Jump to content

Fixing a friend's laptop

CaptKA

By CaptKA
in Resolved Malware Removal Logs

 Share

Recommended Posts

CaptKA

CaptKA

Posted
Posted

Hi,

I'm trying to fix a friend's laptop that's (I believe) is infected with vundo- it looks unfortunately familiar.

I've attached the first-run files from FRST.

 

Any help is greatly appreciated.  I got a 1year subscription for the rest of the family (I'm on linux mint) and have recommended you to countless friends/colleagues.

 

Thanks,

Clint

 

 

Addition.txt

FRST.txt

Link to post
Share on other sites
TwinHeadedEagle

TwinHeadedEagle

Posted
Posted

Hello,

    

 

They call me TwinHeadedEagle around here, and I'll try to help your with your issue.

 

     

    

Before we start please read and note the following:

  • We're primarily oriented on malware removal here, so you must know that some issues just cannot be solved and you must be prepared for this. Some tools we use here will remove your browser search history, so backup your important links and all the files whose loss is unacceptable.
  • Note that we may live in totally different time zones, what may cause some delays between answers.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
:excl: I can't foresee everything, so if anything not covered in my instructions happens, please stop and inform me!

:excl: There are no silly questions. Never be afraid to ask if in doubt!

 

 

 

  warning.gif Rules and policies

 

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

 

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

 

 

mbam-old.png Uninstall outdated Malwarebytes' Anti-Malware

Please download MBAM-clean and save it to your desktop.

  • Right-click on mbam-clean.exe icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • It will ask you to reboot the machine - please do so.
After that follow my next instructions to download & install the newset MBAM version.

51a46ae42d560-malwarebytes_anti_malware. Scan with Malwarebytes' Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.

  • Install the progam and select update.
  • Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
  • In the same tab, under PUP and PUM detections make sure it is set to Treat detections as malware.
  • Click the Scan tab, choose Threat Scan is checked and click Scan Now.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • At the bottom click Export and choose Text file.
Save the file to your desktop and include its content in your next reply.
Link to post
Share on other sites
CaptKA

CaptKA

Posted
  • Author
Posted
Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 10/22/2015

Scan Time: 7:30 PM

Logfile: scanlog.txt

Administrator: Yes

 

Version: 2.2.0.1024

Malware Database: v2015.10.22.07

Rootkit Database: v2015.10.16.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

OS: Windows 10

CPU: x64

File System: NTFS

User: killme

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 340344

Time Elapsed: 32 min, 24 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

 

Thank you TwinHeadedEagle!

For what it's worth, there is nothing of value on this computer, so no backup is necessary or "kid gloves".  Unfortunately, In it's current state, I can't access the recovery drive to wipe it clean.  Just thought you might want to know that.  Once again, I appreciate your help.
Link to post
Share on other sites
TwinHeadedEagle

TwinHeadedEagle

Posted
Posted

FRST.gif Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    (XP users click run after receipt of Windows Security Warning - Open File).

  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please include their content into your next reply.
Link to post
Share on other sites
CaptKA

CaptKA

Posted
  • Author
Posted
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-10-2015 01

Ran by killme (administrator) on HELEN-LAPTOP (23-10-2015 06:34:20)

Running from C:\Users\killme\Desktop

Loaded Profiles: killme (Available Profiles: killme)

Platform: Windows 10 Home (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: Edge)

Boot Mode: Normal


 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe

(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe

(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe

(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe

(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe

(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe

(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe

 

 

==================== Registry (Whitelisted) ===========================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-07-21] (IDT, Inc.)

HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-24] (Synaptics Incorporated)

HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491320 2012-07-26] (CyberLink Corp.)

HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)

HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-07-09] (Hewlett-Packard Development Company, L.P.)

HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2011-08-26] (Hewlett-Packard Development Company, L.P.)

HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)

HKLM\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x60

HKU\S-1-5-21-2876596647-219202347-903480905-1006\...\MountPoints2: E - "E:\setup.exe" 

ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)

ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)

ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)

ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File

CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{4ee91638-dbfb-4f3e-99b4-f705ebcd7de1}: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{e582cc2d-edf2-496d-9555-ab744c48b264}: [DhcpNameServer] 192.168.12.22 200.201.204.5

 

Internet Explorer:

==================

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com

HKU\S-1-5-21-2876596647-219202347-903480905-1006\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/HPNOT13/1

SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF

SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2012-07-09] (Hewlett-Packard)

 

FireFox:

========

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-10-09] ()

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-10-09] ()

FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-06-22] (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-09] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-09] (Google Inc.)

StartMenuInternet: FIREFOX.EXE - firefox.exe

 

==================== Services (Whitelisted) ========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-08] (Advanced Micro Devices, Inc.) [File not signed]

R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [85504 2012-08-10] (Hewlett-Packard Company) [File not signed]

R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)

R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-07-21] (IDT, Inc.) [File not signed]

S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [84480 2015-10-18] (Microsoft Corporation)

R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)

R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)

 

===================== Drivers (Whitelisted) ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)

R3 athr; C:\Windows\System32\drivers\athw10x.sys [4320280 2015-10-18] (Qualcomm Atheros Communications, Inc.)

R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)

R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)

R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)

S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)

R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-03] (Realtek Semiconductor Corp.)

R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek                                            )

S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)

S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)

S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()

S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)

R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)

R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)

R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20288 2012-08-03] (Hewlett-Packard Development Company, L.P.)

S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2015-10-23 06:34 - 2015-10-23 06:35 - 00010942 _____ C:\Users\killme\Desktop\FRST.txt

2015-10-23 06:30 - 2015-10-23 06:30 - 00016148 _____ C:\WINDOWS\system32\HELEN-LAPTOP_killme_HistoryPrediction.bin

2015-10-22 19:47 - 2015-10-22 19:47 - 00000000 ____D C:\WINDOWS\LastGood.Tmp

2015-10-22 19:47 - 2015-10-22 19:47 - 00000000 ____D C:\Program Files\AMD

2015-10-22 19:45 - 2015-10-22 19:45 - 30767648 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atio6axx.dll

2015-10-22 19:45 - 2015-10-22 19:45 - 25315360 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atioglxx.dll

2015-10-22 19:45 - 2015-10-22 19:45 - 21637664 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\atikmdag.sys

2015-10-22 19:45 - 2015-10-22 19:45 - 09065336 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiumd6a.dll

2015-10-22 19:45 - 2015-10-22 19:45 - 08957368 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiumd64.dll

2015-10-22 19:45 - 2015-10-22 19:45 - 08085016 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiumdva.dll

2015-10-22 19:45 - 2015-10-22 19:45 - 07556192 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiumdag.dll

2015-10-22 19:45 - 2015-10-22 19:45 - 03471376 _____ C:\WINDOWS\SysWOW64\atiumdva.cap

2015-10-22 19:45 - 2015-10-22 19:45 - 03437632 _____ C:\WINDOWS\system32\atiumd6a.cap

2015-10-22 19:45 - 2015-10-22 19:45 - 00883232 _____ (AMD) C:\WINDOWS\system32\coinst_15.20.dll

2015-10-22 19:45 - 2015-10-22 19:45 - 00737410 _____ C:\WINDOWS\system32\atiicdxx.dat

2015-10-22 19:45 - 2015-10-22 19:45 - 00689696 _____ (AMD) C:\WINDOWS\system32\atieclxx.exe

2015-10-22 19:45 - 2015-10-22 19:45 - 00682016 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\atikmpag.sys

2015-10-22 19:45 - 2015-10-22 19:45 - 00350240 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ATIODE.exe

2015-10-22 19:45 - 2015-10-22 19:45 - 00322868 _____ C:\WINDOWS\system32\ativvaxy_vi.dat

2015-10-22 19:45 - 2015-10-22 19:45 - 00321200 _____ C:\WINDOWS\system32\ativvaxy_vi_nd.dat

2015-10-22 19:45 - 2015-10-22 19:45 - 00263200 _____ (AMD) C:\WINDOWS\system32\atiesrxx.exe

2015-10-22 19:45 - 2015-10-22 19:45 - 00255808 _____ C:\WINDOWS\system32\ativvaxy_cz_nd.dat

2015-10-22 19:45 - 2015-10-22 19:45 - 00252448 _____ C:\WINDOWS\system32\clinfo.exe

2015-10-22 19:45 - 2015-10-22 19:45 - 00250884 _____ C:\WINDOWS\system32\ativvaxy_FJ.dat

2015-10-22 19:45 - 2015-10-22 19:45 - 00249088 _____ C:\WINDOWS\system32\ativvaxy_FJ_nd.dat

2015-10-22 19:45 - 2015-10-22 19:45 - 00234420 _____ C:\WINDOWS\system32\ativvaxy_cik.dat

2015-10-22 19:45 - 2015-10-22 19:45 - 00232752 _____ C:\WINDOWS\system32\ativvaxy_cik_nd.dat

2015-10-22 19:45 - 2015-10-22 19:45 - 00208416 _____ (AMD) C:\WINDOWS\system32\atitmm64.dll

2015-10-22 19:45 - 2015-10-22 19:45 - 00204952 _____ C:\WINDOWS\SysWOW64\ativvsvl.dat

2015-10-22 19:45 - 2015-10-22 19:45 - 00204952 _____ C:\WINDOWS\system32\ativvsvl.dat

2015-10-22 19:45 - 2015-10-22 19:45 - 00177696 _____ C:\WINDOWS\system32\atieah64.exe

2015-10-22 19:45 - 2015-10-22 19:45 - 00174112 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6txx.dll

2015-10-22 19:45 - 2015-10-22 19:45 - 00172432 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiuxp64.dll

2015-10-22 19:45 - 2015-10-22 19:45 - 00169152 _____ C:\WINDOWS\system32\ativce03.dat

2015-10-22 19:45 - 2015-10-22 19:45 - 00161312 _____ C:\WINDOWS\SysWOW64\atieah32.exe

2015-10-22 19:45 - 2015-10-22 19:45 - 00159264 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atigktxx.dll

2015-10-22 19:45 - 2015-10-22 19:45 - 00157144 _____ C:\WINDOWS\SysWOW64\ativvsva.dat

2015-10-22 19:45 - 2015-10-22 19:45 - 00157144 _____ C:\WINDOWS\system32\ativvsva.dat

2015-10-22 19:45 - 2015-10-22 19:45 - 00153104 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiuxpag.dll

2015-10-22 19:45 - 2015-10-22 19:45 - 00144928 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantle64.dll

2015-10-22 19:45 - 2015-10-22 19:45 - 00140240 _____ C:\WINDOWS\system32\samu_krnl_ci.sbin

2015-10-22 19:45 - 2015-10-22 19:45 - 00140016 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiu9p64.dll

2015-10-22 19:45 - 2015-10-22 19:45 - 00138832 _____ C:\WINDOWS\system32\samu_krnl_isv_ci.sbin

2015-10-22 19:45 - 2015-10-22 19:45 - 00131104 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantle32.dll

2015-10-22 19:45 - 2015-10-22 19:45 - 00122128 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiu9pag.dll

2015-10-22 19:45 - 2015-10-22 19:45 - 00120352 _____ C:\WINDOWS\system32\hsa-thunk64.dll

2015-10-22 19:45 - 2015-10-22 19:45 - 00119840 _____ C:\WINDOWS\SysWOW64\hsa-thunk.dll

2015-10-22 19:45 - 2015-10-22 19:45 - 00110624 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantleaxl64.dll

2015-10-22 19:45 - 2015-10-22 19:45 - 00106528 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atisamu64.dll

2015-10-22 19:45 - 2015-10-22 19:45 - 00103968 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantleaxl32.dll

2015-10-22 19:45 - 2015-10-22 19:45 - 00100816 _____ C:\WINDOWS\system32\ativce02.dat

2015-10-22 19:45 - 2015-10-22 19:45 - 00098336 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atisamu32.dll

2015-10-22 19:45 - 2015-10-22 19:45 - 00097584 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atimpc64.dll

2015-10-22 19:45 - 2015-10-22 19:45 - 00092704 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6pxx.dll

2015-10-22 19:45 - 2015-10-22 19:45 - 00090640 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atimpc32.dll

2015-10-22 19:45 - 2015-10-22 19:45 - 00087072 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiglpxx.dll

2015-10-22 19:45 - 2015-10-22 19:45 - 00087072 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiglpxx.dll

2015-10-22 19:45 - 2015-10-22 19:45 - 00068640 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ATIODCLI.exe

2015-10-22 19:45 - 2015-10-22 19:45 - 00047664 _____ C:\WINDOWS\system32\kapp_ci.sbin

2015-10-22 19:45 - 2015-10-22 19:45 - 00047136 _____ (AMD) C:\WINDOWS\system32\atimuixx.dll

2015-10-22 19:45 - 2015-10-22 19:45 - 00043408 _____ C:\WINDOWS\system32\kapp_si.sbin

2015-10-22 19:45 - 2015-10-22 19:45 - 00021536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\detoured.dll

2015-10-22 19:45 - 2015-10-22 19:45 - 00021536 _____ (Microsoft Corporation) C:\WINDOWS\system32\detoured.dll

2015-10-22 19:44 - 2015-10-22 19:45 - 12171720 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atidxx64.dll

2015-10-22 19:44 - 2015-10-22 19:44 - 47800864 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdocl64.dll

2015-10-22 19:44 - 2015-10-22 19:44 - 27553312 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdocl12cl64.dll

2015-10-22 19:44 - 2015-10-22 19:44 - 22336032 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\amdocl12cl.dll

2015-10-22 19:44 - 2015-10-22 19:44 - 15734304 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticaldd64.dll

2015-10-22 19:44 - 2015-10-22 19:44 - 14319648 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticaldd.dll

2015-10-22 19:44 - 2015-10-22 19:44 - 10285304 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atidxx32.dll

2015-10-22 19:44 - 2015-10-22 19:44 - 09280352 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdxc64.dll

2015-10-22 19:44 - 2015-10-22 19:44 - 07650592 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdxc32.dll

2015-10-22 19:44 - 2015-10-22 19:44 - 01485552 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\aticfx64.dll

2015-10-22 19:44 - 2015-10-22 19:44 - 01265184 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiadlxx.dll

2015-10-22 19:44 - 2015-10-22 19:44 - 01230864 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\aticfx32.dll

2015-10-22 19:44 - 2015-10-22 19:44 - 01204784 _____ C:\WINDOWS\system32\amdocl_as64.exe

2015-10-22 19:44 - 2015-10-22 19:44 - 01079344 _____ C:\WINDOWS\system32\amdocl_ld64.exe

2015-10-22 19:44 - 2015-10-22 19:44 - 01012784 _____ C:\WINDOWS\SysWOW64\amdocl_as32.exe

2015-10-22 19:44 - 2015-10-22 19:44 - 00944160 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxy.dll

2015-10-22 19:44 - 2015-10-22 19:44 - 00944160 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxx.dll

2015-10-22 19:44 - 2015-10-22 19:44 - 00816176 _____ C:\WINDOWS\SysWOW64\amdocl_ld32.exe

2015-10-22 19:44 - 2015-10-22 19:44 - 00660912 _____ C:\WINDOWS\SysWOW64\atiapfxx.blb

2015-10-22 19:44 - 2015-10-22 19:44 - 00660912 _____ C:\WINDOWS\system32\atiapfxx.blb

2015-10-22 19:44 - 2015-10-22 19:44 - 00459808 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atidemgy.dll

2015-10-22 19:44 - 2015-10-22 19:44 - 00384544 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiapfxx.exe

2015-10-22 19:44 - 2015-10-22 19:44 - 00097584 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdpcom64.dll

2015-10-22 19:44 - 2015-10-22 19:44 - 00090640 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdpcom32.dll

2015-10-22 19:44 - 2015-10-22 19:44 - 00082464 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll

2015-10-22 19:44 - 2015-10-22 19:44 - 00079904 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalrt64.dll

2015-10-22 19:44 - 2015-10-22 19:44 - 00076832 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll

2015-10-22 19:44 - 2015-10-22 19:44 - 00073248 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalcl64.dll

2015-10-22 19:44 - 2015-10-22 19:44 - 00069664 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticalrt.dll

2015-10-22 19:44 - 2015-10-22 19:44 - 00066592 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticalcl.dll

2015-10-22 19:44 - 2015-10-22 19:44 - 00060960 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\ati2erec.dll

2015-10-22 19:43 - 2015-10-22 19:44 - 39732768 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\amdocl.dll

2015-10-22 19:43 - 2015-10-22 19:43 - 06493728 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmantle64.dll

2015-10-22 19:43 - 2015-10-22 19:43 - 05084704 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmantle32.dll

2015-10-22 19:43 - 2015-10-22 19:43 - 00830516 _____ C:\WINDOWS\system32\amdicdxx.dat

2015-10-22 19:43 - 2015-10-22 19:43 - 00484176 _____ C:\WINDOWS\system32\amdmiracast.dll

2015-10-22 19:43 - 2015-10-22 19:43 - 00315120 _____ (Advanced Micro Devices) C:\WINDOWS\system32\Drivers\amdacpksd.sys

2015-10-22 19:43 - 2015-10-22 19:43 - 00222240 _____ C:\WINDOWS\system32\amdgfxinfo64.dll

2015-10-22 19:43 - 2015-10-22 19:43 - 00207392 _____ C:\WINDOWS\SysWOW64\amdgfxinfo32.dll

2015-10-22 19:43 - 2015-10-22 19:43 - 00167456 _____ C:\WINDOWS\system32\amde31a.dat

2015-10-22 19:43 - 2015-10-22 19:43 - 00162096 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdhcp64.dll

2015-10-22 19:43 - 2015-10-22 19:43 - 00152096 _____ C:\WINDOWS\system32\amdhdl64.dll

2015-10-22 19:43 - 2015-10-22 19:43 - 00148400 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdhcp32.dll

2015-10-22 19:43 - 2015-10-22 19:43 - 00140832 _____ C:\WINDOWS\SysWOW64\amdhdl32.dll

2015-10-22 19:43 - 2015-10-22 19:43 - 00127440 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdave64.dll

2015-10-22 19:43 - 2015-10-22 19:43 - 00120080 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdave32.dll

2015-10-22 19:43 - 2015-10-22 19:43 - 00068128 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmmcl6.dll

2015-10-22 19:43 - 2015-10-22 19:43 - 00056864 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmmcl.dll

2015-10-22 19:27 - 2015-10-22 19:30 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2015-10-22 19:23 - 2015-10-22 19:23 - 00001171 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-10-22 19:23 - 2015-10-22 19:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-10-22 19:22 - 2015-10-22 19:23 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-10-22 19:22 - 2015-10-22 19:22 - 00000000 ____D C:\ProgramData\Malwarebytes

2015-10-22 19:22 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys

2015-10-22 19:22 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys

2015-10-22 19:22 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys

2015-10-22 19:12 - 2015-10-22 18:48 - 22908888 _____ (Malwarebytes ) C:\Users\killme\Desktop\mbam-setup-2.2.0.1024.exe

2015-10-22 19:12 - 2015-10-22 18:46 - 00321848 _____ (Malwarebytes Corporation) C:\Users\killme\Desktop\mbam-clean-2.1.1.1001.exe

2015-10-21 19:24 - 2015-10-23 06:34 - 00000000 ____D C:\FRST

2015-10-21 19:07 - 2015-10-21 18:50 - 02196480 _____ (Farbar) C:\Users\killme\Desktop\FRST64.exe

2015-10-21 19:07 - 2015-10-21 18:44 - 06383209 _____ C:\Users\killme\Desktop\mbam-chameleon-3.1.25.0.zip

2015-10-19 19:47 - 2015-10-19 19:49 - 00000000 ____D C:\Users\killme\AppData\Local\Comms

2015-10-19 19:13 - 2015-10-19 19:16 - 00000000 ___HD C:\$Windows.~BT

2015-10-19 18:43 - 2015-10-21 18:45 - 00003652 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask

2015-10-18 16:32 - 2015-10-18 16:32 - 00000000 ____D C:\Users\killme\AppData\Roaming\Hewlett-Packard

2015-10-18 16:31 - 2015-10-18 16:31 - 00002379 _____ C:\Users\killme\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

2015-10-18 16:31 - 2015-10-18 16:31 - 00000000 ___RD C:\Users\killme\OneDrive

2015-10-18 16:29 - 2015-10-18 16:29 - 00000000 ____D C:\Users\killme\AppData\Roaming\Synaptics

2015-10-18 16:28 - 2015-10-18 16:28 - 00000000 ____D C:\Users\killme\AppData\Local\Hewlett-Packard

2015-10-18 16:27 - 2015-10-18 16:27 - 00000000 ____D C:\Users\killme\AppData\Local\Publishers

2015-10-18 16:27 - 2015-10-18 16:27 - 00000000 ____D C:\Users\killme\AppData\Local\Power2Go8

2015-10-18 16:26 - 2015-10-22 20:10 - 00000000 ____D C:\Users\killme\AppData\Local\Packages

2015-10-18 16:26 - 2015-10-18 16:26 - 00000000 ____D C:\Users\killme\AppData\Roaming\Adobe

2015-10-18 16:26 - 2015-10-18 16:26 - 00000000 ____D C:\Users\killme\AppData\Local\VirtualStore

2015-10-18 16:25 - 2015-10-18 16:25 - 00000020 ___SH C:\Users\killme\ntuser.ini

2015-10-18 16:25 - 2015-10-18 16:25 - 00000000 ____D C:\Users\killme\AppData\Local\TileDataLayer

2015-10-18 16:24 - 2015-10-18 16:26 - 00000000 ___RD C:\Users\killme\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2015-10-18 16:24 - 2015-10-18 16:25 - 00000000 ____D C:\Users\killme\AppData\Local\Google

2015-10-18 16:24 - 2015-10-17 23:15 - 00000000 ____D C:\Users\killme\AppData\Roaming\TuneUp Software

2015-10-18 16:24 - 2015-10-17 23:15 - 00000000 ____D C:\Users\killme\AppData\LocalGoogle

2015-10-18 16:24 - 2015-07-10 06:04 - 00000000 __RSD C:\Users\killme\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell

2015-10-18 16:24 - 2015-07-10 06:04 - 00000000 ___RD C:\Users\killme\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2015-10-18 16:24 - 2015-07-10 06:04 - 00000000 ___RD C:\Users\killme\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility

2015-10-18 16:24 - 2015-07-10 06:04 - 00000000 ____D C:\Users\killme\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

2015-10-18 16:23 - 2015-10-23 06:30 - 00000000 ____D C:\Users\killme

2015-10-18 16:23 - 2015-10-18 16:23 - 00016148 _____ C:\WINDOWS\system32\HELEN-LAPTOP_jeffrey johnson_HistoryPrediction.bin

2015-10-18 11:45 - 2015-10-19 22:30 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2015-10-18 11:44 - 2015-10-18 12:58 - 00000000 ____D C:\Users\Public\Documents\mbar

2015-10-18 11:39 - 2015-10-18 14:21 - 00000000 ____D C:\AdwCleaner

2015-10-18 10:22 - 2015-10-18 10:22 - 04320280 _____ (Qualcomm Atheros Communications, Inc.) C:\WINDOWS\system32\Drivers\athw10x.sys

2015-10-18 10:11 - 2015-10-18 10:11 - 00000000 ____D C:\ProgramData\Microsoft OneDrive

2015-10-18 10:00 - 2015-08-18 23:50 - 00609592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll

2015-10-18 10:00 - 2015-07-25 01:29 - 04532304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe

2015-10-18 10:00 - 2015-07-24 23:54 - 04047288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe

2015-10-18 10:00 - 2015-07-21 22:52 - 00988672 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll

2015-10-18 01:56 - 2015-10-19 19:16 - 00000000 ___DC C:\WINDOWS\Panther

2015-10-18 01:51 - 2015-10-18 01:51 - 00000000 ____D C:\Windows.old

2015-10-18 01:50 - 2015-10-18 01:50 - 00008192 _____ C:\WINDOWS\system32\config\userdiff

2015-10-18 01:44 - 2015-10-18 01:44 - 00000000 ____D C:\Program Files\Reference Assemblies

2015-10-18 01:44 - 2015-10-18 01:44 - 00000000 ____D C:\Program Files\MSBuild

2015-10-18 01:44 - 2015-10-18 01:44 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies

2015-10-18 01:44 - 2015-10-18 01:44 - 00000000 ____D C:\Program Files (x86)\MSBuild

2015-10-18 01:44 - 2015-10-18 01:44 - 00000000 ____D C:\inetpub

2015-10-18 01:43 - 2015-06-17 21:10 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll

2015-10-18 01:43 - 2015-06-17 21:10 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll

2015-10-18 01:43 - 2015-06-17 21:10 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe

2015-10-18 01:43 - 2015-05-30 00:07 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll

2015-10-18 01:43 - 2015-05-30 00:07 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll

2015-10-18 01:43 - 2015-05-30 00:07 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe

2015-10-17 23:30 - 2015-10-17 23:30 - 00000000 __SHD C:\Recovery

2015-10-17 23:28 - 2015-10-17 23:28 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat

2015-10-17 23:15 - 2015-10-17 23:15 - 00000000 ____D C:\Users\Default\Documents\hp.system.package.metadata

2015-10-17 23:15 - 2015-10-17 23:15 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software

2015-10-17 23:15 - 2015-10-17 23:15 - 00000000 ____D C:\Users\Default\AppData\LocalGoogle

2015-10-17 23:15 - 2015-10-17 23:15 - 00000000 ____D C:\Users\Default\AppData\Local\Google

2015-10-17 23:15 - 2015-10-17 23:15 - 00000000 ____D C:\Users\Default User\Documents\hp.system.package.metadata

2015-10-17 23:15 - 2015-10-17 23:15 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software

2015-10-17 23:15 - 2015-10-17 23:15 - 00000000 ____D C:\Users\Default User\AppData\LocalGoogle

2015-10-17 23:15 - 2015-10-17 23:15 - 00000000 ____D C:\Users\Default User\AppData\Local\Google

2015-10-17 23:14 - 2015-10-17 23:14 - 00001519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk

2015-10-17 23:08 - 2015-10-17 23:08 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate

2015-10-17 23:04 - 2015-10-22 20:19 - 00968010 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2015-10-17 23:04 - 2015-10-17 23:08 - 00011587 _____ C:\WINDOWS\iis.log

2015-10-17 23:04 - 2015-10-17 23:04 - 00925184 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI

2015-10-17 23:01 - 2015-07-10 05:59 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll

2015-10-17 23:00 - 2015-10-17 23:00 - 00000264 _____ C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job

2015-10-17 23:00 - 2015-10-17 23:00 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01009.Wdf

2015-10-17 23:00 - 2015-10-17 23:00 - 00000000 ____D C:\WINDOWS\system32\SRSLabs

2015-10-17 23:00 - 2015-10-17 23:00 - 00000000 ____D C:\Program Files\Synaptics

2015-10-17 22:58 - 2015-10-17 22:59 - 00032226 _____ C:\WINDOWS\system32\NetSetupMig.log

2015-10-17 22:57 - 2015-10-23 06:29 - 00018498 _____ C:\WINDOWS\PFRO.log

2015-10-17 22:12 - 2015-10-17 23:29 - 00006701 _____ C:\WINDOWS\comsetup.log

2015-10-17 19:22 - 2015-10-17 23:25 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2015-10-17 19:22 - 2015-10-17 23:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2015-10-17 18:47 - 2015-10-17 23:28 - 00004092 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{1AF87170-925F-4544-AAA6-6CDB037C6526}

2015-10-17 18:44 - 2015-10-17 22:24 - 00000000 ____D C:\Users\TEMP.HELEN-LAPTOP.001

2015-10-17 14:42 - 2015-10-17 23:28 - 00004092 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{97BB5A66-EF3C-4F7A-981D-0EA73A5B5343}

2015-10-17 14:42 - 2015-10-17 14:42 - 00000020 ___SH C:\Users\TEMP.HELEN-LAPTOP.000\ntuser.ini

2015-10-17 14:40 - 2015-10-17 18:41 - 00000000 ____D C:\Users\TEMP.HELEN-LAPTOP.000

2015-10-17 14:40 - 2012-08-16 22:52 - 00000000 ___HD C:\Users\TEMP.HELEN-LAPTOP.000\Documents\hp.system.package.metadata

2015-10-17 13:15 - 2015-10-17 23:28 - 00004092 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{9D0912AB-49A2-46DE-8BE9-4B464C7B5D93}

2015-10-17 13:15 - 2015-10-17 13:15 - 00000020 ___SH C:\Users\TEMP.HELEN-LAPTOP\ntuser.ini

2015-10-17 13:13 - 2015-10-17 14:37 - 00000000 ____D C:\Users\TEMP.HELEN-LAPTOP

2015-10-17 13:13 - 2012-08-16 22:52 - 00000000 ___HD C:\Users\TEMP.HELEN-LAPTOP\Documents\hp.system.package.metadata

2015-10-17 10:20 - 2015-10-17 23:29 - 00004092 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{4B337D40-8FC6-4735-9346-33B6088469F2}

2015-10-17 09:50 - 2015-10-17 23:28 - 00004092 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{9C12FE4D-E86A-423A-9FED-9A8058640C56}

2015-10-17 09:18 - 2015-10-17 23:29 - 00004092 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{D7DC42B2-1C76-4554-9584-D1F457E27BD9}

2015-10-17 09:18 - 2015-10-17 09:18 - 00000020 ___SH C:\Users\TEMP\ntuser.ini

2015-10-17 09:16 - 2015-10-17 09:41 - 00000000 ____D C:\Users\TEMP

2015-10-17 09:16 - 2012-08-16 22:52 - 00000000 ___HD C:\Users\TEMP\Documents\hp.system.package.metadata

2015-10-15 20:33 - 2015-10-17 23:29 - 00004092 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{3B381259-5C12-4A95-9E95-B6D6200EE652}

2015-10-15 20:28 - 2015-10-15 20:28 - 00000000 __SHD C:\found.000

2015-10-10 16:00 - 2015-10-22 19:15 - 00000000 ____D C:\reg

2015-10-10 14:57 - 2015-10-10 14:57 - 00000000 ___HD C:\$Windows.~WS

2015-10-10 12:17 - 2015-10-19 19:16 - 00001908 _____ C:\WINDOWS\diagwrn.xml

2015-10-10 12:17 - 2015-10-19 19:16 - 00001908 _____ C:\WINDOWS\diagerr.xml

2015-10-10 10:47 - 2015-10-10 10:51 - 00000000 ____D C:\WINDOWS\system32\MRT

2015-10-09 21:25 - 2015-10-22 19:06 - 00000000 ____D C:\WINDOWS\pss

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2015-10-23 06:31 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\AppReadiness

2015-10-23 06:31 - 2013-02-12 18:54 - 00000938 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2015-10-23 06:30 - 2015-07-10 07:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

2015-10-23 06:30 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\sru

2015-10-23 06:25 - 2013-02-12 18:54 - 00000942 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2015-10-22 20:29 - 2015-07-10 07:22 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log

2015-10-22 20:04 - 2013-05-25 15:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive

2015-10-22 19:28 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\appcompat

2015-10-22 19:18 - 2015-07-10 04:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI

2015-10-22 19:10 - 2015-07-10 07:20 - 00001007 _____ C:\WINDOWS\setupact.log

2015-10-19 19:13 - 2015-07-10 07:20 - 00000000 _____ C:\WINDOWS\setuperr.log

2015-10-18 12:59 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\Help

2015-10-18 10:23 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase

2015-10-18 10:08 - 2015-07-10 06:04 - 00000000 ___RD C:\WINDOWS\PurchaseDialog

2015-10-18 10:08 - 2015-07-10 06:04 - 00000000 ___RD C:\WINDOWS\PrintDialog

2015-10-18 10:08 - 2015-07-10 06:04 - 00000000 ___RD C:\WINDOWS\MiracastView

2015-10-18 10:08 - 2015-07-10 06:04 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel

2015-10-18 10:02 - 2015-07-10 07:20 - 00198776 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2015-10-18 10:01 - 2015-07-10 05:55 - 00000000 ____D C:\WINDOWS\CbsTemp

2015-10-18 10:00 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\restore

2015-10-18 01:56 - 2015-07-10 06:04 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template

2015-10-18 01:44 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv

2015-10-18 01:44 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\inetsrv

2015-10-18 01:44 - 2015-07-10 06:01 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll

2015-10-18 01:44 - 2015-07-10 06:01 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll

2015-10-18 01:44 - 2015-07-10 06:01 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll

2015-10-18 01:44 - 2015-07-10 06:01 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe

2015-10-18 01:44 - 2015-07-10 06:01 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll

2015-10-18 01:44 - 2015-07-10 06:01 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll

2015-10-18 01:44 - 2015-07-10 06:00 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll

2015-10-18 01:44 - 2015-07-10 06:00 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll

2015-10-18 01:44 - 2015-07-10 06:00 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll

2015-10-18 01:44 - 2015-07-10 06:00 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe

2015-10-18 01:44 - 2015-07-10 06:00 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll

2015-10-18 01:44 - 2015-07-10 06:00 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll

2015-10-17 23:34 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\rescache

2015-10-17 23:29 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\Registration

2015-10-17 23:29 - 2013-05-25 15:27 - 00003828 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater

2015-10-17 23:29 - 2012-12-18 03:06 - 00003704 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2876596647-219202347-903480905-1003

2015-10-17 23:28 - 2015-08-27 20:44 - 00003788 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore

2015-10-17 23:28 - 2013-02-12 18:54 - 00004024 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA

2015-10-17 23:28 - 2012-10-30 00:24 - 00003270 _____ C:\WINDOWS\System32\Tasks\CLMLSvc_P2G8

2015-10-17 23:28 - 2012-10-30 00:20 - 00003258 _____ C:\WINDOWS\System32\Tasks\MirageAgent

2015-10-17 23:28 - 2012-10-30 00:00 - 00003092 _____ C:\WINDOWS\System32\Tasks\Synaptics TouchPad Enhancements

2015-10-17 23:25 - 2015-07-10 06:04 - 00000000 __RHD C:\Users\Public\Libraries

2015-10-17 23:17 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\NDF

2015-10-17 23:17 - 2015-07-10 04:05 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM

2015-10-17 23:17 - 2013-01-30 15:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

2015-10-17 23:17 - 2013-01-14 13:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

2015-10-17 23:17 - 2012-10-30 00:20 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat

2015-10-17 23:17 - 2012-10-30 00:17 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink LabelPrint

2015-10-17 23:17 - 2012-10-30 00:12 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools

2015-10-17 23:17 - 2012-10-29 23:57 - 00000000 ____D C:\Program Files (x86)\ATI Technologies

2015-10-17 23:17 - 2012-08-16 23:13 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games

2015-10-17 23:17 - 2012-08-16 23:11 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support

2015-10-17 23:17 - 2012-08-16 23:05 - 00000000 ____D C:\WINDOWS\en

2015-10-17 23:17 - 2012-08-16 23:04 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live

2015-10-17 23:15 - 2015-07-10 06:05 - 00003513 _____ C:\WINDOWS\DtcInstall.log

2015-10-17 23:15 - 2012-07-26 00:37 - 00000000 ____D C:\Users\Default.migrated

2015-10-17 23:11 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz

2015-10-17 23:11 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\SysWOW64\IME

2015-10-17 23:11 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\spool

2015-10-17 23:11 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\oobe

2015-10-17 23:11 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\IME

2015-10-17 23:11 - 2012-10-30 00:00 - 00000000 ____D C:\WINDOWS\SysWOW64\sda

2015-10-17 23:10 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\LiveKernelReports

2015-10-17 23:09 - 2015-07-10 06:04 - 00000000 ____D C:\Program Files\Common Files\microsoft shared

2015-10-17 23:09 - 2012-12-18 03:00 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services

2015-10-17 23:09 - 2012-10-29 23:59 - 00000000 ____D C:\Program Files (x86)\AMD AVT

2015-10-17 23:09 - 2012-10-29 23:58 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies

2015-10-17 23:09 - 2012-08-16 22:59 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection

2015-10-17 23:09 - 2012-08-16 22:52 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard

2015-10-17 23:09 - 2012-08-03 17:29 - 00000000 ____D C:\ProgramData\PRICache

2015-10-17 23:08 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\Recovery

2015-10-17 23:03 - 2015-07-10 04:05 - 00000000 ____D C:\WINDOWS\system32\Sysprep

2015-10-17 22:57 - 2015-07-10 04:05 - 00000000 __RHD C:\Users\Default

2015-10-17 22:22 - 2012-12-18 02:55 - 02045808 _____ C:\WINDOWS\WindowsUpdate (1).log

2015-10-17 21:48 - 2012-07-26 03:12 - 00000000 ____D C:\WINDOWS\AUInstallAgent

2015-10-17 19:21 - 2012-12-18 11:44 - 00000000 ____D C:\Program Files (x86)\Google

2015-10-15 21:20 - 2012-08-16 23:15 - 00000000 ____D C:\Program Files (x86)\HP Games

2015-10-15 21:20 - 2012-08-16 23:13 - 00000000 ____D C:\ProgramData\WildTangent

2015-10-15 19:36 - 2012-08-16 23:08 - 00000000 ___RD C:\Program Files (x86)\Online Services

2015-10-10 15:38 - 2012-10-30 00:14 - 00000000 ___RD C:\Program Files\Online Services

2015-10-10 13:21 - 2012-10-30 00:04 - 00000000 ____D C:\WINDOWS\Options

2015-10-10 12:12 - 2013-05-25 15:27 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2015-10-10 10:54 - 2013-01-30 15:55 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2015-10-10 10:53 - 2013-01-30 15:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight

2015-10-09 20:04 - 2013-05-24 14:24 - 00000000 ____D C:\ProgramData\MFAData

2015-10-09 14:37 - 2015-04-18 11:21 - 18819272 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe

 

==================== Bamital & volsnap =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\WINDOWS\system32\winlogon.exe => File is digitally signed

C:\WINDOWS\system32\wininit.exe => File is digitally signed

C:\WINDOWS\explorer.exe => File is digitally signed

C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed

C:\WINDOWS\system32\svchost.exe => File is digitally signed

C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed

C:\WINDOWS\system32\services.exe => File is digitally signed

C:\WINDOWS\system32\User32.dll => File is digitally signed

C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed

C:\WINDOWS\system32\userinit.exe => File is digitally signed

C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed

C:\WINDOWS\system32\rpcss.dll => File is digitally signed

C:\WINDOWS\system32\dnsapi.dll => File is digitally signed

C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2015-10-17 22:57

 

==================== End of FRST.txt ============================

 

 

 


Additional scan result of Farbar Recovery Scan Tool (x64) Version:21-10-2015 01

Ran by killme (2015-10-23 06:36:04)

Running from C:\Users\killme\Desktop

Windows 10 Home (X64) (2015-10-18 15:03:32)

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-2876596647-219202347-903480905-500 - Administrator - Disabled)

DefaultAccount (S-1-5-21-2876596647-219202347-903480905-503 - Limited - Disabled)

Guest (S-1-5-21-2876596647-219202347-903480905-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-2876596647-219202347-903480905-1005 - Limited - Enabled)

killme (S-1-5-21-2876596647-219202347-903480905-1006 - Administrator - Enabled) => C:\Users\killme

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)

AMD Catalyst Install Manager (HKLM\...\{D01E0B82-7D6E-F9AC-9A7D-C6076264F419}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)

AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.3.26.0 - AppEx Networks)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5407 - CyberLink Corp.)

CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)

CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3119 - CyberLink Corp.)

CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1926 - CyberLink Corp.)

CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)

CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)

CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.71 - Google Inc.)

Google Drive (HKLM-x32\...\{9C350701-AC04-48BA-A435-BD5E0D82897E}) (Version: 1.25.0523.2491 - Google, Inc.)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden

Hewlett-Packard ACLM.NET v1.2.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden

HP 3D DriveGuard (HKLM\...\{F244D07D-1876-4CDD-914D-214E15A8D327}) (Version: 4.2.5.1 - Hewlett-Packard Company)

HP CoolSense (HKLM-x32\...\{16B7BDA1-B967-4D2D-8B27-E12727C28350}) (Version: 2.10.3 - Hewlett-Packard Company)

HP Documentation (HKLM-x32\...\{18DE31AE-70D0-43A7-9E3C-2ED7283ECE8A}) (Version: 1.1.0.0 - Hewlett-Packard)

HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)

HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)

HP Quick Launch (HKLM-x32\...\{4ED7050C-9332-4FB2-AB07-E94F25A53D39}) (Version: 3.0.3 - Hewlett-Packard Company)

HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)

HP Software Framework (HKLM-x32\...\{835B275B-F29B-464B-BD4B-097FD55FAB0A}) (Version: 4.6.8.1 - Hewlett-Packard Company)

HP Support Assistant (HKLM-x32\...\{B8019B54-F9BE-490A-9619-6D06F18F129F}) (Version: 7.0.32.44 - Hewlett-Packard Company)

HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)

HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.5.1 - Hewlett-Packard Company)

IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6417.0 - IDT)

Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)

Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)

Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)

Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)

swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.12 - Synaptics Incorporated)

Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)

VLC media player 1.1.5 (HKLM-x32\...\VLC media player) (Version: 1.1.5 - VideoLAN)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== Restore Points =========================

 

18-10-2015 10:00:28 Windows Modules Installer

 

==================== Hosts content: ===============================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2012-07-26 00:26 - 2015-10-10 12:24 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

 

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {1409E791-0339-483A-AD2C-271A78B155D0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)

Task: {31D6DB00-CFF7-4D12-A039-7880B7F75B71} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)

Task: {3CA583BE-C704-4BFC-9C91-B7E5E5A35251} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)

Task: {3DAD030E-DF30-4397-B8D0-58D57EF25748} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-24] (Synaptics Incorporated)

Task: {5E8E65DB-3C7F-489C-8F70-E2994F0B44BB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis Install => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-10] (Hewlett-Packard Company)

Task: {7EF22D8D-991A-43F7-886D-FB9F50B17A34} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Assistant Restart => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-10] (Hewlett-Packard Company)

Task: {7F53B64C-913A-417E-9D95-6158522E58E3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-08-07] (Hewlett-Packard Company)

Task: {85F56EF7-9C52-4495-8003-D0FB82ED3081} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-09] (Adobe Systems Incorporated)

Task: {88A0252A-6C5A-4F01-8C81-DBD4E38AF75F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-10] (Hewlett-Packard Company)

Task: {8C097CC6-9B81-4C86-9A6B-AA2ABD8742FB} - System32\Tasks\Microsoft\Windows\SetupSQMTask => C:\WINDOWS\SYSTEM32\OOBE\SETUPSQM.EXE [2015-07-10] (Microsoft Corporation)

Task: {DFFA9172-C291-4E64-A7F6-E38BA64FDA37} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP SoftPaq Installer => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Tasks.exe [2012-08-10] (Hewlett-Packard Company)

Task: {F302D047-3C60-430E-9AC4-5ACE940A5B1E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-10] (Hewlett-Packard Company)

Task: {FA1BCD82-4A3F-4623-915E-9AFFE0A2A8C8} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\Explorer.EXE [2015-07-25] (Microsoft Corporation)

Task: {FBFF6B4B-B867-4C4A-A0CD-8996DCC57BB7} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)

Task: {FF6C1A4A-0A2F-4C72-93F6-8B8B0D8B3AB8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2012-07-13] (Hewlett-Packard)

Task: {FFB54E2C-B4CD-4908-A993-DC789A2780C7} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-08-26] (Microsoft Corporation)

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

 

==================== Loaded Modules (Whitelisted) ==============

 

2015-07-10 06:00 - 2015-07-10 06:00 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll

2012-08-08 12:36 - 2012-08-08 12:36 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll

2015-07-10 05:59 - 2015-07-10 05:59 - 00403968 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll

2015-07-10 06:00 - 2015-07-10 06:00 - 02498296 _____ () C:\WINDOWS\system32\CoreUIComponents.dll

2015-07-10 06:00 - 2015-07-10 06:00 - 02498296 _____ () C:\WINDOWS\System32\CoreUIComponents.dll

2015-07-10 05:59 - 2015-07-10 05:59 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll

2015-07-10 06:00 - 2015-07-10 08:14 - 06579712 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll

2015-07-10 06:00 - 2015-07-10 08:14 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll

2015-07-10 06:00 - 2015-07-10 08:14 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll

2012-10-30 00:23 - 2012-06-07 22:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll

2012-06-08 13:34 - 2012-06-08 13:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll

 

==================== Alternate Data Streams (Whitelisted) =========

 

==================== Safe Mode (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"

 

==================== EXE Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-2876596647-219202347-903480905-1006\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg

DNS Servers: Media is not connected to internet.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(Currently there is no automatic fix for this section.)

 

MSCONFIG\Services: lfsvc => 3

HKLM\...\StartupApproved\Run32: => "ApnUpdater"

HKLM\...\StartupApproved\Run32: => "AVG_UI"

 

==================== FirewallRules (Whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139

FirewallRules: [{F766549E-6C3C-4D1B-B80C-FAD3159D7C08}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

FirewallRules: [{A29B28DB-A6B4-468B-8FC0-B83412CAAA1D}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe

FirewallRules: [{A65CB845-80C8-4133-8C45-3DAD77FA7060}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe

FirewallRules: [{BF2320B4-DA75-4269-B29F-D9C4A50CB1A6}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe

FirewallRules: [{E0B54667-4A85-4914-8198-3FA1CECF6E81}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe

FirewallRules: [{0C70A0C4-E4FE-46A8-9B98-C033EF30DBBB}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe

FirewallRules: [{09E90719-005D-4CCC-B857-92725145ABF7}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe

FirewallRules: [{10ABD816-A811-408B-946E-1ECF12A6AA9E}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe

FirewallRules: [{F6BC9C88-E965-468E-B367-623A2C882DDA}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe

FirewallRules: [uDP Query User{8B7770A2-A489-4877-BEB1-F4FD6CCE3389}C:\users\jeffrey johnson\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\jeffrey johnson\appdata\roaming\spotify\spotify.exe

FirewallRules: [TCP Query User{60414B73-D3A4-48C7-A1BB-D5260F48940F}C:\users\jeffrey johnson\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\jeffrey johnson\appdata\roaming\spotify\spotify.exe

FirewallRules: [uDP Query User{7CDED584-C7B4-436A-9940-38CAFA94B5E3}C:\users\jeffrey johnson\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\jeffrey johnson\appdata\roaming\spotify\spotify.exe

FirewallRules: [TCP Query User{0EEB9AB6-0689-4809-A008-136213A8B5E1}C:\users\jeffrey johnson\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\jeffrey johnson\appdata\roaming\spotify\spotify.exe

FirewallRules: [{C4CF97F6-7537-483E-9DB2-42B9054C3934}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE

FirewallRules: [{8FD10B23-57AB-4AFF-B324-1F36777E6C1C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE

FirewallRules: [{481FEEE4-54A8-43DE-BE8D-64AB43D38C02}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{DFB8A7CB-F2E4-4709-9E9C-6250472952AC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{7652607A-0969-4755-9C42-E615834C720F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{E7FE6929-3A3F-4F39-B2A4-7FC59EC9BDB1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{207D0475-6BF3-40EA-9862-8E32654D230F}] => (Allow) LPort=1900

FirewallRules: [{AC0D6EE0-6FC2-46CF-BEAF-A191E1A2E3F0}] => (Allow) LPort=2869

FirewallRules: [{E30FE1C6-4F1B-4F7A-A4D4-089F96A80D3C}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (10/23/2015 06:30:14 AM) (Source: ATIeRecord) (EventID: 16396) (User: )

Description: ATI EEU PnP start/stop failed

 

Error: (10/22/2015 07:48:02 PM) (Source: ATIeRecord) (EventID: 16396) (User: )

Description: ATI EEU PnP start/stop failed

 

Error: (10/22/2015 07:07:34 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )

Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.

 

Details:

Could not query the status of the EventSystem service.

 

System Error:

A system shutdown is in progress.

.

 

Error: (10/22/2015 07:04:41 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HELEN-LAPTOP)

Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

 

Error: (10/22/2015 07:04:35 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: SearchUI.exe, version: 10.0.10240.16384, time stamp: 0x559f3d35

Faulting module name: CortanaApi.dll, version: 0.0.0.0, time stamp: 0x559f391e

Exception code: 0x80000003

Fault offset: 0x000000000015a6d7

Faulting process id: 0x59c

Faulting application start time: 0xSearchUI.exe0

Faulting application path: SearchUI.exe1

Faulting module path: SearchUI.exe2

Report Id: SearchUI.exe3

Faulting package full name: SearchUI.exe4

Faulting package-relative application ID: SearchUI.exe5

 

Error: (10/22/2015 07:04:03 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: SearchUI.exe, version: 10.0.10240.16384, time stamp: 0x559f3d35

Faulting module name: CortanaApi.dll, version: 0.0.0.0, time stamp: 0x559f391e

Exception code: 0x80000003

Fault offset: 0x000000000015a6d7

Faulting process id: 0x994

Faulting application start time: 0xSearchUI.exe0

Faulting application path: SearchUI.exe1

Faulting module path: SearchUI.exe2

Report Id: SearchUI.exe3

Faulting package full name: SearchUI.exe4

Faulting package-relative application ID: SearchUI.exe5

 

Error: (10/22/2015 07:04:00 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: SearchUI.exe, version: 10.0.10240.16384, time stamp: 0x559f3d35

Faulting module name: CortanaApi.dll, version: 0.0.0.0, time stamp: 0x559f391e

Exception code: 0x80000003

Fault offset: 0x000000000015a6d7

Faulting process id: 0x3d0

Faulting application start time: 0xSearchUI.exe0

Faulting application path: SearchUI.exe1

Faulting module path: SearchUI.exe2

Report Id: SearchUI.exe3

Faulting package full name: SearchUI.exe4

Faulting package-relative application ID: SearchUI.exe5

 

Error: (10/22/2015 07:03:57 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: SearchUI.exe, version: 10.0.10240.16384, time stamp: 0x559f3d35

Faulting module name: CortanaApi.dll, version: 0.0.0.0, time stamp: 0x559f391e

Exception code: 0x80000003

Fault offset: 0x000000000015a6d7

Faulting process id: 0x9ac

Faulting application start time: 0xSearchUI.exe0

Faulting application path: SearchUI.exe1

Faulting module path: SearchUI.exe2

Report Id: SearchUI.exe3

Faulting package full name: SearchUI.exe4

Faulting package-relative application ID: SearchUI.exe5

 

Error: (10/22/2015 07:03:53 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: SearchUI.exe, version: 10.0.10240.16384, time stamp: 0x559f3d35

Faulting module name: CortanaApi.dll, version: 0.0.0.0, time stamp: 0x559f391e

Exception code: 0x80000003

Fault offset: 0x000000000015a6d7

Faulting process id: 0x8b0

Faulting application start time: 0xSearchUI.exe0

Faulting application path: SearchUI.exe1

Faulting module path: SearchUI.exe2

Report Id: SearchUI.exe3

Faulting package full name: SearchUI.exe4

Faulting package-relative application ID: SearchUI.exe5

 

Error: (10/22/2015 07:03:50 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: SearchUI.exe, version: 10.0.10240.16384, time stamp: 0x559f3d35

Faulting module name: CortanaApi.dll, version: 0.0.0.0, time stamp: 0x559f391e

Exception code: 0x80000003

Fault offset: 0x000000000015a6d7

Faulting process id: 0xac8

Faulting application start time: 0xSearchUI.exe0

Faulting application path: SearchUI.exe1

Faulting module path: SearchUI.exe2

Report Id: SearchUI.exe3

Faulting package full name: SearchUI.exe4

Faulting package-relative application ID: SearchUI.exe5

 

 

System errors:

=============

Error: (10/23/2015 06:32:02 AM) (Source: DCOM) (EventID: 10016) (User: HELEN-LAPTOP)

Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}HELEN-LAPTOPkillmeS-1-5-21-2876596647-219202347-903480905-1006LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.4.8.152_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

 

Error: (10/23/2015 06:32:02 AM) (Source: DCOM) (EventID: 10016) (User: HELEN-LAPTOP)

Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}HELEN-LAPTOPkillmeS-1-5-21-2876596647-219202347-903480905-1006LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.4.8.152_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

 

Error: (10/23/2015 06:30:09 AM) (Source: EventLog) (EventID: 6008) (User: )

Description: The previous system shutdown at 6:19:19 AM on ‎10/‎23/‎2015 was unexpected.

 

Error: (10/22/2015 07:31:49 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

 

Error: (10/22/2015 07:31:48 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

 

Error: (10/22/2015 07:31:47 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

 

Error: (10/22/2015 07:31:47 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

 

Error: (10/22/2015 07:31:46 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

 

Error: (10/22/2015 07:31:45 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

 

Error: (10/22/2015 07:31:44 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

 

 

CodeIntegrity:

===================================

  Date: 2015-10-23 06:33:21.780

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-10-23 05:53:23.695

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-10-22 20:16:13.373

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-10-22 20:15:36.448

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-10-22 20:15:23.134

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-10-22 20:15:11.252

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-10-22 20:14:04.863

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-10-22 19:49:05.401

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-10-22 19:49:04.450

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-10-22 19:21:28.312

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

 

 

==================== Memory info =========================== 

 

Processor: AMD A8-4500M APU with Radeon HD Graphics 

Percentage of memory in use: 60%

Total physical RAM: 3554.26 MB

Available physical RAM: 1412.28 MB

Total Virtual: 4898.26 MB

Available Virtual: 1104.21 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:439.22 GB) (Free:308.48 GB) NTFS ==>[system with boot components (obtained from drive)]

Drive d: (RECOVERY) (Fixed) (Total:25.31 GB) (Free:3.3 GB) NTFS ==>[system with boot components (obtained from drive)]

Drive e: (J_CCSA_X64FRE_EN-US_DV5) (CDROM) (Total:3.8 GB) (Free:0 GB) UDF

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 465.8 GB) (Disk ID: 1EFAD293)

 

Partition: GPT.

 

==================== End of Addition.txt ============================

 

 

 

Thanks for the quick replies!

Link to post
Share on other sites
  • 2 weeks later...
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept