My Stationery
2015-08-13 19:03 - 2013-03-14 22:33 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-13 19:03 - 2013-03-14 22:33 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight

 

==================== Files in the root of some directories =======

 

2011-09-23 21:17 - 2011-09-23 21:17 - 0000000 _____ () C:\Users\Kelly\AppData\Roaming\wklnhst.dat
2014-01-28 18:01 - 2014-01-28 18:01 - 0004608 _____ () C:\Users\Kelly\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-02 22:32 - 2014-12-02 22:32 - 0000057 _____ () C:\ProgramData\Ament.ini
2010-03-08 08:33 - 2010-03-08 08:36 - 0007830 _____ () C:\ProgramData\ArcadeDeluxe3.log
2015-08-15 10:40 - 2015-08-15 10:40 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2012-10-22 21:01 - 2012-10-22 21:01 - 0000024 _____ () C:\ProgramData\RNowSvc.ini

 

==================== Bamital & volsnap =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

 

LastRegBack: 2015-09-07 22:53

 

==================== End of FRST.txt ============================

​

[autoeng12]

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:10-09-2015 01
Ran by Kelly (2015-09-11 09:50:23)
Running from C:\Users\Kelly\Desktop
Windows 10 Home (X64) (2015-08-15 15:29:06)
Boot Mode: Normal
==========================================================

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-2303037246-652555962-3126454297-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2303037246-652555962-3126454297-503 - Limited - Disabled)
Guest (S-1-5-21-2303037246-652555962-3126454297-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2303037246-652555962-3126454297-1002 - Limited - Enabled)
Kelly (S-1-5-21-2303037246-652555962-3126454297-1000 - Administrator - Enabled) => C:\Users\Kelly

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

18 Wheels of Steel - American Long Haul (x32 Version: 2.2.0.82 - WildTangent) Hidden
1DNest - Single License (HKLM-x32\...\1DNest - Single License) (Version:  - )
Acer Arcade Deluxe (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 3.0.7006 - CyberLink Corp.)
Acer Arcade Deluxe (x32 Version: 3.0.7006 - CyberLink Corp.) Hidden
Acer Assist (HKLM-x32\...\Acer Assist) (Version:  - Acer Incorporated)
Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.29 - NewTech Infosystems)
Acer Crystal Eye webcam Ver:1.1.124.1120 (HKLM-x32\...\{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}) (Version: 1.1.124.1120 - Chicony Electronics Co.,Ltd.)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.05.3004 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3005 - Acer Incorporated)
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.1.5 - WildTangent)
Acer GridVista (HKLM-x32\...\GridVista) (Version: 3.01.0730 - Acer Inc.)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.7.0715 - Acer Incorporated)
Acer System Information (HKLM-x32\...\{72199E33-4F2A-4B7F-8E25-95DDDD50A678}) (Version: 1.0.0 - Acer)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe Reader X (10.1.3) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.615 - Adobe Systems, Inc.)
Aiseesoft iPhone Transfer Platinum 6.1.22 (HKLM-x32\...\{7C2E211D-4B90-4bc6-BF40-E71A20BF8BE0}_is1) (Version:  - )
Altavista Toolbar (HKLM-x32\...\altavista) (Version:  - )
Amazon Kindle (HKU\S-1-5-21-2303037246-652555962-3126454297-1000\...\Amazon Kindle) (Version:  - Amazon)
Amazon MP3 Downloader 1.0.12 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.12 - Amazon Services LLC)
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
Backup Manager Basic (x32 Version: 2.0.0.29 - NewTech Infosystems) Hidden
Big Rig Europe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Gigabit NetLink Controller (HKLM\...\{96F70DF8-160F-4F9C-9B9E-2A9B439B4EB9}) (Version: 12.26.02 - Broadcom Corporation)
CCScore (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
DVD Catalyst 4.1.2.0 (HKLM-x32\...\DVD Catalyst) (Version: 4.1.2.0 - Tools4Movies)
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version:  - DVD Shrink)
ESSBrwr (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSCDBK (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESScore (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSgui (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSini (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSPCD (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSTOOLS (x32 Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
essvatgt (x32 Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden
ffdshow [rev 2527] [2008-12-19] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )
FitLive 1.2.01 (HKU\S-1-5-21-2303037246-652555962-3126454297-1000\...\{dfc307dd-ab9f-4f7b-844c-a97d6e70cac4}_is1) (Version:  - FittingBox)
Freemake Video Converter version 3.0.0 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 3.0.0 - Ellora Assets Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.85 - Google Inc.)
Google Drive (HKLM-x32\...\{12ADFB82-D5A3-43E4-B2F4-FCD9B690315B}) (Version: 1.24.9931.5480 - Google, Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6710.2136 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.13 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )
HandBrake 0.9.5 (HKLM-x32\...\HandBrake) (Version: 0.9.5 - )
HP Deskjet 2540 series Basic Device Software (HKLM\...\{6A79CD11-0C1C-4E24-A8C6-46A02F680346}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3002 - Acer Incorporated)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1892 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
iSkysoft Video Converter(Build 3.0.2.0) (HKLM-x32\...\iSkysoft Video Converter_is1) (Version:  - iSkysoft Software)
iTunes (HKLM\...\{BFEAB774-C7DC-4032-B05A-DA5F7CB7B365}) (Version: 12.2.2.25 - Apple Inc.)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Kodak EasyShare software (HKLM-x32\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version:  - Eastman Kodak Company)
Launch Manager (HKLM-x32\...\LManager) (Version: 3.0.01 - Acer Inc.)
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.1.94 - LSI Corporation)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4745.1002 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{67E03279-F703-408F-B4BF-46B5FC8D70CD}) (Version: 9.7.0621 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}) (Version: 3.1.8.0 - Apple Inc.)
Monster Trucks Nitro (x32 Version: 2.2.0.82 - WildTangent) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyWinLocker (HKLM-x32\...\{68301905-2DEA-41CE-A4D4-E8B443B099BA}) (Version: 3.1.76.0 - Egis Technology Inc.)
netbrdg (x32 Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.627 - NewTech Infosystems)
NTI Backup Now Standard (x32 Version: 5.1.2.627 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6623 - NewTech Infosystems)
NTI Media Maker 8 (x32 Version: 8.0.12.6623 - NewTech Infosystems) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
OfotoXMI (x32 Version: 8.02.1000.0001 - EASTMAN KODAK Company) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PrintKey2000 (HKLM-x32\...\PrintKey2000) (Version:  - )
PS3 Media Server (HKLM-x32\...\PS3 Media Server) (Version: 1.81.0 - PS3 Media Server)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30093 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SFR (x32 Version: 8.01.0000.0001 - Eastman Kodak Company) Hidden
ShadowExplorer 0.9 (HKLM-x32\...\ShadowExplorer_is1) (Version: 0.9.462.0 - ShadowExplorer.com)
SHASTA (x32 Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
skin0001 (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
SKINXSDK (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Splashtop Streamer (HKLM-x32\...\InstallShield_{2EFEAD58-3311-4B2B-9D8A-8D663581D109}) (Version: 2.0.0.4 - Splashtop Inc.)
Splashtop Streamer (x32 Version: 2.0.0.4 - Splashtop Inc.) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
staticcr (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.13.0 - Synaptics Incorporated)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM-x32\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Vivitar Experience Image Manager (HKLM-x32\...\Vivitar Experience Image Manager) (Version:  - )
VPRINTOL (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.00.3008 - Acer Incorporated)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.10.25 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinX DVD Ripper Platinum 7.5.5 (HKLM-x32\...\WinX DVD Ripper Platinum_is1) (Version:  - Digiarty Software, Inc.)
WIRELESS (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
Youda Survivor (x32 Version: 2.2.0.95 - WildTangent) Hidden

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

CustomCLSID: HKU\S-1-5-21-2303037246-652555962-3126454297-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2303037246-652555962-3126454297-1000_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Kelly\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2303037246-652555962-3126454297-1000_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\Kelly\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2303037246-652555962-3126454297-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Kelly\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2303037246-652555962-3126454297-1000_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Kelly\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2303037246-652555962-3126454297-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Kelly\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2303037246-652555962-3126454297-1000_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\Kelly\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2303037246-652555962-3126454297-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Kelly\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2303037246-652555962-3126454297-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Kelly\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2303037246-652555962-3126454297-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Kelly\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2303037246-652555962-3126454297-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Kelly\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64\FileSyncApi64.dll (Microsoft Corporation)

 

==================== Restore Points =========================

 

22-08-2015 14:50:57 Windows Modules Installer
30-08-2015 20:47:54 Windows Update
07-09-2015 21:10:33 Windows Update
09-09-2015 20:45:35 zoek.exe restore point

 

==================== Hosts content: ===============================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-13 22:34 - 2015-05-31 22:11 - 00000768 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {00EEBA9C-F9EF-4272-B793-C830FBADD359} - System32\Tasks\Microsoft\Windows\ApplicationData\DsSvcCleanup => C:\Windows\system32\dstokenclean.exe [2015-07-10] (Microsoft Corporation)
Task: {0165DD66-61B4-4930-9B2F-E24621D98B24} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {01A6AAD0-8597-4014-884D-50C5BA1F51CA} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {05D0F643-3878-4CBB-AF54-5F191D15C0B3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-05-12] (Microsoft Corporation)
Task: {0CCA7916-2916-4F12-BD32-1E3BE31E1269} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join => C:\Windows\System32\dsregcmd.exe [2015-07-10] (Microsoft Corporation)
Task: {0D0180CC-8D37-40E0-B683-296306207C58} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {0F595BC9-56F8-468D-A63B-FC06F77474FD} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {12CCB7A8-051E-4545-A6BF-1494327B6A95} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {15AD9000-C02A-43FA-B1D2-B0C003497520} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {16D20034-B94F-44A0-A550-539209CC95C4} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {19865544-CE08-40BE-8B8C-87C47681433D} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sihboot => C:\Windows\System32\sihclient.exe [2015-07-10] (Microsoft Corporation)
Task: {1DFE1A72-D9A2-470C-8F56-31DEFA9292F3} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {237D6865-B7DE-4AE5-9B4D-8509FFA6992B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {2B6A7BF2-BAC8-48EA-8965-5BB78F99EFD5} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {2CF2AEE5-E0B1-4DFC-BF8A-F0BD7FBEFF8C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {33C3E9BC-CED6-4DB3-8AB1-02CBA3A6CD4A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-14] (Microsoft Corporation)
Task: {36A6BFF0-7AF5-49B8-B577-F1ABE52749FC} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {3C76A8D5-4DA3-43B7-9271-910E38471DFB} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {3F6E048D-6404-433B-8F5F-CFF4D89BF89E} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Rundll32.exe generaltel.dll,RunTelemetryW
Task: {41160EA0-208B-4C3E-B4DB-805BBABC6B93} - System32\Tasks\Microsoft\Windows\Feedback\Siuf\DmClient => C:\Windows\system32\dmclient.exe [2015-07-10] (Microsoft Corporation)
Task: {4412BA83-0FA2-4794-8C4D-ECD840B3C6F1} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {484C2C09-8DF8-497C-9D4F-F8EABBEF5ABB} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {49196039-89E5-4804-9302-6003F297CE04} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {49E71A09-16AC-468D-A1EA-BDB52612C242} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {4C5BF42A-8957-4E84-B20F-C0F094C3D971} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {4FC05FBB-8E8C-494D-9620-15F3CB0D2FEA} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {507F99D9-6945-4B27-93F5-D6444C740351} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5541BAA2-37E1-4CBE-B795-729D1B31A97C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {580F54BF-BF3A-46B2-B911-0D2842DB2C8F} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {64A6C7E9-EDB5-44B3-870B-D4AB4F7BBF7B} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {73551810-E5F4-433E-9494-0D00B55C855E} - System32\Tasks\Microsoft\Windows\Maps\MapsToastTask
Task: {74A726EA-526D-4EE6-A5DB-647BD2A6EB9E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-14] (Microsoft Corporation)
Task: {78785BEA-193D-4043-B088-64285A4DFA29} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {78B77FA3-9D97-441D-97B6-68CEA40B4F74} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe generaltel.dll,RunTelemetry -maintenance
Task: {8D3F43D5-6EDC-4A02-941F-A5C17D4FD03F} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {8DF84CB3-D8E0-4307-A35B-CA74E21786DB} - System32\Tasks\Microsoft\Windows\Clip\License Validation => C:\Windows\system32\ClipUp.exe [2015-08-15] (Microsoft Corporation)
Task: {9420C291-43CF-4126-9796-A370442BDAD4} - System32\Tasks\{9C30D5F4-2DFA-454B-9079-396B60C08921} => C:\Program Files (x86)\1D-Solutions\1DNest.exe [2014-03-13] (1D Solutions)
Task: {954B0D80-872C-4780-9857-B83051838F35} - \Security Center Update - 1289283488 -> No File <==== ATTENTION
Task: {A5B6CD85-1B57-49B9-BA80-5D5D65F02826} - System32\Tasks\Microsoft\Windows\AppID\EDP Policy Manager
Task: {A63065B1-46B5-4238-9BB4-06660B498BC8} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {AF1BC45B-BF4C-463E-A414-6DDF0B2CB760} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {BBC75DF4-FE21-4A98-96EE-FC4513183303} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {C4D639D2-C6C4-4F8F-BF6B-14B34D35A49B} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {C56AFFD3-06B8-4A16-AF7E-F7A6EB3FAE9E} - System32\Tasks\Microsoft\Windows\TPM\Tpm-HASCertRetr
Task: {C5EE2EA2-5312-4D1F-B9D0-41B18DF31B78} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sih => C:\Windows\System32\sihclient.exe [2015-07-10] (Microsoft Corporation)
Task: {C7A236B2-12E1-46DC-9501-3B1B0209CC09} - System32\Tasks\Microsoft\Windows\Location\WindowsActionDialog => C:\Windows\System32\WindowsActionDialog.exe [2015-07-10] (Microsoft Corporation)
Task: {CF013B07-6B74-4049-BB00-DE77D5928EF0} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {DA1045D5-4920-4FB0-80A9-9598C1963D62} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-05-12] (Microsoft Corporation)
Task: {DB8719A4-B0E3-4777-8B96-D8B8993B1F6F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {E5CDF517-AA02-4DB7-96A3-BBC3AFF1E5D5} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {E6BF7FDA-7805-4B60-84C9-FEC4D33C4666} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {EA0B18EE-868F-45C7-BE38-91A8DFAC9295} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {EBAFC29A-191D-46FC-8CEB-F7979AD9E9CE} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {F0A4D1E7-96BC-41F3-A536-693F8FF1B33E} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {F0B44F4C-89FC-4329-85A8-1CCE35DDB6A6} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {FC437816-6177-493C-80CF-EFE5A0670998} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (Whitelisted) ==============

 

2015-08-15 14:27 - 2015-08-15 14:27 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-08-22 15:15 - 2015-08-11 05:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2014-03-21 21:39 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-09-02 21:54 - 2015-08-18 03:56 - 02498808 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-09-02 21:54 - 2015-08-18 03:56 - 02498808 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-03-17 17:23 - 2015-01-27 11:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-07-10 06:59 - 2015-07-10 06:59 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-07-10 06:59 - 2015-07-10 06:59 - 00143360 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-07-10 07:00 - 2015-07-10 09:14 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-08-22 15:15 - 2015-08-11 04:58 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-08-15 14:27 - 2015-08-15 14:27 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-10 07:00 - 2015-07-10 09:14 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2015-08-29 09:44 - 2015-08-29 09:44 - 00007168 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.827.16340.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2015-08-29 09:44 - 2015-08-29 09:44 - 11606528 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.827.16340.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2015-07-10 09:17 - 2015-07-10 09:17 - 07897088 _____ () C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.1.0_1.0.22929.0_x64__8wekyb3d8bbwe\SharedLibrary.dll
2009-02-02 21:33 - 2009-02-02 21:33 - 00460199 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2008-09-28 21:55 - 2008-09-28 21:55 - 01076224 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2015-05-15 16:27 - 2015-05-15 16:27 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-01-27 10:10 - 2010-09-25 21:55 - 00406016 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Kfx.dll
2010-01-27 10:01 - 2010-09-25 21:55 - 00264192 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\AppCore.dll
2010-01-27 09:58 - 2010-09-25 21:55 - 00356352 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Atlas.dll
2010-01-27 09:57 - 2010-09-25 21:55 - 00237568 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll
2010-01-27 10:19 - 2010-09-25 21:55 - 00233984 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaControls.esx
2010-01-27 09:51 - 2010-09-25 21:55 - 00090112 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll
2010-01-27 10:28 - 2010-09-25 21:55 - 00078848 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx
2010-01-27 09:43 - 2010-09-25 21:55 - 00062464 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\DibLibIP.dll
2006-03-07 10:05 - 2010-09-25 21:55 - 01564672 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\AreaIFDLL.dll
2010-01-27 10:22 - 2010-09-25 21:55 - 00761856 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESCliWicMDRW.esx
2010-01-27 09:53 - 2010-09-25 21:55 - 00152576 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx
2010-01-27 10:50 - 2010-09-25 21:55 - 00684032 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESEmail.esx
2010-01-27 10:05 - 2010-09-25 21:55 - 00084480 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\keml40.dll
2010-01-27 09:57 - 2010-09-25 21:55 - 00129536 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\kpries40.dll
2010-01-27 11:33 - 2010-09-25 21:55 - 11503616 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESSkin.esx
2009-09-28 21:19 - 2010-09-25 21:55 - 00782336 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxImV.dll
2009-09-28 21:21 - 2010-09-25 21:55 - 00528384 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxProcV.dll
2009-09-28 21:20 - 2010-09-25 21:55 - 00462848 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxFFV.dll
2009-09-28 21:19 - 2010-09-25 21:55 - 00868352 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxBaseV.dll
2009-09-28 21:20 - 2010-09-25 21:55 - 02236416 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxCmpV.dll
2009-09-28 21:21 - 2010-09-25 21:55 - 00847872 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxXML2V.dll
2009-09-28 21:21 - 2010-09-25 21:55 - 01396736 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxCommonV.dll
2009-09-28 21:19 - 2010-09-25 21:55 - 00155648 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxZipV.dll
2010-01-27 10:54 - 2010-09-25 21:55 - 00171520 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Pcd.esx
2010-01-27 10:18 - 2010-09-25 21:55 - 00052224 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll
2010-01-27 10:17 - 2010-09-25 21:55 - 00143360 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll
2010-01-27 09:50 - 2010-09-25 21:55 - 00084480 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\UpdateChecker.esx
2010-01-27 08:21 - 2010-09-25 21:55 - 00010240 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocUpdateCheck.dll
2010-01-27 11:41 - 2010-09-25 21:55 - 00339968 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx
2010-01-27 10:51 - 2010-09-25 21:55 - 00098304 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx
2010-01-27 11:01 - 2010-09-25 21:55 - 00315392 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx
2010-01-27 10:39 - 2010-09-25 21:55 - 00688128 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll
2010-01-27 11:39 - 2010-09-25 21:55 - 00471040 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Escom.dll
2010-01-27 09:51 - 2010-09-25 21:55 - 00044544 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocCamBack.dll

 

==================== Alternate Data Streams (Whitelisted) =========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

==================== Safe Mode (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TileDataModelSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager => ""="Service"

 

==================== EXE Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

IE trusted site: HKU\S-1-5-21-2303037246-652555962-3126454297-1000\...\cinemanow.com -> hxxp://cinemanow.com
IE trusted site: HKU\S-1-5-21-2303037246-652555962-3126454297-1000\...\cinemanow.com -> hxxps://cinemanow.com
IE trusted site: HKU\S-1-5-21-2303037246-652555962-3126454297-1000\...\facebook.com -> hxxps://www.facebook.com
IE trusted site: HKU\S-1-5-21-2303037246-652555962-3126454297-1000\...\roxio.com -> hxxp://roxio.com
IE trusted site: HKU\S-1-5-21-2303037246-652555962-3126454297-1000\...\roxio.com -> hxxps://roxio.com
IE trusted site: HKU\S-1-5-21-2303037246-652555962-3126454297-1000\...\roxionow.com -> hxxp://roxionow.com
IE trusted site: HKU\S-1-5-21-2303037246-652555962-3126454297-1000\...\roxionow.com -> hxxps://roxionow.com
IE trusted site: HKU\S-1-5-21-2303037246-652555962-3126454297-1000\...\sonic.com -> hxxp://sonic.com
IE trusted site: HKU\S-1-5-21-2303037246-652555962-3126454297-1000\...\sonic.com -> hxxps://sonic.com
IE trusted site: HKU\S-1-5-21-2303037246-652555962-3126454297-1000\...\torproject.org -> hxxps://www.torproject.org

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-2303037246-652555962-3126454297-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Kelly\AppData\Local\Microsoft\Windows\Themes\img8.jpg
DNS Servers: 192.168.254.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(Currently there is no automatic fix for this section.)

 

MSCONFIG\startupfolder: C:^Users^Kelly^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^3220AE9B7.lnk => C:\Windows\pss\3220AE9B7.lnk.Startup

 

==================== FirewallRules (Whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{3A8DD7D9-3230-45BC-A49C-8E4AC8C41785}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{14A5FC26-C172-4701-814C-EA3749A1CA26}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{1B1235E0-0F2E-4F52-A55D-318B6C2228D7}] => (Allow) C:\Users\Kelly\AppData\Local\Temp\7zS0FF1\HPDiagnosticCoreUI.exe
FirewallRules: [{216C0F62-6A28-4699-AA0D-CBE664F28BFE}] => (Allow) C:\Users\Kelly\AppData\Local\Temp\7zS0FF1\HPDiagnosticCoreUI.exe
FirewallRules: [{7B78CBE9-6EE4-444C-9EB6-09CBDE35ABB2}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{29F8FCD2-BB7B-4070-A0E0-73E772793451}] => (Allow) LPort=5357
FirewallRules: [{F50009FB-BEB0-47FC-897A-9DD9B3C616C1}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\DeviceSetup.exe
FirewallRules: [{75850076-476C-4017-A086-E13553380C5F}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{241F52E6-5AEF-4F18-8187-A01D4EEC3DCB}] => (Allow) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\DataProxy.exe
FirewallRules: [{32F9B97D-1957-452B-9A0F-EA07CA2A42C8}] => (Allow) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
FirewallRules: [{57B41536-3676-4F39-BEFD-5FC06E217B49}] => (Allow) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
FirewallRules: [{BEBDA8C2-E98B-4BB2-A59F-82CF99D54426}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{1C71EEC7-998F-472B-8AE9-EFBFD742DE13}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{72188BEC-DB9B-47E9-BAD0-6DF48F21C243}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{B340255E-D2CC-4277-9869-A93CCFA2E6D6}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [uDP Query User{BAEFE7B0-1485-4302-8346-5E758493D6DA}C:\program files (x86)\torntv.com\torntv downloader.exe] => (Block) C:\program files (x86)\torntv.com\torntv downloader.exe
FirewallRules: [TCP Query User{130BA7FF-0A0D-49B2-8F6F-CD722A591791}C:\program files (x86)\torntv.com\torntv downloader.exe] => (Block) C:\program files (x86)\torntv.com\torntv downloader.exe
FirewallRules: [{EEE9B452-7A6A-4F77-BD7F-37253909E265}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{497A098D-B598-433F-ABE9-FD3582917169}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [uDP Query User{88FFA3AB-81D8-4D1D-A322-D5C62133748F}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [TCP Query User{11DCA0B8-BB7F-487D-9703-4C9853AC75F2}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [{6AE3F12A-C477-4BD6-B0B7-03DC513750FE}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{B7731FA5-C82E-450F-BDC7-FEA268630B2C}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [uDP Query User{E51AD213-0A43-45E5-8807-3EF1C055A8B9}C:\windows\explorer.exe] => (Block) C:\windows\explorer.exe
FirewallRules: [TCP Query User{3148ACFB-3A79-4208-89F1-0C12F91A2F34}C:\windows\explorer.exe] => (Block) C:\windows\explorer.exe
FirewallRules: [uDP Query User{BF61334D-52FC-42B8-81CA-AF04AFB8720F}C:\users\kelly\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\kelly\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{BA2E103B-A124-44BF-A0E2-A513D4BC59DC}C:\users\kelly\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\kelly\appdata\roaming\spotify\spotify.exe
FirewallRules: [{857D49CF-F343-4D1A-928C-C0350B4080D9}] => (Allow) C:\Program Files (x86)\Rovi\Rovi Player\RNowShell.exe
FirewallRules: [{35BBB239-B46F-47E5-B6EE-B65A6F0A5563}] => (Allow) C:\Program Files (x86)\Rovi\Rovi Player\RNowShell.exe
FirewallRules: [{9968D61A-048A-4095-AEAD-B0739787C67B}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\CNUpdater.exe
FirewallRules: [{030DC60F-C59E-4466-8BE7-7972234B018A}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\CNUpdater.exe
FirewallRules: [{699C92D5-2D7E-440B-B13D-683EA80555AE}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [uDP Query User{5E598C18-01E1-447A-AF78-1FEEA3B44567}C:\program files (x86)\kodak\kodak easyshare software\bin\easyshare.exe] => (Allow) C:\program files (x86)\kodak\kodak easyshare software\bin\easyshare.exe
FirewallRules: [TCP Query User{7130436B-A5AB-423A-9C25-4D4C10E9C6BD}C:\program files (x86)\kodak\kodak easyshare software\bin\easyshare.exe] => (Allow) C:\program files (x86)\kodak\kodak easyshare software\bin\easyshare.exe
FirewallRules: [{862B481D-4B0C-4982-BA6B-91EF94BCEEF2}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
FirewallRules: [{8DA0FDCD-6AEA-49EB-B70A-8CF1DF78D5F4}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
FirewallRules: [{286B7152-B56F-4045-9B73-EDA7FAE6AA46}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3C5DB610-D4B3-4ECF-B51F-A7AD3442DB53}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4911E685-0F13-4E73-8B2E-871327AE9DB2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D5ACB2F2-09C1-4CB8-80EA-B2A511B3F896}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [uDP Query User{0D97EC99-3FF7-4FA8-A991-59E676E91DEF}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Allow) C:\program files (x86)\google\google earth\client\googleearth.exe
FirewallRules: [TCP Query User{968F021F-AA3F-4C0A-9FCD-AADC92C95440}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Allow) C:\program files (x86)\google\google earth\client\googleearth.exe
FirewallRules: [{79B19056-9599-49BF-84E9-FEC371162CA0}] => (Allow) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
FirewallRules: [{72D37FA3-9A65-4A18-AF43-18400DC21383}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{D59CF93C-A54C-41BC-ACF5-933A8361AC77}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [uDP Query User{EFFEA1B1-971A-4147-B4FB-3CAA636015EA}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{6E8536B9-80F9-4AD6-A10B-339D639A5F14}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{783C3E33-D77B-4A48-BF28-F25184DF7379}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{4806FC53-F211-4B32-8727-CE52F8DC4E5C}] => (Allow) svchost.exe
FirewallRules: [{90C37421-3288-49CD-B93C-020445CD3B39}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{B0A565C3-1044-4341-A2B0-84C158C33E2C}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{AC789266-15C5-4DC5-B8FA-5B1CD5AC064E}] => (Allow) C:\Program Files (x86)\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe
FirewallRules: [{E7819C6B-A2C5-49B2-B25C-DEC8171BD6E6}] => (Allow) C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
FirewallRules: [{912E473B-52AA-45A1-8A98-C1D7FDFF4F38}] => (Allow) C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PlayMovie.exe
FirewallRules: [{6CD95920-F82B-41CE-89F8-05CE199D6FAF}] => (Allow) C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe
FirewallRules: [{3DC7FB56-B488-4F98-AFBE-814A638EB90A}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MNA\McNaSvc.exe
FirewallRules: [{0584C4F0-F225-4D4C-9E47-0253EFDA52EA}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
FirewallRules: [{D44B1660-1054-4F94-B4A6-92F0CC1C08FC}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
FirewallRules: [{21794B7D-038C-46C3-ABB2-BA02D7D5331A}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
FirewallRules: [{F7D2772F-0B81-426F-8578-141D6C46D434}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
FirewallRules: [{755E2A34-5970-4D59-9516-848F34F28839}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{486B1D59-0926-4A18-B136-4DFAF73F0E31}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

==================== Faulty Device Manager Devices =============

 

==================== Event log errors: =========================

 

Application errors:
==================
Error: (09/11/2015 09:49:22 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Microsoft.Photos.exe version 15.827.16340.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

 

Process ID: 15e0

 

Start Time: 01d0ec3df569eda1

 

Termination Time: 4294967295

 

Application Path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.827.16340.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe

 

Report Id: e6a5a846-588b-11e5-9bd1-00262d935f39

 

Faulting package full name: Microsoft.Windows.Photos_15.827.16340.0_x64__8wekyb3d8bbwe

 

Faulting package-relative application ID: App

 

Error: (09/10/2015 10:43:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: microsoftedgecp.exe, version: 11.0.10240.16384, time stamp: 0x559f3853
Faulting module name: EDGEHTML.dll, version: 11.0.10240.16463, time stamp: 0x55d563d4
Exception code: 0xc0000602
Fault offset: 0x000000000053d856
Faulting process id: 0xa44
Faulting application start time: 0xmicrosoftedgecp.exe0
Faulting application path: microsoftedgecp.exe1
Faulting module path: microsoftedgecp.exe2
Report Id: microsoftedgecp.exe3
Faulting package full name: microsoftedgecp.exe4
Faulting package-relative application ID: microsoftedgecp.exe5

 

Error: (09/10/2015 10:43:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: microsoftedgecp.exe, version: 11.0.10240.16384, time stamp: 0x559f3853
Faulting module name: KERNELBASE.dll, version: 10.0.10240.16384, time stamp: 0x559f38c3
Exception code: 0x80000003
Fault offset: 0x000000000002a1c8
Faulting process id: 0xa44
Faulting application start time: 0xmicrosoftedgecp.exe0
Faulting application path: microsoftedgecp.exe1
Faulting module path: microsoftedgecp.exe2
Report Id: microsoftedgecp.exe3
Faulting package full name: microsoftedgecp.exe4
Faulting package-relative application ID: microsoftedgecp.exe5

 

Error: (09/10/2015 10:39:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: microsoftedgecp.exe, version: 11.0.10240.16384, time stamp: 0x559f3853
Faulting module name: EDGEHTML.dll, version: 11.0.10240.16463, time stamp: 0x55d563d4
Exception code: 0xc0000602
Fault offset: 0x000000000053d856
Faulting process id: 0x1520
Faulting application start time: 0xmicrosoftedgecp.exe0
Faulting application path: microsoftedgecp.exe1
Faulting module path: microsoftedgecp.exe2
Report Id: microsoftedgecp.exe3
Faulting package full name: microsoftedgecp.exe4
Faulting package-relative application ID: microsoftedgecp.exe5

 

Error: (09/10/2015 10:39:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: microsoftedgecp.exe, version: 11.0.10240.16384, time stamp: 0x559f3853
Faulting module name: KERNELBASE.dll, version: 10.0.10240.16384, time stamp: 0x559f38c3
Exception code: 0x80000003
Fault offset: 0x000000000002a1c8
Faulting process id: 0x1520
Faulting application start time: 0xmicrosoftedgecp.exe0
Faulting application path: microsoftedgecp.exe1
Faulting module path: microsoftedgecp.exe2
Report Id: microsoftedgecp.exe3
Faulting package full name: microsoftedgecp.exe4
Faulting package-relative application ID: microsoftedgecp.exe5

 

Error: (09/10/2015 10:28:22 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Kelly-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

 

Error: (09/10/2015 10:28:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchUI.exe, version: 10.0.10240.16431, time stamp: 0x55c9bba1
Faulting module name: CortanaApi.dll, version: 0.0.0.0, time stamp: 0x55bebfac
Exception code: 0x80000003
Fault offset: 0x0000000000151c23
Faulting process id: 0x730
Faulting application start time: 0xSearchUI.exe0
Faulting application path: SearchUI.exe1
Faulting module path: SearchUI.exe2
Report Id: SearchUI.exe3
Faulting package full name: SearchUI.exe4
Faulting package-relative application ID: SearchUI.exe5

 

Error: (09/10/2015 10:28:21 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Kelly-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

 

Error: (09/10/2015 10:28:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchUI.exe, version: 10.0.10240.16431, time stamp: 0x55c9bba1
Faulting module name: CortanaApi.dll, version: 0.0.0.0, time stamp: 0x55bebfac
Exception code: 0x80000003
Fault offset: 0x0000000000151c23
Faulting process id: 0x4fc
Faulting application start time: 0xSearchUI.exe0
Faulting application path: SearchUI.exe1
Faulting module path: SearchUI.exe2
Report Id: SearchUI.exe3
Faulting package full name: SearchUI.exe4
Faulting package-relative application ID: SearchUI.exe5

 

Error: (09/10/2015 10:28:11 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Kelly-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

 

System errors:
=============
Error: (09/11/2015 09:43:59 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WinDefend service.

 

Error: (09/11/2015 09:43:05 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WinDefend service.

 

Error: (09/11/2015 09:42:34 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WinDefend service.

 

Error: (09/10/2015 11:02:57 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

 

Error: (09/10/2015 11:02:54 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WinDefend service.

 

Error: (09/10/2015 11:02:24 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WinDefend service.

 

Error: (09/10/2015 10:45:34 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

 

Error: (09/10/2015 10:29:46 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error:
%%1058

 

Error: (09/10/2015 10:28:56 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: 1084dpsUnavailable{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}

 

Error: (09/10/2015 10:28:32 PM) (Source: DCOM) (EventID: 10005) (User: Kelly-PC)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

 

Microsoft Office:
=========================
Error: (09/11/2015 09:49:22 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Microsoft.Photos.exe15.827.16340.015e001d0ec3df569eda14294967295C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.827.16340.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exee6a5a846-588b-11e5-9bd1-00262d935f39Microsoft.Windows.Photos_15.827.16340.0_x64__8wekyb3d8bbweApp

 

Error: (09/10/2015 10:43:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: microsoftedgecp.exe11.0.10240.16384559f3853EDGEHTML.dll11.0.10240.1646355d563d4c0000602000000000053d856a4401d0ec3b0a27b650C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exeC:\WINDOWS\SYSTEM32\EDGEHTML.dll66748778-c971-4933-9003-c97b0363eb82Microsoft.MicrosoftEdge_20.10240.16384.0_neutral__8wekyb3d8bbweMicrosoftEdge

 

Error: (09/10/2015 10:43:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: microsoftedgecp.exe11.0.10240.16384559f3853KERNELBASE.dll10.0.10240.16384559f38c380000003000000000002a1c8a4401d0ec3b0a27b650C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exeC:\WINDOWS\system32\KERNELBASE.dll5590a7c3-a2ee-4006-8d5c-2905aa870183Microsoft.MicrosoftEdge_20.10240.16384.0_neutral__8wekyb3d8bbweMicrosoftEdge

 

Error: (09/10/2015 10:39:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: microsoftedgecp.exe11.0.10240.16384559f3853EDGEHTML.dll11.0.10240.1646355d563d4c0000602000000000053d856152001d0ec3a59bcbc92C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exeC:\WINDOWS\SYSTEM32\EDGEHTML.dllcbef7b5a-ce1e-43d6-a71f-138d66a856d2Microsoft.MicrosoftEdge_20.10240.16384.0_neutral__8wekyb3d8bbweMicrosoftEdge

 

Error: (09/10/2015 10:39:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: microsoftedgecp.exe11.0.10240.16384559f3853KERNELBASE.dll10.0.10240.16384559f38c380000003000000000002a1c8152001d0ec3a59bcbc92C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exeC:\WINDOWS\system32\KERNELBASE.dll617ca40a-42d8-49e7-adcb-ad802069beeaMicrosoft.MicrosoftEdge_20.10240.16384.0_neutral__8wekyb3d8bbweMicrosoftEdge

 

Error: (09/10/2015 10:28:22 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Kelly-PC)
Description: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI-2147023170

 

Error: (09/10/2015 10:28:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SearchUI.exe10.0.10240.1643155c9bba1CortanaApi.dll0.0.0.055bebfac800000030000000000151c2373001d0ec3987a20f28C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeC:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dlleb0d5ca5-8ff9-4291-82cd-89ebc4c76606Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewyCortanaUI

 

Error: (09/10/2015 10:28:21 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Kelly-PC)
Description: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI-2147023170

 

Error: (09/10/2015 10:28:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SearchUI.exe10.0.10240.1643155c9bba1CortanaApi.dll0.0.0.055bebfac800000030000000000151c234fc01d0ec3986a5bd9cC:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeC:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll7d76c638-88ca-4f9c-9b06-d0ade28c0b9bMicrosoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewyCortanaUI

 

Error: (09/10/2015 10:28:11 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Kelly-PC)
Description: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI-2147023170

 

CodeIntegrity:
===================================
  Date: 2015-09-11 09:44:11.696
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-09-10 19:47:14.826
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-09-09 21:17:52.875
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-09-09 20:46:34.136
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-09-09 20:46:34.075
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-09-08 07:17:00.407
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-09-08 07:17:00.329
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-09-08 07:17:00.138
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-09-08 07:17:00.060
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-09-08 07:16:59.812
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

==================== Memory info ===========================

 

Processor: Pentium® Dual-Core CPU T4400 @ 2.20GHz
Percentage of memory in use: 45%
Total physical RAM: 3000.92 MB
Available physical RAM: 1621.62 MB
Total Virtual: 6072.92 MB
Available Virtual: 4514.36 MB

 

==================== Drives ================================

 

Drive c: (ACER) (Fixed) (Total:285.83 GB) (Free:108.1 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 2D812D81)
Partition 1: (Not Active) - (Size=11.7 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=285.8 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=449 MB) - (Type=27)

 

==================== End of Addition.txt ============================

​

[TwinHeadedEagle]

Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.

[autoeng12]

Sorry, I forgot. Here are the files attached.

Addition.txt

FRST.txt

[TwinHeadedEagle]

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.

Running it on another one may cause damage and render the system unstable.

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

• Right-click on icon and select Run as Administrator to start the tool.

  (XP users click run after receipt of Windows Security Warning - Open File).

• Press the Fix button just once and wait.
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please upload it to your reply.

fixlist.txt

[autoeng12]

Here's the log.

Fixlog.txt

[TwinHeadedEagle]

How is your PC behaving now?

[autoeng12]

I have been called out of town on a business trip. I only got to use it for a few minutes. I will update this as required to keep this open and when I get home will report performance.

[TwinHeadedEagle]

Okay, keep me updated.

[TwinHeadedEagle]

Still with me?

[Maurice Naggar]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!