Jump to content
Join us in bringing the fight to COVID-19 ×
☆!Click here for PC Matic product support!☆ ×

MPB

Members
 View Profile  See their activity

  • Content Count

    26

  • Joined

  • Last visited

Everything posted by MPB

  1. MPB
    Thanks Juliet and team! I will take this to the new forum.
  2. MPB
    No I haven't uninstalled the printer. Can you tell me about the Licensing Diagnostic?
  3. MPB
    Can't print. Window updates don't fully load. Requests to activate Windows. Occasional System32 errors for .exe
  4. MPB
    It did not appear that I needed to do this based on the results. Should I?
  5. MPB
    Hi Juliet, here are the results. Also, please tell me how to interpret the licensing diagnostic. https://www.dropbox.com/s/mqjva5x2kciev36/cbs.txt?dl=0
  6. MPB
    After backing up, I initiated a System Refresh and it failed. message: There was a probelm refreshing your PC No changes were made Check for solutions to this problem When I tried to check for a solution, nothing happened. I believe there is also an issue with Windows activation however I no longer have the product key.
  7. MPB
    Ok, thanks. Do I need to back-up my files? Does this wipe out applications?
  8. MPB
    Thanks Juliet!
  9. MPB
    From the Tweaking.com - Windows Repair Pre-scan... Als, would you like to see the logfile(s) from the Windows Repair scan? ┌────────────────────────────────────────────────────────────────────────────────┐ │ Tweaking.com - Windows Repair v3.6.4 - Pre-Scan │ Computer: DAVID (Windows 8.1 6.3.9600 ) (64-bit) │ [started Scan - 11/18/2015 7:54:19 AM] └────────────────────────────────────────────────────────────────────────────────┘ ┌────────────────────────────────────────────────────────────────────────────────┐ │ Scanning Windows Packages Files. │ Started at (11/18/2015 7:54:19 AM) │ │ These Files Are Possibly Corrupt (Bad Digital Signature): (Total: 286) C:\WINDOWS\servicing\Packages\Package_1_for_KB3105216~31bf3856ad364e35~amd64~~6.3.1.0.cat C:\WINDOWS\servicing\Packages\Package_for_KB3105216_RTM~31bf3856ad364e35~amd64~~6.3.1.0.cat C:\WINDOWS\servicing\Packages\Package_for_KB3105216~31bf3856ad364e35~amd64~~6.3.1.0.cat C:\WINDOWS\servicing\Packages\Microsoft-Windows-ApisetNamespace-Com-Package~31bf3856ad364e35~amd64~en-US~6.3.9600.16384.mum C:\WINDOWS\servicing\Packages\Microsoft-Windows-ApisetNamespace-Mincore-Package~31bf3856ad364e35~amd64~en-US~6.3.9600.16384.mum C:\WINDOWS\servicing\Packages\Microsoft-Windows-ApisetNamespace-Shell-Package~31bf3856ad364e35~amd64~en-US~6.3.9600.16384.mum C:\WINDOWS\servicing\Packages\Microsoft-Windows-Common-Drivers-Package-ds~31bf3856ad364e35~amd64~~6.3.9600.16384.mum C:\WINDOWS\servicing\Packages\Microsoft-Windows-Common-Drivers-Package~31bf3856ad364e35~amd64~~6.3.9600.16384.mum C:\WINDOWS\servicing\Packages\Microsoft-Windows-ServicingStack-Full-Package~31bf3856ad364e35~amd64~~6.3.9600.16384.mum C:\WINDOWS\servicing\Packages\Package_1091_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.mum C:\WINDOWS\servicing\Packages\Package_109_for_KB3067505~31bf3856ad364e35~amd64~~6.3.1.8.mum C:\WINDOWS\servicing\Packages\Package_111_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.mum C:\WINDOWS\servicing\Packages\Package_1129_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.mum C:\WINDOWS\servicing\Packages\Package_114_for_KB2984006~31bf3856ad364e35~amd64~~6.3.1.4.mum C:\WINDOWS\servicing\Packages\Package_116_for_KB3087038~31bf3856ad364e35~amd64~~6.3.1.3.mum C:\WINDOWS\servicing\Packages\Package_117_for_KB3049563~31bf3856ad364e35~amd64~~6.3.1.1.mum C:\WINDOWS\servicing\Packages\Package_117_for_KB3077715~31bf3856ad364e35~amd64~~6.3.1.1.mum C:\WINDOWS\servicing\Packages\Package_117_for_KB3087038~31bf3856ad364e35~amd64~~6.3.1.3.mum C:\WINDOWS\servicing\Packages\Package_118_for_KB3087038~31bf3856ad364e35~amd64~~6.3.1.3.mum C:\WINDOWS\servicing\Packages\Package_1196_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.mum C:\WINDOWS\servicing\Packages\Package_1199_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.mum C:\WINDOWS\servicing\Packages\Package_119_for_KB3087038~31bf3856ad364e35~amd64~~6.3.1.3.mum C:\WINDOWS\servicing\Packages\Package_1202_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.mum C:\WINDOWS\servicing\Packages\Package_120_for_KB3087038~31bf3856ad364e35~amd64~~6.3.1.3.mum C:\WINDOWS\servicing\Packages\Package_121_for_KB3087038~31bf3856ad364e35~amd64~~6.3.1.3.mum C:\WINDOWS\servicing\Packages\Package_1238_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.mum C:\WINDOWS\servicing\Packages\Package_1239_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.mum C:\WINDOWS\servicing\Packages\Package_130_for_KB3044374~31bf3856ad364e35~amd64~~6.3.1.6.mum C:\WINDOWS\servicing\Packages\Package_130_for_KB3075853~31bf3856ad364e35~amd64~~6.3.1.3.mum C:\WINDOWS\servicing\Packages\Package_1357_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.mum C:\WINDOWS\servicing\Packages\Package_1363_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.mum C:\WINDOWS\servicing\Packages\Package_137_for_KB3077715~31bf3856ad364e35~amd64~~6.3.1.1.mum C:\WINDOWS\servicing\Packages\Package_1406_for_KB2975719~31bf3856ad364e35~amd64~~6.3.1.8.mum C:\WINDOWS\servicing\Packages\Package_141_for_KB3075853~31bf3856ad364e35~amd64~~6.3.1.3.mum C:\WINDOWS\servicing\Packages\Package_1424_for_KB2994290~31bf3856ad364e35~amd64~~6.3.1.3.mum C:\WINDOWS\servicing\Packages\Package_1534_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.mum C:\WINDOWS\servicing\Packages\Package_154_for_KB3077715~31bf3856ad364e35~amd64~~6.3.1.1.mum C:\WINDOWS\servicing\Packages\Package_1611_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.mum C:\WINDOWS\servicing\Packages\Package_1613_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.mum C:\WINDOWS\servicing\Packages\Package_16_for_KB2919355~31bf3856ad364e35~amd64~~6.3.1.14.mum C:\WINDOWS\servicing\Packages\Package_16_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.mum C:\WINDOWS\servicing\Packages\Package_1723_for_KB2919355~31bf3856ad364e35~amd64~~6.3.1.14.mum C:\WINDOWS\servicing\Packages\Package_17_for_KB3074545~31bf3856ad364e35~amd64~~6.3.1.0.mum C:\WINDOWS\servicing\Packages\Package_180_for_KB2883200~31bf3856ad364e35~amd64~~6.3.1.18.mum C:\WINDOWS\servicing\Packages\Package_1816_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.mum C:\WINDOWS\servicing\Packages\Package_1818_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.mum C:\WINDOWS\servicing\Packages\Package_1819_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.mum C:\WINDOWS\servicing\Packages\Package_1823_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.mum C:\WINDOWS\servicing\Packages\Package_1836_for_KB2932046~31bf3856ad364e35~amd64~~6.3.1.5.mum C:\WINDOWS\servicing\Packages\Package_1894_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.mum C:\WINDOWS\servicing\Packages\Package_1944_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.mum C:\WINDOWS\servicing\Packages\Package_1995_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.mum C:\WINDOWS\servicing\Packages\Package_1_for_KB2975061~31bf3856ad364e35~amd64~~6.3.1.0.mum C:\WINDOWS\servicing\Packages\Package_1_for_KB3013531~31bf3856ad364e35~amd64~~6.3.1.0.mum C:\WINDOWS\servicing\Packages\Package_1_for_KB3023266~31bf3856ad364e35~amd64~~6.3.1.1.mum C:\WINDOWS\servicing\Packages\Package_1_for_KB3067505~31bf3856ad364e35~amd64~~6.3.1.8.mum C:\WINDOWS\servicing\Packages\Package_1_for_KB3069114~31bf3856ad364e35~amd64~~6.3.1.2.mum C:\WINDOWS\servicing\Packages\Package_1_for_KB3072307~31bf3856ad364e35~amd64~~6.3.1.2.mum C:\WINDOWS\servicing\Packages\Package_1_for_KB3083992~31bf3856ad364e35~amd64~~6.3.1.1.mum C:\WINDOWS\servicing\Packages\Package_1_for_KB3084135~31bf3856ad364e35~amd64~~6.3.1.0.mum C:\WINDOWS\servicing\Packages\Package_1_for_KB3087040~31bf3856ad364e35~amd64~~6.3.1.3.mum C:\WINDOWS\servicing\Packages\Package_1_for_KB3087916~31bf3856ad364e35~amd64~~6.3.1.0.mum C:\WINDOWS\servicing\Packages\Package_1_for_KB3105216~31bf3856ad364e35~amd64~~6.3.1.0.mum C:\WINDOWS\servicing\Packages\Package_2025_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.mum C:\WINDOWS\servicing\Packages\Package_20_for_KB2894852~31bf3856ad364e35~amd64~~6.3.2.0.mum C:\WINDOWS\servicing\Packages\Package_218_for_KB2967917~31bf3856ad364e35~amd64~~6.3.1.2.mum C:\WINDOWS\servicing\Packages\Package_2192_for_KB2919355~31bf3856ad364e35~amd64~~6.3.1.14.mum C:\WINDOWS\servicing\Packages\Package_22_for_KB2975061~31bf3856ad364e35~amd64~~6.3.1.0.mum C:\WINDOWS\servicing\Packages\Package_22_for_KB3075853~31bf3856ad364e35~amd64~~6.3.1.3.mum C:\WINDOWS\servicing\Packages\Package_22_for_KB3077715~31bf3856ad364e35~amd64~~6.3.1.1.mum C:\WINDOWS\servicing\Packages\Package_23_for_KB3075853~31bf3856ad364e35~amd64~~6.3.1.3.mum C:\WINDOWS\servicing\Packages\Package_2548_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.mum C:\WINDOWS\servicing\Packages\Package_2559_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.mum C:\WINDOWS\servicing\Packages\Package_2641_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.mum C:\WINDOWS\servicing\Packages\Package_2642_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.mum C:\WINDOWS\servicing\Packages\Package_2644_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.mum C:\WINDOWS\servicing\Packages\Package_2652_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.mum C:\WINDOWS\servicing\Packages\Package_2666_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.mum C:\WINDOWS\servicing\Packages\Package_2687_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.mum C:\WINDOWS\servicing\Packages\Package_2690_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.mum C:\WINDOWS\servicing\Packages\Package_2718_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.mum C:\WINDOWS\servicing\Packages\Package_2720_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.mum C:\WINDOWS\servicing\Packages\Package_2741_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.mum C:\WINDOWS\servicing\Packages\Package_27_for_KB3067505~31bf3856ad364e35~amd64~~6.3.1.8.mum C:\WINDOWS\servicing\Packages\Package_284_for_KB2975719~31bf3856ad364e35~amd64~~6.3.1.8.mum C:\WINDOWS\servicing\Packages\Package_2884_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.mum C:\WINDOWS\servicing\Packages\Package_28_for_KB2919355~31bf3856ad364e35~amd64~~6.3.1.14.mum C:\WINDOWS\servicing\Packages\Package_28_for_KB2962409~31bf3856ad364e35~amd64~~6.3.1.2.mum C:\WINDOWS\servicing\Packages\Package_28_for_KB2975719~31bf3856ad364e35~amd64~~6.3.1.8.mum C:\WINDOWS\servicing\Packages\Package_293_for_KB2975719~31bf3856ad364e35~amd64~~6.3.1.8.mum C:\WINDOWS\servicing\Packages\Package_294_for_KB2975719~31bf3856ad364e35~amd64~~6.3.1.8.mum C:\WINDOWS\servicing\Packages\Package_296_for_KB2975719~31bf3856ad364e35~amd64~~6.3.1.8.mum C:\WINDOWS\servicing\Packages\Package_297_for_KB2975719~31bf3856ad364e35~amd64~~6.3.1.8.mum C:\WINDOWS\servicing\Packages\Package_29_for_KB2975719~31bf3856ad364e35~amd64~~6.3.1.8.mum C:\WINDOWS\servicing\Packages\Package_29_for_KB3060716~31bf3856ad364e35~amd64~~6.3.1.0.mum C:\WINDOWS\servicing\Packages\Package_29_for_KB3067505~31bf3856ad364e35~amd64~~6.3.1.8.mum C:\WINDOWS\servicing\Packages\Package_2_for_KB2962409~31bf3856ad364e35~amd64~~6.3.1.2.mum C:\WINDOWS\servicing\Packages\Package_2_for_KB2966826~31bf3856ad364e35~amd64~~6.3.1.7.mum C:\WINDOWS\servicing\Packages\Package_2_for_KB2975061~31bf3856ad364e35~amd64~~6.3.1.0.mum C:\WINDOWS\servicing\Packages\Package_2_for_KB3048778~31bf3856ad364e35~amd64~~6.3.2.0.mum C:\WINDOWS\servicing\Packages\Package_2_for_KB3069114~31bf3856ad364e35~amd64~~6.3.1.2.mum C:\WINDOWS\servicing\Packages\Package_2_for_KB3077715~31bf3856ad364e35~amd64~~6.3.1.1.mum C:\WINDOWS\servicing\Packages\Package_2_for_KB3082089~31bf3856ad364e35~amd64~~6.3.1.1.mum C:\WINDOWS\servicing\Packages\Package_2_for_KB3083992~31bf3856ad364e35~amd64~~6.3.1.1.mum C:\WINDOWS\servicing\Packages\Package_2_for_KB3084135~31bf3856ad364e35~amd64~~6.3.1.0.mum C:\WINDOWS\servicing\Packages\Package_2_for_KB3087039~31bf3856ad364e35~amd64~~6.3.1.4.mum C:\WINDOWS\servicing\Packages\Package_2_for_KB3087916~31bf3856ad364e35~amd64~~6.3.1.0.mum C:\WINDOWS\servicing\Packages\Package_3072_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.mum C:\WINDOWS\servicing\Packages\Package_3073_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.mum C:\WINDOWS\servicing\Packages\Package_3078_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.mum C:\WINDOWS\servicing\Packages\Package_3081_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.mum C:\WINDOWS\servicing\Packages\Package_3089_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.mum C:\WINDOWS\servicing\Packages\Package_3090_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.mum C:\WINDOWS\servicing\Packages\Package_30_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.mum C:\WINDOWS\servicing\Packages\Package_3151_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.mum C:\WINDOWS\servicing\Packages\Package_3154_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.mum C:\WINDOWS\servicing\Packages\Package_31_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.mum C:\WINDOWS\servicing\Packages\Package_31_for_KB3067505~31bf3856ad364e35~amd64~~6.3.1.8.mum C:\WINDOWS\servicing\Packages\Package_3256_for_KB2919355~31bf3856ad364e35~amd64~~6.3.1.14.mum C:\WINDOWS\servicing\Packages\Package_3257_for_KB2919355~31bf3856ad364e35~amd64~~6.3.1.14.mum C:\WINDOWS\servicing\Packages\Package_327_for_KB2975719~31bf3856ad364e35~amd64~~6.3.1.8.mum C:\WINDOWS\servicing\Packages\Package_328_for_KB2975719~31bf3856ad364e35~amd64~~6.3.1.8.mum C:\WINDOWS\servicing\Packages\Package_32_for_KB3060716~31bf3856ad364e35~amd64~~6.3.1.0.mum C:\WINDOWS\servicing\Packages\Package_32_for_KB3067505~31bf3856ad364e35~amd64~~6.3.1.8.mum C:\WINDOWS\servicing\Packages\Package_33_for_KB3067505~31bf3856ad364e35~amd64~~6.3.1.8.mum C:\WINDOWS\servicing\Packages\Package_34_for_KB3067505~31bf3856ad364e35~amd64~~6.3.1.8.mum C:\WINDOWS\servicing\Packages\Package_35_for_KB3060716~31bf3856ad364e35~amd64~~6.3.1.0.mum C:\WINDOWS\servicing\Packages\Package_35_for_KB3067505~31bf3856ad364e35~amd64~~6.3.1.8.mum C:\WINDOWS\servicing\Packages\Package_3_for_KB2904440~31bf3856ad364e35~amd64~~6.3.1.1.mum C:\WINDOWS\servicing\Packages\Package_3_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.mum C:\WINDOWS\servicing\Packages\Package_3_for_KB3030947~31bf3856ad364e35~amd64~~6.3.1.2.mum C:\WINDOWS\servicing\Packages\Package_3_for_KB3061518~31bf3856ad364e35~amd64~~6.3.1.0.mum C:\WINDOWS\servicing\Packages\Package_3_for_KB3069114~31bf3856ad364e35~amd64~~6.3.1.2.mum C:\WINDOWS\servicing\Packages\Package_3_for_KB3082089~31bf3856ad364e35~amd64~~6.3.1.1.mum C:\WINDOWS\servicing\Packages\Package_3_for_KB3087039~31bf3856ad364e35~amd64~~6.3.1.4.mum C:\WINDOWS\servicing\Packages\Package_40_for_KB2967917~31bf3856ad364e35~amd64~~6.3.1.2.mum C:\WINDOWS\servicing\Packages\Package_410_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.mum C:\WINDOWS\servicing\Packages\Package_411_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.mum C:\WINDOWS\servicing\Packages\Package_412_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.mum C:\WINDOWS\servicing\Packages\Package_414_for_KB2975719~31bf3856ad364e35~amd64~~6.3.1.8.mum C:\WINDOWS\servicing\Packages\Package_41_for_KB2967917~31bf3856ad364e35~amd64~~6.3.1.2.mum C:\WINDOWS\servicing\Packages\Package_41_for_KB3014442~31bf3856ad364e35~amd64~~6.3.1.0.mum C:\WINDOWS\servicing\Packages\Package_41_for_KB3087038~31bf3856ad364e35~amd64~~6.3.1.3.mum C:\WINDOWS\servicing\Packages\Package_42_for_KB3077715~31bf3856ad364e35~amd64~~6.3.1.1.mum C:\WINDOWS\servicing\Packages\Package_42_for_KB3087038~31bf3856ad364e35~amd64~~6.3.1.3.mum C:\WINDOWS\servicing\Packages\Package_43_for_KB3049563~31bf3856ad364e35~amd64~~6.3.1.1.mum C:\WINDOWS\servicing\Packages\Package_43_for_KB3077715~31bf3856ad364e35~amd64~~6.3.1.1.mum C:\WINDOWS\servicing\Packages\Package_44_for_KB2938439~31bf3856ad364e35~amd64~~6.3.1.0.mum C:\WINDOWS\servicing\Packages\Package_44_for_KB3049563~31bf3856ad364e35~amd64~~6.3.1.1.mum C:\WINDOWS\servicing\Packages\Package_44_for_KB3077715~31bf3856ad364e35~amd64~~6.3.1.1.mum C:\WINDOWS\servicing\Packages\Package_44_for_KB3087038~31bf3856ad364e35~amd64~~6.3.1.3.mum C:\WINDOWS\servicing\Packages\Package_45_for_KB3049563~31bf3856ad364e35~amd64~~6.3.1.1.mum C:\WINDOWS\servicing\Packages\Package_45_for_KB3077715~31bf3856ad364e35~amd64~~6.3.1.1.mum C:\WINDOWS\servicing\Packages\Package_45_for_KB3087038~31bf3856ad364e35~amd64~~6.3.1.3.mum C:\WINDOWS\servicing\Packages\Package_46_for_KB3049563~31bf3856ad364e35~amd64~~6.3.1.1.mum C:\WINDOWS\servicing\Packages\Package_46_for_KB3077715~31bf3856ad364e35~amd64~~6.3.1.1.mum C:\WINDOWS\servicing\Packages\Package_476_for_KB2932046~31bf3856ad364e35~amd64~~6.3.1.5.mum C:\WINDOWS\servicing\Packages\Package_47_for_KB2977629~31bf3856ad364e35~amd64~~6.3.1.4.mum C:\WINDOWS\servicing\Packages\Package_47_for_KB3077715~31bf3856ad364e35~amd64~~6.3.1.1.mum C:\WINDOWS\servicing\Packages\Package_48_for_KB3077715~31bf3856ad364e35~amd64~~6.3.1.1.mum C:\WINDOWS\servicing\Packages\Package_49_for_KB3077715~31bf3856ad364e35~amd64~~6.3.1.1.mum C:\WINDOWS\servicing\Packages\Package_4_for_KB3082089~31bf3856ad364e35~amd64~~6.3.1.1.mum C:\WINDOWS\servicing\Packages\Package_507_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.mum C:\WINDOWS\servicing\Packages\Package_50_for_KB3077715~31bf3856ad364e35~amd64~~6.3.1.1.mum C:\WINDOWS\servicing\Packages\Package_51_for_KB3077715~31bf3856ad364e35~amd64~~6.3.1.1.mum C:\WINDOWS\servicing\Packages\Package_52_for_KB3077715~31bf3856ad364e35~amd64~~6.3.1.1.mum C:\WINDOWS\servicing\Packages\Package_53_for_KB3077715~31bf3856ad364e35~amd64~~6.3.1.1.mum C:\WINDOWS\servicing\Packages\Package_55_for_KB3075853~31bf3856ad364e35~amd64~~6.3.1.3.mum C:\WINDOWS\servicing\Packages\Package_55_for_KB3077715~31bf3856ad364e35~amd64~~6.3.1.1.mum C:\WINDOWS\servicing\Packages\Package_5645_for_KB2919355~31bf3856ad364e35~amd64~~6.3.1.14.mum C:\WINDOWS\servicing\Packages\Package_5649_for_KB2919355~31bf3856ad364e35~amd64~~6.3.1.14.mum C:\WINDOWS\servicing\Packages\Package_56_for_KB3075853~31bf3856ad364e35~amd64~~6.3.1.3.mum C:\WINDOWS\servicing\Packages\Package_57_for_KB3077715~31bf3856ad364e35~amd64~~6.3.1.1.mum C:\WINDOWS\servicing\Packages\Package_58_for_KB3077715~31bf3856ad364e35~amd64~~6.3.1.1.mum C:\WINDOWS\servicing\Packages\Package_590_for_KB2932046~31bf3856ad364e35~amd64~~6.3.1.5.mum C:\WINDOWS\servicing\Packages\Package_59_for_KB3077715~31bf3856ad364e35~amd64~~6.3.1.1.mum C:\WINDOWS\servicing\Packages\Package_59_for_KB3087038~31bf3856ad364e35~amd64~~6.3.1.3.mum C:\WINDOWS\servicing\Packages\Package_5_for_KB3082089~31bf3856ad364e35~amd64~~6.3.1.1.mum C:\WINDOWS\servicing\Packages\Package_6004_for_KB2919355~31bf3856ad364e35~amd64~~6.3.1.14.mum C:\WINDOWS\servicing\Packages\Package_6005_for_KB2919355~31bf3856ad364e35~amd64~~6.3.1.14.mum C:\WINDOWS\servicing\Packages\Package_6008_for_KB2919355~31bf3856ad364e35~amd64~~6.3.1.14.mum C:\WINDOWS\servicing\Packages\Package_6014_for_KB2919355~31bf3856ad364e35~amd64~~6.3.1.14.mum C:\WINDOWS\servicing\Packages\Package_6044_for_KB2919355~31bf3856ad364e35~amd64~~6.3.1.14.mum C:\WINDOWS\servicing\Packages\Package_60_for_KB3067505~31bf3856ad364e35~amd64~~6.3.1.8.mum C:\WINDOWS\servicing\Packages\Package_62_for_KB3077715~31bf3856ad364e35~amd64~~6.3.1.1.mum C:\WINDOWS\servicing\Packages\Package_63_for_KB2966826~31bf3856ad364e35~amd64~~6.3.1.7.mum C:\WINDOWS\servicing\Packages\Package_63_for_KB3077715~31bf3856ad364e35~amd64~~6.3.1.1.mum C:\WINDOWS\servicing\Packages\Package_64_for_KB3077715~31bf3856ad364e35~amd64~~6.3.1.1.mum C:\WINDOWS\servicing\Packages\Package_65_for_KB3077715~31bf3856ad364e35~amd64~~6.3.1.1.mum C:\WINDOWS\servicing\Packages\Package_66_for_KB3077715~31bf3856ad364e35~amd64~~6.3.1.1.mum C:\WINDOWS\servicing\Packages\Package_67_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.mum C:\WINDOWS\servicing\Packages\Package_67_for_KB3077715~31bf3856ad364e35~amd64~~6.3.1.1.mum C:\WINDOWS\servicing\Packages\Package_68_for_KB3077715~31bf3856ad364e35~amd64~~6.3.1.1.mum C:\WINDOWS\servicing\Packages\Package_69_for_KB3077715~31bf3856ad364e35~amd64~~6.3.1.1.mum C:\WINDOWS\servicing\Packages\Package_6_for_KB3082089~31bf3856ad364e35~amd64~~6.3.1.1.mum C:\WINDOWS\servicing\Packages\Package_706_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.mum C:\WINDOWS\servicing\Packages\Package_708_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.mum C:\WINDOWS\servicing\Packages\Package_70_for_KB3087038~31bf3856ad364e35~amd64~~6.3.1.3.mum C:\WINDOWS\servicing\Packages\Package_710_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.mum C:\WINDOWS\servicing\Packages\Package_71_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.mum C:\WINDOWS\servicing\Packages\Package_71_for_KB3087038~31bf3856ad364e35~amd64~~6.3.1.3.mum C:\WINDOWS\servicing\Packages\Package_72_for_KB3077715~31bf3856ad364e35~amd64~~6.3.1.1.mum C:\WINDOWS\servicing\Packages\Package_72_for_KB3087038~31bf3856ad364e35~amd64~~6.3.1.3.mum C:\WINDOWS\servicing\Packages\Package_73_for_KB3077715~31bf3856ad364e35~amd64~~6.3.1.1.mum C:\WINDOWS\servicing\Packages\Package_74_for_KB3077715~31bf3856ad364e35~amd64~~6.3.1.1.mum C:\WINDOWS\servicing\Packages\Package_75_for_KB3077715~31bf3856ad364e35~amd64~~6.3.1.1.mum C:\WINDOWS\servicing\Packages\Package_75_for_KB3087038~31bf3856ad364e35~amd64~~6.3.1.3.mum C:\WINDOWS\servicing\Packages\Package_76_for_KB3077715~31bf3856ad364e35~amd64~~6.3.1.1.mum C:\WINDOWS\servicing\Packages\Package_77_for_KB3077715~31bf3856ad364e35~amd64~~6.3.1.1.mum C:\WINDOWS\servicing\Packages\Package_788_for_KB2883200~31bf3856ad364e35~amd64~~6.3.1.18.mum C:\WINDOWS\servicing\Packages\Package_79_for_KB3077715~31bf3856ad364e35~amd64~~6.3.1.1.mum C:\WINDOWS\servicing\Packages\Package_7_for_KB3012199~31bf3856ad364e35~amd64~~6.3.1.0.mum C:\WINDOWS\servicing\Packages\Package_83_for_KB3075853~31bf3856ad364e35~amd64~~6.3.1.3.mum C:\WINDOWS\servicing\Packages\Package_83_for_KB3087038~31bf3856ad364e35~amd64~~6.3.1.3.mum C:\WINDOWS\servicing\Packages\Package_84_for_KB3075853~31bf3856ad364e35~amd64~~6.3.1.3.mum C:\WINDOWS\servicing\Packages\Package_85_for_KB3067505~31bf3856ad364e35~amd64~~6.3.1.8.mum C:\WINDOWS\servicing\Packages\Package_867_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.mum C:\WINDOWS\servicing\Packages\Package_872_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.mum C:\WINDOWS\servicing\Packages\Package_876_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.mum C:\WINDOWS\servicing\Packages\Package_8_for_KB2966826~31bf3856ad364e35~amd64~~6.3.1.7.mum C:\WINDOWS\servicing\Packages\Package_8_for_KB3044374~31bf3856ad364e35~amd64~~6.3.1.6.mum C:\WINDOWS\servicing\Packages\Package_8_for_KB3078601~31bf3856ad364e35~amd64~~6.3.1.4.mum C:\WINDOWS\servicing\Packages\Package_930_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.mum C:\WINDOWS\servicing\Packages\Package_932_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.mum C:\WINDOWS\servicing\Packages\Package_948_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.mum C:\WINDOWS\servicing\Packages\Package_970_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.mum C:\WINDOWS\servicing\Packages\Package_987_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.mum C:\WINDOWS\servicing\Packages\Package_98_for_KB3087038~31bf3856ad364e35~amd64~~6.3.1.3.mum C:\WINDOWS\servicing\Packages\Package_99_for_KB3077715~31bf3856ad364e35~amd64~~6.3.1.1.mum C:\WINDOWS\servicing\Packages\Package_9_for_KB2984006~31bf3856ad364e35~amd64~~6.3.1.4.mum C:\WINDOWS\servicing\Packages\Package_for_KB2894179~31bf3856ad364e35~amd64~~6.3.1.0.mum C:\WINDOWS\servicing\Packages\Package_for_KB2904440~31bf3856ad364e35~amd64~~6.3.1.1.mum C:\WINDOWS\servicing\Packages\Package_for_KB2934018~31bf3856ad364e35~amd64~~6.3.1.5.mum C:\WINDOWS\servicing\Packages\Package_for_KB2959626~31bf3856ad364e35~amd64~~6.3.2.0.mum C:\WINDOWS\servicing\Packages\Package_for_KB2961072~31bf3856ad364e35~amd64~~6.3.1.1.mum C:\WINDOWS\servicing\Packages\Package_for_KB2962806~31bf3856ad364e35~amd64~~6.3.1.1.mum C:\WINDOWS\servicing\Packages\Package_for_KB2975061~31bf3856ad364e35~amd64~~6.3.1.0.mum C:\WINDOWS\servicing\Packages\Package_for_KB2989930~31bf3856ad364e35~amd64~~6.3.1.3.mum C:\WINDOWS\servicing\Packages\Package_for_KB2990967~31bf3856ad364e35~amd64~~6.3.1.1.mum C:\WINDOWS\servicing\Packages\Package_for_KB2998174~31bf3856ad364e35~amd64~~6.3.1.0.mum C:\WINDOWS\servicing\Packages\Package_for_KB3003057~31bf3856ad364e35~amd64~~6.3.1.6.mum C:\WINDOWS\servicing\Packages\Package_for_KB3004394~31bf3856ad364e35~amd64~~6.3.1.0.mum C:\WINDOWS\servicing\Packages\Package_for_KB3012702~31bf3856ad364e35~amd64~~6.3.1.7.mum C:\WINDOWS\servicing\Packages\Package_for_KB3013531_RTM_GM~31bf3856ad364e35~amd64~~6.3.1.0.mum C:\WINDOWS\servicing\Packages\Package_for_KB3013531_RTM~31bf3856ad364e35~amd64~~6.3.1.0.mum C:\WINDOWS\servicing\Packages\Package_for_KB3016074~31bf3856ad364e35~amd64~~6.3.1.1.mum C:\WINDOWS\servicing\Packages\Package_for_KB3019215~31bf3856ad364e35~amd64~~6.3.1.1.mum C:\WINDOWS\servicing\Packages\Package_for_KB3019978~31bf3856ad364e35~amd64~~6.3.1.2.mum C:\WINDOWS\servicing\Packages\Package_for_KB3020338~31bf3856ad364e35~amd64~~6.3.1.1.mum C:\WINDOWS\servicing\Packages\Package_for_KB3021910~31bf3856ad364e35~amd64~~6.3.1.2.mum C:\WINDOWS\servicing\Packages\Package_for_KB3022777~31bf3856ad364e35~amd64~~6.3.1.9.mum C:\WINDOWS\servicing\Packages\Package_for_KB3023266~31bf3856ad364e35~amd64~~6.3.1.1.mum C:\WINDOWS\servicing\Packages\Package_for_KB3027209~31bf3856ad364e35~amd64~~6.3.1.1.mum C:\WINDOWS\servicing\Packages\Package_for_KB3029432~31bf3856ad364e35~amd64~~6.3.1.0.mum C:\WINDOWS\servicing\Packages\Package_for_KB3029603_RTM~31bf3856ad364e35~amd64~~6.3.2.0.mum C:\WINDOWS\servicing\Packages\Package_for_KB3038936~31bf3856ad364e35~amd64~~6.3.1.2.mum C:\WINDOWS\servicing\Packages\Package_for_KB3055642_RTM_GM~31bf3856ad364e35~amd64~~6.3.1.0.mum C:\WINDOWS\servicing\Packages\Package_for_KB3055642_RTM~31bf3856ad364e35~amd64~~6.3.1.0.mum C:\WINDOWS\servicing\Packages\Package_for_KB3055642~31bf3856ad364e35~amd64~~6.3.1.0.mum C:\WINDOWS\servicing\Packages\Package_for_KB3061518~31bf3856ad364e35~amd64~~6.3.1.0.mum C:\WINDOWS\servicing\Packages\Package_for_KB3062760~31bf3856ad364e35~amd64~~6.3.1.1.mum C:\WINDOWS\servicing\Packages\Package_for_KB3069114_RTM_GM~31bf3856ad364e35~amd64~~6.3.1.2.mum C:\WINDOWS\servicing\Packages\Package_for_KB3069114_RTM~31bf3856ad364e35~amd64~~6.3.1.2.mum C:\WINDOWS\servicing\Packages\Package_for_KB3069114~31bf3856ad364e35~amd64~~6.3.1.2.mum C:\WINDOWS\servicing\Packages\Package_for_KB3072307_RTM_GM~31bf3856ad364e35~amd64~~6.3.1.2.mum C:\WINDOWS\servicing\Packages\Package_for_KB3076949~31bf3856ad364e35~amd64~~6.3.1.0.mum C:\WINDOWS\servicing\Packages\Package_for_KB3082089_RTM_GM~31bf3856ad364e35~amd64~~6.3.1.1.mum C:\WINDOWS\servicing\Packages\Package_for_KB3082089_RTM~31bf3856ad364e35~amd64~~6.3.1.1.mum C:\WINDOWS\servicing\Packages\Package_for_KB3082089~31bf3856ad364e35~amd64~~6.3.1.1.mum C:\WINDOWS\servicing\Packages\Package_for_KB3083992_RTM_GM~31bf3856ad364e35~amd64~~6.3.1.1.mum C:\WINDOWS\servicing\Packages\Package_for_KB3083992_RTM~31bf3856ad364e35~amd64~~6.3.1.1.mum C:\WINDOWS\servicing\Packages\Package_for_KB3084135_RTM_GM~31bf3856ad364e35~amd64~~6.3.1.0.mum C:\WINDOWS\servicing\Packages\Package_for_KB3084135_RTM~31bf3856ad364e35~amd64~~6.3.1.0.mum C:\WINDOWS\servicing\Packages\Package_for_KB3084135~31bf3856ad364e35~amd64~~6.3.1.0.mum C:\WINDOWS\servicing\Packages\Package_for_KB3087039_RTM_GM~31bf3856ad364e35~amd64~~6.3.1.4.mum C:\WINDOWS\servicing\Packages\Package_for_KB3087039_RTM~31bf3856ad364e35~amd64~~6.3.1.4.mum C:\WINDOWS\servicing\Packages\Package_for_KB3087040_RTM~31bf3856ad364e35~amd64~~6.3.1.3.mum C:\WINDOWS\servicing\Packages\Package_for_KB3087040~31bf3856ad364e35~amd64~~6.3.1.3.mum C:\WINDOWS\servicing\Packages\Package_for_KB3087916_RTM_GM~31bf3856ad364e35~amd64~~6.3.1.0.mum C:\WINDOWS\servicing\Packages\Package_for_KB3087916~31bf3856ad364e35~amd64~~6.3.1.0.mum C:\WINDOWS\servicing\Packages\Package_for_KB3089023~31bf3856ad364e35~amd64~~6.3.1.3.mum C:\WINDOWS\servicing\Packages\Package_for_KB3093983~31bf3856ad364e35~amd64~~6.3.1.0.mum C:\WINDOWS\servicing\Packages\Package_for_KB3099406_RTM~31bf3856ad364e35~amd64~~6.3.1.0.mum C:\WINDOWS\servicing\Packages\Package_for_KB3099406~31bf3856ad364e35~amd64~~6.3.1.0.mum C:\WINDOWS\servicing\Packages\Package_for_KB3105216_RTM~31bf3856ad364e35~amd64~~6.3.1.0.mum C:\WINDOWS\servicing\Packages\Package_for_KB3105216~31bf3856ad364e35~amd64~~6.3.1.0.mum │ 286 Combined Problems were found with the packages files, these files need to be replaced (These mainly only effect installing Windows Updates.) │ The SFC (System File Checker) doesn't scan and replace some of these files, so you may need to replace them manually. │ │ THESE FILES DO NOT KEEP THE REPAIRS FROM WORKING; YOU MAY STILL RUN THE REPAIRS IN THE PROGRAM. │ │ If you need help in replacing these files, post on the Forums at Tweaking.com for help. │ │ Files Checked & Verified: 10,307 │ │ Done Scanning Windows Packages Files.(11/18/2015 7:56:05 AM) └────────────────────────────────────────────────────────────────────────────────┘ ┌────────────────────────────────────────────────────────────────────────────────┐ │ Scanning Reparse Points. │ Started at (11/18/2015 7:56:05 AM) │ │ Missing Default Reparse Point: (Original Path: C:\Users\michael\AppData\Local\Microsoft\Windows\INetCache\Content.IE5) (Target Path: C:\Users\michael\AppData\Local\Microsoft\Windows\INetCache\IE) │ A Default Reparse Point is missing and this can cause problems on the system. │ │ Problems were found with the Reparse Points. │ You can use the Repair Reparse Points Tool at the bottom of this Window to try and fix these problems. │ │ Files & Folders Searched: 331,095 │ Reparse Points Found: 70 │ │ Done Scanning Reparse Points.(11/18/2015 7:59:22 AM) └────────────────────────────────────────────────────────────────────────────────┘ ┌────────────────────────────────────────────────────────────────────────────────┐ │ Checking Environment Variables. │ Started at (11/18/2015 7:59:22 AM) │ │ No problems were found with the Environment Variables. │ │ Done Checking Environment Variables. (11/18/2015 7:59:22 AM) └────────────────────────────────────────────────────────────────────────────────┘ ┌────────────────────────────────────────────────────────────────────────────────┐ │ [Finished Scan - 11/18/2015 7:59:22 AM] │ │ [x] Scan Complete - Problems Found! │ [x] │ [x] You can use the Repair Reparse Points or Repair Environment Variables tools at the bottom of this Window if needed. │ [x] │ [x] While problems have been found, you can still run the repairs in the program. │ [x] But for the best results it is recommended to fix the problems reported in this scan if possible. │ [x] If you need help fixing any of the items in the log, just post in the forums at Tweaking.com for help. └────────────────────────────────────────────────────────────────────────────────┘ Addition.txt FRST.txt Tweaking.com - Windows Repair - Pre-Scan.txt
  10. MPB
    Reattached FRST results Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:16-11-2015 Ran by David (administrator) on DAVID (18-11-2015 07:29:35) Running from C:\Users\David\Desktop Loaded Profiles: David (Available Profiles: David & michael) Platform: Windows 8.1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe (Nero AG) C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe (Dassault Systèmes) C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Condusiv Technologies) C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe (Acer Incorporated) C:\Program Files\Acer\Acer Instant Service\Sleep Memory Optimizer\FFSService.exe (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (Softros Systems, Inc.) C:\Program Files\Softros Systems\Process Blocker\Process Blocker.exe (Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe (Dritek System INC.) C:\Windows\RfBtnSvc64.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe (Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Flux Software LLC) C:\Users\David\AppData\Local\FluxSoftware\Flux\flux.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe (Acer Incorporated) C:\Program Files\Acer\Acer Theft Shield\USecuAppClient.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.4.9926.17994_x64__8wekyb3d8bbwe\glcnd.exe (Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Repair_Windows.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-10] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1212048 2012-06-07] (Realtek Semiconductor) HKLM\...\Run: [btPreLoad] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtPreLoad.exe [64640 2013-01-28] () HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Dolby PCEE4\pcee4.exe [508256 2012-04-23] (Dolby Laboratories Inc.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7004376 2015-11-16] (AVAST Software) HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.) HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [brStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.) HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation) Winlogon\Notify\igfxcui: igfxdev.dll [X] Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKLM\...\Policies\Explorer\Run: [btvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-01-28] (Qualcomm Atheros Commnucations) HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\...\Run: [Google Update] => C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-09-01] (Google Inc.) HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\...\Run: [MusicManager] => C:\Users\David\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7646208 2015-08-13] (Google Inc.) HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\...\Run: [Amazon Cloud Player] => C:\Users\David\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3168576 2014-03-07] () HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\...\Run: [spotify Web Helper] => C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-04-11] (Spotify Ltd) HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\...\Run: [MotoCast] => C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk [2075 2014-04-21] () HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\...\Run: [f.lux] => C:\Users\David\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC) HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8551848 2015-10-19] (Piriform Ltd) HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\...\Run: [spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.) HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\...\Run: [spybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.) HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\...\Run: [GoogleChromeAutoLaunch_9A83AADA066CCEA6F8C613E0AB5C7E19] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [811848 2015-11-06] (Google Inc.) HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\...\MountPoints2: E - "E:\VZW_Software_upgrade_assistant.exe" HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\...\MountPoints2: {62ca4f68-a049-11e2-be73-20898462377a} - "E:\MotoCastSetup.exe" -a HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\...\MountPoints2: {77dff56d-862b-11e3-be8e-b8763f43915e} - "E:\LaunchU3.exe" -a HKLM\...\AppCertDlls: [ProcessBlocker] -> C:\Program Files\Softros Systems\Process Blocker\HelperLib.dll [114176 2014-10-03] (Softros Systems, inc.) HKLM\...\AppCertDlls: [ProcessBlocker86] -> C:\Program Files\Softros Systems\Process Blocker\HelperLib86.dll [95744 2014-10-03] (Softros Systems, inc.) ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-11-16] (AVAST Software) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer Backup Manager Tray.lnk [2012-11-29] ShortcutTarget: Acer Backup Manager Tray.lnk -> C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation) BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{D6FC2674-A71D-470B-8A1A-E22E2BB35085}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{DF8C11EA-9480-4BDC-950E-C0C7926C7045}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.yahoo.com/?fr=hp-avast&type=agc511 SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKU\S-1-5-21-1808542954-3622220976-1516702403-1001 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-11-16] (Oracle Corporation) BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll [2013-01-28] (Qualcomm Atheros Commnucations) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-11-16] (AVAST Software) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-16] (Oracle Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-10-12] (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-11-16] (AVAST Software) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-10-12] (Oracle Corporation) FireFox: ======== FF ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\6rbqyyt2.default FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-13] () FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-16] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-16] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-13] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-10-12] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-10-12] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin HKU\S-1-5-21-1808542954-3622220976-1516702403-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\David\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google) FF Plugin HKU\S-1-5-21-1808542954-3622220976-1516702403-1001: @talk.google.com/O1DPlugin -> C:\Users\David\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google) FF Plugin HKU\S-1-5-21-1808542954-3622220976-1516702403-1001: @tools.google.com/Google Update;version=3 -> C:\Users\David\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-21] (Google Inc.) FF Plugin HKU\S-1-5-21-1808542954-3622220976-1516702403-1001: @tools.google.com/Google Update;version=9 -> C:\Users\David\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-21] (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\David\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google) FF Plugin ProgramFiles/Appdata: C:\Users\David\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google) FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-11-16] Chrome: ======= CHR HomePage: Default -> hxxp://google.com/ CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\PepperFlash\pepflashplayer.dll () CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\ppGoogleNaClPluginChrome.dll => No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\pdf.dll => No File CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll => No File CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) CHR Profile: C:\Users\David\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Entanglement Web App) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2014-09-20] CHR Extension: (Google Cast) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-11-15] CHR Extension: (Google Calendar) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-10-12] CHR Extension: (Google Play Music) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2015-11-15] CHR Extension: (AdBlock) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-11-16] CHR Extension: (Pin It Button) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2015-11-16] CHR Extension: (Google Play) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2015-02-13] CHR Extension: (The Simplex Algorithm Calculator) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\laliphfdajliicjkmlpoefhkpbgoejdg [2014-09-20] CHR Extension: (Numerics Calculator & Converter) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\liglcienpnkhdajdfmnpbgmpjglonipe [2014-09-20] CHR Extension: (Google Hangouts) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2015-11-15] CHR Extension: (Drive) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfakdllpdfjjbfommlcnfkedmbigkfdo [2014-09-20] CHR Extension: (Chrome Web Store Payments) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-15] CHR Extension: (Amazon Assistant for Chrome) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2015-11-16] CHR Profile: C:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 1 CHR Extension: (Google Slides) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-15] CHR Extension: (Google Docs) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-15] CHR Extension: (Google Drive) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-10] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-11-15] CHR Extension: (YouTube) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-10] CHR Extension: (Google Search) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-07] CHR Extension: (Google Sheets) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-15] CHR Extension: (Avast Online Security) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-11-15] CHR Extension: (Google Wallet) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-15] CHR Extension: (Gmail) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-07] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-11-16] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [227456 2013-01-28] (Qualcomm Atheros Commnucations) [File not signed] R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [174416 2015-11-16] (AVAST Software) R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109520 2015-11-16] (AVAST Software) R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [5554152 2015-11-16] (Avast Software) R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed] R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2449552 2012-10-26] (Acer Incorporated) S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [469648 2012-11-16] (Acer Incorporated) R2 DraftSight API Service; C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [123904 2015-01-14] (Dassault Systèmes) [File not signed] S3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658064 2012-10-23] (Acer Incorporated) R2 ExpressCache; C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe [102224 2012-08-17] (Condusiv Technologies) R2 FFSOpzSvc; C:\Program Files\Acer\Acer Instant Service\Sleep Memory Optimizer\FFSService.exe [161384 2012-03-12] (Acer Incorporated) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation) S3 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-19] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC) R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-11-02] (NTI Corporation) R2 Process Blocker; C:\Program Files\Softros Systems\Process Blocker\Process Blocker.exe [2233168 2014-10-03] (Softros Systems, Inc.) R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed] R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2013-03-08] (Dritek System INC.) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) S3 USecuAppSvc; C:\Program Files\Acer\Acer Theft Shield\USecuAppSvc.exe [345744 2012-11-12] (Acer Incorporated) R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [75336 2014-07-14] (Symantec Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 acpipagr; C:\Windows\System32\drivers\acpipagr.sys [0 2013-08-22] () <==== ATTENTION (zero byte File/Folder) S3 acpitime; C:\Windows\System32\drivers\acpitime.sys [0 2013-08-22] () <==== ATTENTION (zero byte File/Folder) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-11-16] (AVAST Software) R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28144 2015-11-16] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-11-16] (AVAST Software) R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [466400 2015-11-16] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-11-16] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-11-16] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2015-11-16] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2015-11-16] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [154256 2015-11-16] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-11-16] (AVAST Software) S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-01-28] (Qualcomm Atheros) R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation) S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation) S3 ErrDev; C:\Windows\System32\drivers\errdev.sys [0 2013-08-22] () <==== ATTENTION (zero byte File/Folder) R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23376 2012-08-17] (Condusiv Technologies) R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [103248 2012-08-17] (Condusiv Technologies) R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-20] (Intel Corporation) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation) S3 MSPCLOCK; C:\Windows\system32\drivers\MSPCLOCK.sys [0 2013-08-22] () <==== ATTENTION (zero byte File/Folder) R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [147088 2015-11-16] (AVAST Software) R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2013-03-08] (Dritek System Inc.) S3 RasAgileVpn; C:\Windows\system32\DRIVERS\AgileVpn.sys [0 2014-10-28] () <==== ATTENTION (zero byte File/Folder) R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [310904 2015-11-16] (Avast Software) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation) S3 MREMP50; \??\C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [X] S3 MREMP50a64; \??\C:\Program Files\Common Files\Motive\MREMP50a64.sys [X] S3 MRESP50; \??\C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [X] S3 MRESP50a64; \??\C:\Program Files\Common Files\Motive\MRESP50a64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-11-18 07:29 - 2015-11-18 07:29 - 00030708 _____ C:\Users\David\Desktop\FRST.txt 2015-11-18 07:21 - 2015-11-18 07:21 - 00000144 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2015-11-18 06:01 - 2015-11-18 06:20 - 00000000 ____D C:\Users\David\Documents\Woodworking 2015-11-18 05:49 - 2015-11-18 05:49 - 00000913 _____ C:\Users\David\Desktop\Documents - Shortcut.lnk 2015-11-18 05:05 - 2015-11-18 05:05 - 00015036 _____ C:\Users\David\Documents\cc_20151118_050535.reg 2015-11-17 21:18 - 2015-11-17 21:41 - 00000018 _____ C:\repair_starting.dat 2015-11-17 21:13 - 2015-11-17 19:55 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msobjs.dll 2015-11-16 19:20 - 2015-11-16 19:20 - 00000000 ____D C:\Users\David\AppData\Local\CrashRpt 2015-11-16 19:00 - 2015-11-16 19:00 - 00022178 _____ C:\Users\David\Documents\cc_20151116_190046.reg 2015-11-16 05:52 - 2015-11-16 05:52 - 00043104 _____ C:\Users\David\Documents\cc_20151116_055246.reg 2015-11-16 05:43 - 2015-11-16 05:43 - 00003026 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1447444372 2015-11-16 05:43 - 2015-11-16 05:43 - 00001017 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk 2015-11-16 05:41 - 2015-11-16 05:41 - 00466400 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNdisFlt.sys 2015-11-16 05:41 - 2015-11-16 05:41 - 00386096 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2015-11-16 05:41 - 2015-11-16 05:41 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr 2015-11-16 05:19 - 2015-11-16 19:01 - 02008576 _____ (Farbar) C:\Users\David\Desktop\FRST64.exe 2015-11-16 05:15 - 2015-11-16 05:15 - 00000000 ____D C:\Users\David\AppData\Local\GWX 2015-11-15 20:21 - 2015-11-17 21:38 - 00863592 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI 2015-11-15 19:53 - 2015-11-15 19:53 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-DAVID-Windows-8.1-(64-bit).dat 2015-11-15 18:20 - 2015-11-17 19:28 - 00003648 _____ C:\WINDOWS\System32\Tasks\Tweaking.com - Windows Repair Tray Icon 2015-11-15 18:20 - 2015-11-15 18:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com 2015-11-15 14:52 - 2015-11-15 14:52 - 00000345 _____ C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Update.lnk 2015-11-15 14:36 - 2015-05-07 12:00 - 03109376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll 2015-11-15 14:36 - 2015-05-07 11:12 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll 2015-11-15 14:35 - 2015-03-01 20:43 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll 2015-11-15 14:35 - 2015-03-01 20:21 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastapi.dll 2015-11-15 14:34 - 2015-05-11 13:17 - 01201664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys 2015-11-15 14:34 - 2015-04-02 19:35 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll 2015-11-15 14:34 - 2015-04-02 19:14 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll 2015-11-15 14:34 - 2014-11-04 14:25 - 00059712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdclass.sys 2015-11-15 14:34 - 2014-11-04 14:25 - 00051008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouclass.sys 2015-11-15 14:34 - 2014-11-04 01:55 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sermouse.sys 2015-11-15 14:34 - 2014-11-04 01:54 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\i8042prt.sys 2015-11-15 14:34 - 2014-11-04 01:54 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdhid.sys 2015-11-15 14:34 - 2014-11-04 01:54 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouhid.sys 2015-11-15 14:32 - 2015-04-13 17:37 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll 2015-11-15 14:32 - 2015-04-13 17:34 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll 2015-11-15 14:32 - 2015-02-17 18:19 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll 2015-11-15 14:31 - 2015-09-18 22:18 - 00035384 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe 2015-11-15 14:31 - 2015-09-18 08:42 - 01290752 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2015-11-15 14:31 - 2015-09-18 08:42 - 01163776 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2015-11-15 14:31 - 2015-09-18 08:42 - 00766464 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2015-11-15 14:31 - 2015-09-18 08:42 - 00699904 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2015-11-15 14:31 - 2015-09-18 08:42 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2015-11-15 14:31 - 2015-09-18 08:42 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2015-11-15 14:31 - 2015-05-21 08:08 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll 2015-11-15 14:31 - 2015-03-12 23:03 - 00239424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys 2015-11-15 14:31 - 2015-03-12 23:03 - 00154432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys 2015-11-15 14:30 - 2015-08-22 08:42 - 00901264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll 2015-11-15 14:30 - 2015-08-22 08:42 - 00066400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-private-l1-1-0.dll 2015-11-15 14:30 - 2015-08-22 08:42 - 00022368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-math-l1-1-0.dll 2015-11-15 14:30 - 2015-08-22 08:42 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll 2015-11-15 14:30 - 2015-08-22 08:42 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-string-l1-1-0.dll 2015-11-15 14:30 - 2015-08-22 08:42 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll 2015-11-15 14:30 - 2015-08-22 08:42 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll 2015-11-15 14:30 - 2015-08-22 08:42 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll 2015-11-15 14:30 - 2015-08-22 08:42 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-time-l1-1-0.dll 2015-11-15 14:30 - 2015-08-22 08:42 - 00013664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll 2015-11-15 14:30 - 2015-08-22 08:42 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-process-l1-1-0.dll 2015-11-15 14:30 - 2015-08-22 08:42 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll 2015-11-15 14:30 - 2015-08-22 08:42 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll 2015-11-15 14:30 - 2015-08-22 08:42 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll 2015-11-15 14:30 - 2015-08-22 08:42 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll 2015-11-15 14:30 - 2015-08-22 08:42 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll 2015-11-15 14:30 - 2015-08-22 08:35 - 00984448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll 2015-11-15 14:30 - 2015-08-22 08:35 - 00063840 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-private-l1-1-0.dll 2015-11-15 14:30 - 2015-08-22 08:35 - 00020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-math-l1-1-0.dll 2015-11-15 14:30 - 2015-08-22 08:35 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-multibyte-l1-1-0.dll 2015-11-15 14:30 - 2015-08-22 08:35 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-string-l1-1-0.dll 2015-11-15 14:30 - 2015-08-22 08:35 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-stdio-l1-1-0.dll 2015-11-15 14:30 - 2015-08-22 08:35 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-runtime-l1-1-0.dll 2015-11-15 14:30 - 2015-08-22 08:35 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-convert-l1-1-0.dll 2015-11-15 14:30 - 2015-08-22 08:35 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-time-l1-1-0.dll 2015-11-15 14:30 - 2015-08-22 08:35 - 00013664 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-filesystem-l1-1-0.dll 2015-11-15 14:30 - 2015-08-22 08:35 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-process-l1-1-0.dll 2015-11-15 14:30 - 2015-08-22 08:35 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-heap-l1-1-0.dll 2015-11-15 14:30 - 2015-08-22 08:35 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-conio-l1-1-0.dll 2015-11-15 14:30 - 2015-08-22 08:35 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-utility-l1-1-0.dll 2015-11-15 14:30 - 2015-08-22 08:35 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-locale-l1-1-0.dll 2015-11-15 14:30 - 2015-08-22 08:35 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-environment-l1-1-0.dll 2015-11-15 14:29 - 2015-10-13 12:10 - 00559616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys 2015-11-15 14:29 - 2015-10-13 12:10 - 00108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys 2015-11-15 14:27 - 2015-10-17 09:19 - 04176384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2015-11-14 12:16 - 2015-11-15 07:48 - 00000000 ____D C:\AdwCleaner 2015-11-14 11:26 - 2015-11-14 11:27 - 00000333 _____ C:\WINDOWS\SysWOW64\debug.log 2015-11-14 07:09 - 2015-11-14 07:09 - 00000000 ____D C:\RegBackup 2015-11-13 22:01 - 2015-11-13 22:01 - 00000000 ____D C:\Program Files (x86)\Tweaking.com 2015-11-13 21:27 - 2015-11-18 07:29 - 00000000 ____D C:\FRST 2015-11-13 11:49 - 2015-11-13 11:49 - 00000000 ____D C:\Users\David\AppData\Roaming\supportdotcom 2015-11-13 06:02 - 2015-11-13 06:02 - 00001320 _____ C:\Users\David\Documents\cc_20151113_060232.reg 2015-11-08 10:43 - 2015-11-15 14:40 - 00000000 ____D C:\ProgramData\Auslogics 2015-11-08 10:42 - 2015-11-15 16:46 - 00000000 ____D C:\WINDOWS\System32\Tasks\Auslogics 2015-11-08 10:42 - 2015-11-15 14:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics 2015-11-08 10:42 - 2015-11-15 14:29 - 00000000 ____D C:\Program Files (x86)\Auslogics 2015-10-31 17:27 - 2015-10-31 17:28 - 00000000 ____D C:\Users\David\Documents\BEopt_2.5.0 2015-10-31 17:27 - 2015-10-31 17:27 - 00000000 ____D C:\Users\David\AppData\Roaming\BEopt_2.5.0 2015-10-31 17:26 - 2015-10-31 17:26 - 00001998 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BEopt 2.5.lnk 2015-10-29 06:31 - 2015-10-29 06:31 - 00008186 _____ C:\Users\David\Documents\cc_20151029_073108.reg 2015-10-29 06:28 - 2015-10-29 06:28 - 00003196 _____ C:\WINDOWS\System32\Tasks\IHSelfDeleteTASK 2015-10-29 06:28 - 2015-10-29 06:28 - 00000000 ____D C:\ProgramData\Motive ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-11-18 07:29 - 2015-02-15 15:22 - 00000000 ____D C:\Users\David\Desktop\Utilities 2015-11-18 07:26 - 2013-09-29 23:04 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2015-11-18 07:23 - 2015-08-23 18:52 - 01622672 ____N C:\WINDOWS\WindowsUpdate.log 2015-11-18 07:22 - 2014-04-21 09:27 - 00000000 ____D C:\Temp 2015-11-18 07:22 - 2013-04-05 20:56 - 00000914 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-11-18 07:21 - 2013-08-22 09:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-11-18 07:18 - 2014-12-17 06:37 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-11-18 07:05 - 2013-04-05 20:56 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-11-18 07:00 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\sru 2015-11-18 06:59 - 2013-04-05 20:26 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1808542954-3622220976-1516702403-1001 2015-11-18 06:50 - 2013-06-15 19:05 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-11-18 06:39 - 2014-12-05 07:21 - 00000000 ____D C:\Users\David\Documents\Financial 2015-11-18 06:38 - 2014-01-02 10:05 - 00000000 ____D C:\Users\David\AppData\Local\Deployment 2015-11-18 06:22 - 2014-11-14 20:18 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-11-18 06:21 - 2014-11-14 20:18 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-11-18 06:20 - 2015-04-02 05:24 - 00000000 ____D C:\Users\David\Documents\Maintenance & Building 2015-11-18 06:18 - 2014-12-05 07:21 - 00000000 ____D C:\Users\David\Documents\Home Design 2015-11-18 05:11 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\AppReadiness 2015-11-18 05:10 - 2014-03-21 21:17 - 00003914 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{F546B436-119A-412B-8AE9-604A97ED20D8} 2015-11-18 05:04 - 2013-08-04 22:35 - 00000000 ____D C:\Users\David\AppData\Local\CrashDumps 2015-11-18 05:00 - 2014-09-01 18:36 - 00473624 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2015-11-17 21:41 - 2012-07-26 00:26 - 00000337 _____ C:\WINDOWS\win.ini 2015-11-17 21:13 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\ras 2015-11-17 21:13 - 2013-08-22 01:58 - 00000000 _____ C:\WINDOWS\system32\rasctrnm.h 2015-11-17 19:56 - 2015-03-15 06:08 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WmpDui.dll 2015-11-17 19:55 - 2015-03-15 06:02 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iscsiwmiv2.dll 2015-11-16 19:10 - 2015-01-14 07:59 - 00000000 ____D C:\WINDOWS\SysWOW64\vbox 2015-11-16 19:10 - 2015-01-14 07:59 - 00000000 ____D C:\WINDOWS\system32\vbox 2015-11-16 19:09 - 2013-04-06 08:22 - 00004182 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update 2015-11-16 19:06 - 2013-08-06 19:37 - 00000000 ____D C:\Users\David\AppData\LocalLow\Temp 2015-11-16 19:04 - 2012-07-26 02:59 - 00000000 ____D C:\WINDOWS\CbsTemp 2015-11-16 19:01 - 2014-11-08 06:14 - 00000000 ____D C:\Users\David\AppData\Roaming\BEopt_2.3.0 2015-11-16 07:13 - 2014-12-05 07:21 - 00000000 ____D C:\Users\David\Documents\Emergency Planning 2015-11-16 05:41 - 2015-10-01 05:34 - 00147088 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\ngvss.sys 2015-11-16 05:41 - 2015-01-14 07:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2015-11-16 05:41 - 2014-04-23 19:43 - 00028656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys 2015-11-16 05:41 - 2014-01-06 20:58 - 00154256 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys 2015-11-16 05:41 - 2013-12-08 18:56 - 00028144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys 2015-11-16 05:41 - 2013-12-08 17:46 - 01059656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys 2015-11-16 05:41 - 2013-12-08 17:46 - 00449992 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys 2015-11-16 05:41 - 2013-12-08 17:46 - 00273784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys 2015-11-16 05:41 - 2013-12-08 17:46 - 00097648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2015-11-16 05:41 - 2013-12-08 17:46 - 00093528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys 2015-11-16 05:41 - 2013-12-08 17:46 - 00065224 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys 2015-11-16 05:36 - 2014-08-23 05:34 - 00110176 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll 2015-11-16 05:36 - 2014-08-23 05:34 - 00000000 ____D C:\Program Files\Java 2015-11-16 05:36 - 2014-08-02 15:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ___SD C:\WINDOWS\system32\dsc 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ___RD C:\WINDOWS\ToastData 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ___RD C:\WINDOWS\Offline Web Pages 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\WinStore 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\zh-HK 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\WinMetadata 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\uk-UA 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\tr-TR 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\th-TH 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\sr-Latn-RS 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\sr-Latn-CS 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\sppui 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\sl-SI 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\sk-SK 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\setup 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\ro-RO 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Recovery 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\MSDRM 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\lv-LV 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\lt-LT 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\InstallShield 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\icsxml 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\hr-HR 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\he-IL 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\et-EE 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Com 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Bthprops 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\bg-BG 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\ar-SA 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\zh-HK 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\WinMetadata 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\uk-UA 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\tr-TR 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\th-TH 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\sr-Latn-RS 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\sr-Latn-CS 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\sppui 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\sl-SI 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\sk-SK 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\setup 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\ro-RO 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\Recovery 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\ras 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\MSDRM 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\migwiz 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\lv-LV 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\lt-LT 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\icsxml 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\ias 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\hr-HR 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\he-IL 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\et-EE 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\en-GB 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\Com 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system\Speech 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-11-15 16:54 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe 2015-11-15 16:54 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\SysWOW64\downlevel 2015-11-15 16:54 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism 2015-11-15 16:54 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers 2015-11-15 16:54 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\Sysprep 2015-11-15 16:54 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\oobe 2015-11-15 16:54 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\downlevel 2015-11-15 16:54 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\Dism 2015-11-15 16:54 - 2013-03-08 08:09 - 00000000 ____D C:\WINDOWS\SysWOW64\sda 2015-11-15 16:54 - 2013-03-08 08:02 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel 2015-11-15 16:54 - 2012-11-29 06:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EgisTec 2015-11-15 16:54 - 2012-11-29 06:23 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2015-11-15 16:53 - 2013-12-02 20:00 - 00000000 ___RD C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-11-15 16:53 - 2013-09-29 22:51 - 00000000 ____D C:\WINDOWS\ShellNew 2015-11-15 16:53 - 2013-09-29 22:51 - 00000000 ____D C:\Program Files\Windows Journal 2015-11-15 16:53 - 2013-08-22 10:36 - 00000000 __RSD C:\WINDOWS\Media 2015-11-15 16:53 - 2013-08-22 10:36 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2015-11-15 16:53 - 2013-08-22 10:36 - 00000000 ___RD C:\WINDOWS\DesktopTileResources 2015-11-15 16:53 - 2013-08-22 10:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-11-15 16:53 - 2013-08-22 10:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-11-15 16:53 - 2013-08-22 10:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2015-11-15 16:53 - 2013-08-22 10:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-11-15 16:53 - 2013-08-22 10:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-11-15 16:53 - 2013-08-22 10:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2015-11-15 16:53 - 2013-08-22 10:36 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools 2015-11-15 16:53 - 2013-08-22 10:36 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2015-11-15 16:53 - 2013-08-22 10:36 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility 2015-11-15 16:53 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\Bthprops 2015-11-15 16:53 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\bg-BG 2015-11-15 16:53 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\ar-SA 2015-11-15 16:53 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\rescache 2015-11-15 16:53 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions 2015-11-15 16:53 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\MediaViewer 2015-11-15 16:53 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\L2Schemas 2015-11-15 16:53 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\IME 2015-11-15 16:53 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\FileManager 2015-11-15 16:53 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\Cursors 2015-11-15 16:53 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\Camera 2015-11-15 16:53 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\addins 2015-11-15 16:53 - 2013-08-22 10:36 - 00000000 ____D C:\Program Files\Windows Portable Devices 2015-11-15 16:53 - 2013-08-22 10:36 - 00000000 ____D C:\Program Files\Windows Photo Viewer 2015-11-15 16:53 - 2013-08-22 10:36 - 00000000 ____D C:\Program Files\Windows Multimedia Platform 2015-11-15 16:53 - 2013-08-22 10:36 - 00000000 ____D C:\Program Files\Windows Defender 2015-11-15 16:53 - 2013-08-22 10:36 - 00000000 ____D C:\Program Files\Common Files\System 2015-11-15 16:53 - 2013-08-22 10:36 - 00000000 ____D C:\Program Files\Common Files\Services 2015-11-15 16:53 - 2013-08-22 10:36 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices 2015-11-15 16:53 - 2013-08-22 10:36 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2015-11-15 16:53 - 2013-08-22 10:36 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform 2015-11-15 16:53 - 2013-08-22 10:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2015-11-15 16:53 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\servicing 2015-11-15 16:53 - 2013-04-08 16:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MusicBee 2015-11-15 16:53 - 2012-11-29 06:30 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink MediaEspresso 6.5 2015-11-15 16:53 - 2012-11-29 06:26 - 00000000 ____D C:\Program Files\EgisTec IPS 2015-11-15 16:53 - 2012-11-29 06:26 - 00000000 ____D C:\Program Files (x86)\EgisTec MyWinLocker 2015-11-15 16:53 - 2012-11-29 06:26 - 00000000 ____D C:\Program Files (x86)\EgisTec IPS 2015-11-15 16:46 - 2014-01-02 09:58 - 00000000 ____D C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform 2015-11-15 16:46 - 2013-12-02 19:55 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM 2015-11-15 16:46 - 2013-09-29 22:48 - 00000000 ____D C:\WINDOWS\SysWOW64\winrm 2015-11-15 16:46 - 2013-09-29 22:48 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr 2015-11-15 16:46 - 2013-09-29 22:48 - 00000000 ____D C:\WINDOWS\system32\winrm 2015-11-15 16:46 - 2013-09-29 22:48 - 00000000 ____D C:\WINDOWS\system32\slmgr 2015-11-15 16:46 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Speech 2015-11-15 16:46 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI 2015-11-15 16:46 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\MsDtc 2015-11-15 16:46 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Licenses 2015-11-15 16:46 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\InputMethod 2015-11-15 16:46 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared 2015-11-15 16:46 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\restore 2015-11-15 16:46 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\MUI 2015-11-15 16:46 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\Licenses 2015-11-15 16:46 - 2013-08-22 09:45 - 00000000 ____D C:\WINDOWS\Setup 2
  11. MPB
    Ok. Tried various conditions to print and no luck. Reran ESET which found the same two trojan threats, quarantined. Reran MBAR, no malware. Reran Tweaking.com - Windows Repair - System File Check found issues but could not finish - Windows Repair found issues and could not finish Based on this, what can we do to repair Windows first? Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:16-11-2015 Ran by David (administrator) on DAVID (18-11-2015 07:29:35) Running from C:\Users\David\Desktop Loaded Profiles: David (Available Profiles: David & michael) Platform: Windows 8.1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe (Nero AG) C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe (Dassault Systèmes) C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Condusiv Technologies) C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe (Acer Incorporated) C:\Program Files\Acer\Acer Instant Service\Sleep Memory Optimizer\FFSService.exe (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (Softros Systems, Inc.) C:\Program Files\Softros Systems\Process Blocker\Process Blocker.exe (Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe (Dritek System INC.) C:\Windows\RfBtnSvc64.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe (Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Flux Software LLC) C:\Users\David\AppData\Local\FluxSoftware\Flux\flux.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe (Acer Incorporated) C:\Program Files\Acer\Acer Theft Shield\USecuAppClient.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.4.9926.17994_x64__8wekyb3d8bbwe\glcnd.exe (Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Repair_Windows.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-10] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1212048 2012-06-07] (Realtek Semiconductor) HKLM\...\Run: [btPreLoad] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtPreLoad.exe [64640 2013-01-28] () HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Dolby PCEE4\pcee4.exe [508256 2012-04-23] (Dolby Laboratories Inc.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7004376 2015-11-16] (AVAST Software) HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.) HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [brStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.) HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation) Winlogon\Notify\igfxcui: igfxdev.dll [X] Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKLM\...\Policies\Explorer\Run: [btvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-01-28] (Qualcomm Atheros Commnucations) HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\...\Run: [Google Update] => C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-09-01] (Google Inc.) HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\...\Run: [MusicManager] => C:\Users\David\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7646208 2015-08-13] (Google Inc.) HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\...\Run: [Amazon Cloud Player] => C:\Users\David\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3168576 2014-03-07] () HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\...\Run: [spotify Web Helper] => C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-04-11] (Spotify Ltd) HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\...\Run: [MotoCast] => C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk [2075 2014-04-21] () HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\...\Run: [f.lux] => C:\Users\David\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC) HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8551848 2015-10-19] (Piriform Ltd) HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\...\Run: [spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.) HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\...\Run: [spybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.) HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\...\Run: [GoogleChromeAutoLaunch_9A83AADA066CCEA6F8C613E0AB5C7E19] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [811848 2015-11-06] (Google Inc.) HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\...\MountPoints2: E - "E:\VZW_Software_upgrade_assistant.exe" HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\...\MountPoints2: {62ca4f68-a049-11e2-be73-20898462377a} - "E:\MotoCastSetup.exe" -a HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\...\MountPoints2: {77dff56d-862b-11e3-be8e-b8763f43915e} - "E:\LaunchU3.exe" -a HKLM\...\AppCertDlls: [ProcessBlocker] -> C:\Program Files\Softros Systems\Process Blocker\HelperLib.dll [114176 2014-10-03] (Softros Systems, inc.) HKLM\...\AppCertDlls: [ProcessBlocker86] -> C:\Program Files\Softros Systems\Process Blocker\HelperLib86.dll [95744 2014-10-03] (Softros Systems, inc.) ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-11-16] (AVAST Software) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer Backup Manager Tray.lnk [2012-11-29] ShortcutTarget: Acer Backup Manager Tray.lnk -> C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation) BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{D6FC2674-A71D-470B-8A1A-E22E2BB35085}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{DF8C11EA-9480-4BDC-950E-C0C7926C7045}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.yahoo.com/?fr=hp-avast&type=agc511 SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKU\S-1-5-21-1808542954-3622220976-1516702403-1001 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-11-16] (Oracle Corporation) BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll [2013-01-28] (Qualcomm Atheros Commnucations) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-11-16] (AVAST Software) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-16] (Oracle Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-10-12] (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-11-16] (AVAST Software) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-10-12] (Oracle Corporation) FireFox: ======== FF ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\6rbqyyt2.default FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-13] () FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-16] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-16] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-13] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-10-12] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-10-12] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin HKU\S-1-5-21-1808542954-3622220976-1516702403-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\David\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google) FF Plugin HKU\S-1-5-21-1808542954-3622220976-1516702403-1001: @talk.google.com/O1DPlugin -> C:\Users\David\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google) FF Plugin HKU\S-1-5-21-1808542954-3622220976-1516702403-1001: @tools.google.com/Google Update;version=3 -> C:\Users\David\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-21] (Google Inc.) FF Plugin HKU\S-1-5-21-1808542954-3622220976-1516702403-1001: @tools.google.com/Google Update;version=9 -> C:\Users\David\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-21] (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\David\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google) FF Plugin ProgramFiles/Appdata: C:\Users\David\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google) FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-11-16] Chrome: ======= CHR HomePage: Default -> hxxp://google.com/ CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\PepperFlash\pepflashplayer.dll () CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\ppGoogleNaClPluginChrome.dll => No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\pdf.dll => No File CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll => No File CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) CHR Profile: C:\Users\David\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Entanglement Web App) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2014-09-20] CHR Extension: (Google Cast) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-11-15] CHR Extension: (Google Calendar) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-10-12] CHR Extension: (Google Play Music) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2015-11-15] CHR Extension: (AdBlock) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-11-16] CHR Extension: (Pin It Button) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2015-11-16] CHR Extension: (Google Play) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2015-02-13] CHR Extension: (The Simplex Algorithm Calculator) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\laliphfdajliicjkmlpoefhkpbgoejdg [2014-09-20] CHR Extension: (Numerics Calculator & Converter) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\liglcienpnkhdajdfmnpbgmpjglonipe [2014-09-20] CHR Extension: (Google Hangouts) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2015-11-15] CHR Extension: (Drive) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfakdllpdfjjbfommlcnfkedmbigkfdo [2014-09-20] CHR Extension: (Chrome Web Store Payments) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-15] CHR Extension: (Amazon Assistant for Chrome) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2015-11-16] CHR Profile: C:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 1 CHR Extension: (Google Slides) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-15] CHR Extension: (Google Docs) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-15] CHR Extension: (Google Drive) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-10] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-11-15] CHR Extension: (YouTube) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-10] CHR Extension: (Google Search) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-07] CHR Extension: (Google Sheets) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-15] CHR Extension: (Avast Online Security) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-11-15] CHR Extension: (Google Wallet) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-15] CHR Extension: (Gmail) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-07] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-11-16] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [227456 2013-01-28] (Qualcomm Atheros Commnucations) [File not signed] R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [174416 2015-11-16] (AVAST Software) R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109520 2015-11-16] (AVAST Software) R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [5554152 2015-11-16] (Avast Software) R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed] R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2449552 2012-10-26] (Acer Incorporated) S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [469648 2012-11-16] (Acer Incorporated) R2 DraftSight API Service; C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [123904 2015-01-14] (Dassault Systèmes) [File not signed] S3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658064 2012-10-23] (Acer Incorporated) R2 ExpressCache; C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe [102224 2012-08-17] (Condusiv Technologies) R2 FFSOpzSvc; C:\Program Files\Acer\Acer Instant Service\Sleep Memory Optimizer\FFSService.exe [161384 2012-03-12] (Acer Incorporated) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation) S3 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-19] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC) R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-11-02] (NTI Corporation) R2 Process Blocker; C:\Program Files\Softros Systems\Process Blocker\Process Blocker.exe [2233168 2014-10-03] (Softros Systems, Inc.) R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed] R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2013-03-08] (Dritek System INC.) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) S3 USecuAppSvc; C:\Program Files\Acer\Acer Theft Shield\USecuAppSvc.exe [345744 2012-11-12] (Acer Incorporated) R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [75336 2014-07-14] (Symantec Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 acpipagr; C:\Windows\System32\drivers\acpipagr.sys [0 2013-08-22] () <==== ATTENTION (zero byte File/Folder) S3 acpitime; C:\Windows\System32\drivers\acpitime.sys [0 2013-08-22] () <==== ATTENTION (zero byte File/Folder) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-11-16] (AVAST Software) R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28144 2015-11-16] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-11-16] (AVAST Software) R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [466400 2015-11-16] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-11-16] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-11-16] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2015-11-16] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2015-11-16] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [154256 2015-11-16] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-11-16] (AVAST Software) S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-01-28] (Qualcomm Atheros) R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation) S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation) S3 ErrDev; C:\Windows\System32\drivers\errdev.sys [0 2013-08-22] () <==== ATTENTION (zero byte File/Folder) R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23376 2012-08-17] (Condusiv Technologies) R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [103248 2012-08-17] (Condusiv Technologies) R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-20] (Intel Corporation) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation) S3 MSPCLOCK; C:\Windows\system32\drivers\MSPCLOCK.sys [0 2013-08-22] () <==== ATTENTION (zero byte File/Folder) R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [147088 2015-11-16] (AVAST Software) R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2013-03-08] (Dritek System Inc.) S3 RasAgileVpn; C:\Windows\system32\DRIVERS\AgileVpn.sys [0 2014-10-28] () <==== ATTENTION (zero byte File/Folder) R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [310904 2015-11-16] (Avast Software) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation) S3 MREMP50; \??\C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [X] S3 MREMP50a64; \??\C:\Program Files\Common Files\Motive\MREMP50a64.sys [X] S3 MRESP50; \??\C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [X] S3 MRESP50a64; \??\C:\Program Files\Common Files\Motive\MRESP50a64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-11-18 07:29 - 2015-11-18 07:29 - 00030708 _____ C:\Users\David\Desktop\FRST.txt 2015-11-18 07:21 - 2015-11-18 07:21 - 00000144 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2015-11-18 06:01 - 2015-11-18 06:20 - 00000000 ____D C:\Users\David\Documents\Woodworking 2015-11-18 05:49 - 2015-11-18 05:49 - 00000913 _____ C:\Users\David\Desktop\Documents - Shortcut.lnk 2015-11-18 05:05 - 2015-11-18 05:05 - 00015036 _____ C:\Users\David\Documents\cc_20151118_050535.reg 2015-11-17 21:18 - 2015-11-17 21:41 - 00000018 _____ C:\repair_starting.dat 2015-11-17 21:13 - 2015-11-17 19:55 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msobjs.dll 2015-11-16 19:20 - 2015-11-16 19:20 - 00000000 ____D C:\Users\David\AppData\Local\CrashRpt 2015-11-16 19:00 - 2015-11-16 19:00 - 00022178 _____ C:\Users\David\Documents\cc_20151116_190046.reg 2015-11-16 05:52 - 2015-11-16 05:52 - 00043104 _____ C:\Users\David\Documents\cc_20151116_055246.reg 2015-11-16 05:43 - 2015-11-16 05:43 - 00003026 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1447444372 2015-11-16 05:43 - 2015-11-16 05:43 - 00001017 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk 2015-11-16 05:41 - 2015-11-16 05:41 - 00466400 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNdisFlt.sys 2015-11-16 05:41 - 2015-11-16 05:41 - 00386096 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2015-11-16 05:41 - 2015-11-16 05:41 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr 2015-11-16 05:19 - 2015-11-16 19:01 - 02008576 _____ (Farbar) C:\Users\David\Desktop\FRST64.exe 2015-11-16 05:15 - 2015-11-16 05:15 - 00000000 ____D C:\Users\David\AppData\Local\GWX 2015-11-15 20:21 - 2015-11-17 21:38 - 00863592 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI 2015-11-15 19:53 - 2015-11-15 19:53 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-DAVID-Windows-8.1-(64-bit).dat 2015-11-15 18:20 - 2015-11-17 19:28 - 00003648 _____ C:\WINDOWS\System32\Tasks\Tweaking.com - Windows Repair Tray Icon 2015-11-15 18:20 - 2015-11-15 18:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com 2015-11-15 14:52 - 2015-11-15 14:52 - 00000345 _____ C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Update.lnk 2015-11-15 14:36 - 2015-05-07 12:00 - 03109376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll 2015-11-15 14:36 - 2015-05-07 11:12 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll 2015-11-15 14:35 - 2015-03-01 20:43 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll 2015-11-15 14:35 - 2015-03-01 20:21 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastapi.dll 2015-11-15 14:34 - 2015-05-11 13:17 - 01201664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys 2015-11-15 14:34 - 2015-04-02 19:35 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll 2015-11-15 14:34 - 2015-04-02 19:14 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll 2015-11-15 14:34 - 2014-11-04 14:25 - 00059712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdclass.sys 2015-11-15 14:34 - 2014-11-04 14:25 - 00051008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouclass.sys 2015-11-15 14:34 - 2014-11-04 01:55 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sermouse.sys 2015-11-15 14:34 - 2014-11-04 01:54 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\i8042prt.sys 2015-11-15 14:34 - 2014-11-04 01:54 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdhid.sys 2015-11-15 14:34 - 2014-11-04 01:54 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouhid.sys 2015-11-15 14:32 - 2015-04-13 17:37 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll 2015-11-15 14:32 - 2015-04-13 17:34 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll 2015-11-15 14:32 - 2015-02-17 18:19 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll 2015-11-15 14:31 - 2015-09-18 22:18 - 00035384 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe 2015-11-15 14:31 - 2015-09-18 08:42 - 01290752 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2015-11-15 14:31 - 2015-09-18 08:42 - 01163776 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2015-11-15 14:31 - 2015-09-18 08:42 - 00766464 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2015-11-15 14:31 - 2015-09-18 08:42 - 00699904 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2015-11-15 14:31 - 2015-09-18 08:42 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2015-11-15 14:31 - 2015-09-18 08:42 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2015-11-15 14:31 - 2015-05-21 08:08 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll 2015-11-15 14:31 - 2015-03-12 23:03 - 00239424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys 2015-11-15 14:31 - 2015-03-12 23:03 - 00154432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys 2015-11-15 14:30 - 2015-08-22 08:42 - 00901264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll 2015-11-15 14:30 - 2015-08-22 08:42 - 00066400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-private-l1-1-0.dll 2015-11-15 14:30 - 2015-08-22 08:42 - 00022368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-math-l1-1-0.dll 2015-11-15 14:30 - 2015-08-22 08:42 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll 2015-11-15 14:30 - 2015-08-22 08:42 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-string-l1-1-0.dll 2015-11-15 14:30 - 2015-08-22 08:42 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll 2015-11-15 14:30 - 2015-08-22 08:42 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll 2015-11-15 14:30 - 2015-08-22 08:42 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll 2015-11-15 14:30 - 2015-08-22 08:42 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-time-l1-1-0.dll 2015-11-15 14:30 - 2015-08-22 08:42 - 00013664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll 2015-11-15 14:30 - 2015-08-22 08:42 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-process-l1-1-0.dll 2015-11-15 14:30 - 2015-08-22 08:42 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll 2015-11-15 14:30 - 2015-08-22 08:42 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll 2015-11-15 14:30 - 2015-08-22 08:42 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll 2015-11-15 14:30 - 2015-08-22 08:42 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll 2015-11-15 14:30 - 2015-08-22 08:42 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll 2015-11-15 14:30 - 2015-08-22 08:35 - 00984448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll 2015-11-15 14:30 - 2015-08-22 08:35 - 00063840 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-private-l1-1-0.dll 2015-11-15 14:30 - 2015-08-22 08:35 - 00020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-math-l1-1-0.dll 2015-11-15 14:30 - 2015-08-22 08:35 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-multibyte-l1-1-0.dll 2015-11-15 14:30 - 2015-08-22 08:35 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-string-l1-1-0.dll 2015-11-15 14:30 - 2015-08-22 08:35 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-stdio-l1-1-0.dll 2015-11-15 14:30 - 2015-08-22 08:35 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-runtime-l1-1-0.dll 2015-11-15 14:30 - 2015-08-22 08:35 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-convert-l1-1-0.dll 2015-11-15 14:30 - 2015-08-22 08:35 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-time-l1-1-0.dll 2015-11-15 14:30 - 2015-08-22 08:35 - 00013664 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-filesystem-l1-1-0.dll 2015-11-15 14:30 - 2015-08-22 08:35 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-process-l1-1-0.dll 2015-11-15 14:30 - 2015-08-22 08:35 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-heap-l1-1-0.dll 2015-11-15 14:30 - 2015-08-22 08:35 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-conio-l1-1-0.dll 2015-11-15 14:30 - 2015-08-22 08:35 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-utility-l1-1-0.dll 2015-11-15 14:30 - 2015-08-22 08:35 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-locale-l1-1-0.dll 2015-11-15 14:30 - 2015-08-22 08:35 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-environment-l1-1-0.dll 2015-11-15 14:29 - 2015-10-13 12:10 - 00559616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys 2015-11-15 14:29 - 2015-10-13 12:10 - 00108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys 2015-11-15 14:27 - 2015-10-17 09:19 - 04176384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2015-11-14 12:16 - 2015-11-15 07:48 - 00000000 ____D C:\AdwCleaner 2015-11-14 11:26 - 2015-11-14 11:27 - 00000333 _____ C:\WINDOWS\SysWOW64\debug.log 2015-11-14 07:09 - 2015-11-14 07:09 - 00000000 ____D C:\RegBackup 2015-11-13 22:01 - 2015-11-13 22:01 - 00000000 ____D C:\Program Files (x86)\Tweaking.com 2015-11-13 21:27 - 2015-11-18 07:29 - 00000000 ____D C:\FRST 2015-11-13 11:49 - 2015-11-13 11:49 - 00000000 ____D C:\Users\David\AppData\Roaming\supportdotcom 2015-11-13 06:02 - 2015-11-13 06:02 - 00001320 _____ C:\Users\David\Documents\cc_20151113_060232.reg 2015-11-08 10:43 - 2015-11-15 14:40 - 00000000 ____D C:\ProgramData\Auslogics 2015-11-08 10:42 - 2015-11-15 16:46 - 00000000 ____D C:\WINDOWS\System32\Tasks\Auslogics 2015-11-08 10:42 - 2015-11-15 14:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics 2015-11-08 10:42 - 2015-11-15 14:29 - 00000000 ____D C:\Program Files (x86)\Auslogics 2015-10-31 17:27 - 2015-10-31 17:28 - 00000000 ____D C:\Users\David\Documents\BEopt_2.5.0 2015-10-31 17:27 - 2015-10-31 17:27 - 00000000 ____D C:\Users\David\AppData\Roaming\BEopt_2.5.0 2015-10-31 17:26 - 2015-10-31 17:26 - 00001998 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BEopt 2.5.lnk 2015-10-29 06:31 - 2015-10-29 06:31 - 00008186 _____ C:\Users\David\Documents\cc_20151029_073108.reg 2015-10-29 06:28 - 2015-10-29 06:28 - 00003196 _____ C:\WINDOWS\System32\Tasks\IHSelfDeleteTASK 2015-10-29 06:28 - 2015-10-29 06:28 - 00000000 ____D C:\ProgramData\Motive ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-11-18 07:29 - 2015-02-15 15:22 - 00000000 ____D C:\Users\David\Desktop\Utilities 2015-11-18 07:26 - 2013-09-29 23:04 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2015-11-18 07:23 - 2015-08-23 18:52 - 01622672 ____N C:\WINDOWS\WindowsUpdate.log 2015-11-18 07:22 - 2014-04-21 09:27 - 00000000 ____D C:\Temp 2015-11-18 07:22 - 2013-04-05 20:56 - 00000914 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-11-18 07:21 - 2013-08-22 09:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-11-18 07:18 - 2014-12-17 06:37 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-11-18 07:05 - 2013-04-05 20:56 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-11-18 07:00 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\sru 2015-11-18 06:59 - 2013-04-05 20:26 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1808542954-3622220976-1516702403-1001 2015-11-18 06:50 - 2013-06-15 19:05 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-11-18 06:39 - 2014-12-05 07:21 - 00000000 ____D C:\Users\David\Documents\Financial 2015-11-18 06:38 - 2014-01-02 10:05 - 00000000 ____D C:\Users\David\AppData\Local\Deployment 2015-11-18 06:22 - 2014-11-14 20:18 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-11-18 06:21 - 2014-11-14 20:18 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-11-18 06:20 - 2015-04-02 05:24 - 00000000 ____D C:\Users\David\Documents\Maintenance & Building 2015-11-18 06:18 - 2014-12-05 07:21 - 00000000 ____D C:\Users\David\Documents\Home Design 2015-11-18 05:11 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\AppReadiness 2015-11-18 05:10 - 2014-03-21 21:17 - 00003914 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{F546B436-119A-412B-8AE9-604A97ED20D8} 2015-11-18 05:04 - 2013-08-04 22:35 - 00000000 ____D C:\Users\David\AppData\Local\CrashDumps 2015-11-18 05:00 - 2014-09-01 18:36 - 00473624 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2015-11-17 21:41 - 2012-07-26 00:26 - 00000337 _____ C:\WINDOWS\win.ini 2015-11-17 21:13 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\ras 2015-11-17 21:13 - 2013-08-22 01:58 - 00000000 _____ C:\WINDOWS\system32\rasctrnm.h 2015-11-17 19:56 - 2015-03-15 06:08 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WmpDui.dll 2015-11-17 19:55 - 2015-03-15 06:02 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iscsiwmiv2.dll 2015-11-16 19:10 - 2015-01-14 07:59 - 00000000 ____D C:\WINDOWS\SysWOW64\vbox 2015-11-16 19:10 - 2015-01-14 07:59 - 00000000 ____D C:\WINDOWS\system32\vbox 2015-11-16 19:09 - 2013-04-06 08:22 - 00004182 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update 2015-11-16 19:06 - 2013-08-06 19:37 - 00000000 ____D C:\Users\David\AppData\LocalLow\Temp 2015-11-16 19:04 - 2012-07-26 02:59 - 00000000 ____D C:\WINDOWS\CbsTemp 2015-11-16 19:01 - 2014-11-08 06:14 - 00000000 ____D C:\Users\David\AppData\Roaming\BEopt_2.3.0 2015-11-16 07:13 - 2014-12-05 07:21 - 00000000 ____D C:\Users\David\Documents\Emergency Planning 2015-11-16 05:41 - 2015-10-01 05:34 - 00147088 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\ngvss.sys 2015-11-16 05:41 - 2015-01-14 07:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2015-11-16 05:41 - 2014-04-23 19:43 - 00028656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys 2015-11-16 05:41 - 2014-01-06 20:58 - 00154256 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys 2015-11-16 05:41 - 2013-12-08 18:56 - 00028144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys 2015-11-16 05:41 - 2013-12-08 17:46 - 01059656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys 2015-11-16 05:41 - 2013-12-08 17:46 - 00449992 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys 2015-11-16 05:41 - 2013-12-08 17:46 - 00273784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys 2015-11-16 05:41 - 2013-12-08 17:46 - 00097648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2015-11-16 05:41 - 2013-12-08 17:46 - 00093528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys 2015-11-16 05:41 - 2013-12-08 17:46 - 00065224 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys 2015-11-16 05:36 - 2014-08-23 05:34 - 00110176 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll 2015-11-16 05:36 - 2014-08-23 05:34 - 00000000 ____D C:\Program Files\Java 2015-11-16 05:36 - 2014-08-02 15:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ___SD C:\WINDOWS\system32\dsc 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ___RD C:\WINDOWS\ToastData 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ___RD C:\WINDOWS\Offline Web Pages 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\WinStore 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\zh-HK 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\WinMetadata 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\uk-UA 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\tr-TR 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\th-TH 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\sr-Latn-RS 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\sr-Latn-CS 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\sppui 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\sl-SI 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\sk-SK 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\setup 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\ro-RO 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Recovery 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\MSDRM 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\lv-LV 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\lt-LT 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\InstallShield 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\icsxml 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\hr-HR 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\he-IL 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\et-EE 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Com 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Bthprops 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\bg-BG 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\ar-SA 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\zh-HK 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\WinMetadata 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\uk-UA 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\tr-TR 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\th-TH 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\sr-Latn-RS 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\sr-Latn-CS 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\sppui 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\sl-SI 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\sk-SK 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\setup 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\ro-RO 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\Recovery 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\ras 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\MSDRM 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\migwiz 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\lv-LV 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\lt-LT 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\icsxml 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\ias 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\hr-HR 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\he-IL 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\et-EE 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\en-GB 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\Com 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system\Speech 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-11-15 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-11-15 16:54 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe 2015-11-15 16:54 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\SysWOW64\downlevel 2015-11-15 16:54 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism 2015-11-15 16:54 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers 2015-11-15 16:54 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\Sysprep 2015-11-15 16:54 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\oobe 2015-11-15 16:54 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\downlevel 2015-11-15 16:54 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\Dism 2015-11-15 16:54 - 2013-03-08 08:09 - 00000000 ____D C:\WINDOWS\SysWOW64\sda 2015-11-15 16:54 - 2013-03-08 08:02 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel 2015-11-15 16:54 - 2012-11-29 06:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EgisTec 2015-11-15 16:54 - 2012-11-29 06:23 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2015-11-15 16:53 - 2013-12-02 20:00 - 00000000 ___RD C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-11-15 16:53 - 2013-09-29 22:51 - 00000000 ____D C:\WINDOWS\ShellNew 2015-11-15 16:53 - 2013-09-29 22:51 - 00000000 ____D C:\Program Files\Windows Journal 2015-11-15 16:53 - 2013-08-22 10:36 - 00000000 __RSD C:\WINDOWS\Media 2015-11-15 16:53 - 2013-08-22 10:36 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2015-11-15 16:53 - 2013-08-22 10:36 - 00000000 ___RD C:\WINDOWS\DesktopTileResources 2015-11-15 16:53 - 2013-08-22 10:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-11-15 16:53 - 2013-08-22 10:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-11-15 16:53 - 2013-08-22 10:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2015-11-15 16:53 - 2013-08-22 10:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-11-15 16:53 - 2013-08-22 10:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-11-15 16:53 - 2013-08-22 10:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2015-11-15 16:53 - 2013-08-22 10:36 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools 2015-11-15 16:53 - 2013-08-22 10:36 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2015-11-15 16:53 - 2013-08-22 10:36 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility 2015-11-15 16:53 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\Bthprops 2015-11-15 16:53 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\bg-BG 2015-11-15 16:53 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\ar-SA 2015-11-15 16:53 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\rescache 2015-11-15 16:53 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions 2015-11-15 16:53 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\MediaViewer 2015-11-15 16:53 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\L2Schemas 2015-11-15 16:53 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\IME 2015-11-15 16:53 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\FileManager 2015-11-15 16:53 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\Cursors 2015-11-15 16:53 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\Camera 2015-11-15 16:53 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\addins 2015-11-15 16:53 - 2013-08-22 10:36 - 00000000 ____D C:\Program Files\Windows Portable Devices 2015-11-15 16:53 - 2013-08-22 10:36 - 00000000 ____D C:\Program Files\Windows Photo Viewer 2015-11-15 16:53 - 2013-08-22 10:36 - 00000000 ____D C:\Program Files\Windows Multimedia Platform 2015-11-15 16:53 - 2013-08-22 10:36 - 00000000 ____D C:\Program Files\Windows Defender 2015-11-15 16:53 - 2013-08-22 10:36 - 00000000 ____D C:\Program Files\Common Files\System 2015-11-15 16:53 - 2013-08-22 10:36 - 00000000 ____D C:\Program Files\Common Files\Services 2015-11-15 16:53 - 2013-08-22 10:36 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices 2015-11-15 16:53 - 2013-08-22 10:36 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2015-11-15 16:53 - 2013-08-22 10:36 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform 2015-11-15 16:53 - 2013-08-22 10:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2015-11-15 16:53 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\servicing 2015-11-15 16:53 - 2013-04-08 16:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MusicBee 2015-11-15 16:53 - 2012-11-29 06:30 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink MediaEspresso 6.5 2015-11-15 16:53 - 2012-11-29 06:26 - 00000000 ____D C:\Program Files\EgisTec IPS 2015-11-15 16:53 - 2012-11-29 06:26 - 00000000 ____D C:\Program Files (x86)\EgisTec MyWinLocker 2015-11-15 16:53 - 2012-11-29 06:26 - 00000000 ____D C:\Program Files (x86)\EgisTec IPS 2015-11-15 16:46 - 2014-01-02 09:58 - 00000000 ____D C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform 2015-11-15 16:46 - 2013-12-02 19:55 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM 2015-11-15 16:46 - 2013-09-29 22:48 - 00000000 ____D C:\WINDOWS\SysWOW64\winrm 2015-11-15 16:46 - 2013-09-29 22:48 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr 2015-11-15 16:46 - 2013-09-29 22:48 - 00000000 ____D C:\WINDOWS\system32\winrm 2015-11-15 16:46 - 2013-09-29 22:48 - 00000000 ____D C:\WINDOWS\system32\slmgr 2015-11-15 16:46 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Speech 2015-11-15 16:46 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI 2015-11-15 16:46 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\MsDtc 2015-11-15 16:46 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Licenses 2015-11-15 16:46 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\InputMethod 2015-11-15 16:46 - 2013-08-22 10:36 - 00000000 ____D C:\WIN
  12. MPB
    I have no earlier Restore Points....what now?
  13. MPB
    I tried to Activate from PC Settings but it could not. How do I see the earlier Restore Points? Fix result of Farbar Recovery Scan Tool (x64) Version:16-11-2015 Ran by David (2015-11-17 06:39:58) Run:2 Running from C:\Users\David\Desktop Loaded Profiles: David (Available Profiles: David & michael) Boot Mode: Normal ============================================== fixlist content: ***************** start CreateRestorePoint: CloseProcesses: C:\Users\David\Downloads\FLVPlayer-Chrome (1).exe C:\Users\David\Downloads\FLVPlayer-Chrome.exe EmptyTemp: Hosts: End ***************** Restore point was successfully created. Processes closed successfully. C:\Users\David\Downloads\FLVPlayer-Chrome (1).exe => moved successfully C:\Users\David\Downloads\FLVPlayer-Chrome.exe => moved successfully C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully. EmptyTemp: => 105.3 MB temporary data Removed. The system needed a reboot. ==== End of Fixlog 06:40:14 ====
  14. MPB
    Also as I logged on this morning, but not every time, I am instructed to go to PC Settings to Activate Windows. And after doing so it says it cannot be done at this time.
  15. MPB
    No Windows update during that time. ESET Scan results: C:\Users\David\Downloads\ccsetup501 (1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application C:\Users\David\Downloads\ccsetup501.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application C:\Users\David\Downloads\ccsetup502.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application C:\Users\David\Downloads\FLVPlayer-Chrome (1).exe NSIS/TrojanDownloader.Adload.AA trojan C:\Users\David\Downloads\FLVPlayer-Chrome.exe NSIS/TrojanDownloader.Adload.AA trojan
  16. MPB
    Still no printing capability. I think this may trace back to an update a week ago (Oct 8-9).
  17. MPB
    Back again. Here are the results as requested. Fix result of Farbar Recovery Scan Tool (x64) Version:16-11-2015 Ran by David (2015-11-16 19:06:18) Run:1 Running from C:\Users\David\Desktop Loaded Profiles: David (Available Profiles: David & michael) Boot Mode: Normal ============================================== fixlist content: ***************** start CreateRestorePoint: CloseProcesses: ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = SearchScopes: HKU\S-1-5-21-1808542954-3622220976-1516702403-1001 -> {8E6E6660-5E98-4549-ADC1-C49F462B0BC1} URL = SearchScopes: HKU\S-1-5-21-1808542954-3622220976-1516702403-1001 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK => not found CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\ppGoogleNaClPluginChrome.dll => No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\pdf.dll => No File CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll => No File AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm EmptyTemp: End ***************** Restore point was successfully created. Processes closed successfully. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\GDriveSharedOverlay" => key removed successfully HKCR\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => key not found. "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully "HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully "HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8E6E6660-5E98-4549-ADC1-C49F462B0BC1}" => key removed successfully HKCR\CLSID\{8E6E6660-5E98-4549-ADC1-C49F462B0BC1} => key not found. "HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}" => key removed successfully HKCR\CLSID\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} => key not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value removed successfully HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => key not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value removed successfully HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => key not found. HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\[email protected] => value removed successfully C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\ppGoogleNaClPluginChrome.dll => not found. C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\pdf.dll => not found. C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll => not found. C:\ProgramData\Reprise => ":wupeogjxldtlfudivq`qsp`26hfm" ADS removed successfully. EmptyTemp: => 126.6 MB temporary data Removed. The system needed a reboot. ==== End of Fixlog 19:06:44 ==== ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.0.0 (11.12.2015) Operating System: Windows 8.1 x64 Ran by David (Administrator) on Mon 11/16/2015 at 19:12:48.44 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 7 Successfully deleted: C:\Users\David\AppData\Local\crashrpt (Folder) Successfully deleted: C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic (Folder) Successfully deleted: C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam (Folder) Successfully deleted: C:\Users\David\AppData\Roaming\datamgr (Folder) Successfully deleted: C:\Users\David\AppData\Roaming\intermediate (Folder) Successfully deleted: C:\Users\David\AppData\Roaming\ssync (Folder) Successfully deleted: C:\WINDOWS\wininit.ini (File) Deleted the following from C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\6rbqyyt2.default\prefs.js user_pref(browser.search.order.1, default-search.net); Registry: 1 Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_9A83AADA066CCEA6F8C613E0AB5C7E19 (Registry Value) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Mon 11/16/2015 at 19:15:14.03 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  18. MPB
    Thanks Juliet. I'll send tonite.
  19. MPB
    No problem. I attached the files. Addition.txt FRST.txt system-log.txt
  20. MPB
    Good morning. The Malwarebytes scan finished and found no malware. See attached results including FRST. --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.09.3.1001 © Malwarebytes Corporation 2011-2012 OS version: 6.3.9200 Windows 8.1 x64 Account is Administrative Internet Explorer version: 11.0.9600.18053 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 1.796000 GHz Memory total: 6248751104, free: 3371937792 Downloaded database version: v2015.11.15.04 Downloaded database version: v2015.11.14.01 Downloaded database version: v2015.11.13.01 ======================================= Initializing... Driver version: 0.3.0.4 ------------ Kernel report ------------ 11/15/2015 21:12:31 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kd.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\System32\drivers\werkernel.sys \SystemRoot\System32\drivers\CLFS.SYS \SystemRoot\System32\drivers\tm.sys \SystemRoot\system32\PSHED.dll \SystemRoot\system32\BOOTVID.dll \SystemRoot\system32\CI.dll \SystemRoot\System32\drivers\msrpc.sys \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\System32\Drivers\acpiex.sys \SystemRoot\System32\Drivers\WppRecorder.sys \SystemRoot\System32\drivers\ACPI.sys \SystemRoot\System32\drivers\WMILIB.SYS \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\msisadrv.sys \SystemRoot\System32\drivers\pci.sys \SystemRoot\System32\drivers\vdrvroot.sys \SystemRoot\system32\drivers\pdc.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\DRIVERS\excsd.sys \SystemRoot\System32\drivers\spaceport.sys \SystemRoot\System32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\System32\drivers\iaStorA.sys \SystemRoot\System32\drivers\storport.sys \SystemRoot\System32\drivers\EhStorClass.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\System32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Wof.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\DRIVERS\wfplwfs.sys \SystemRoot\system32\DRIVERS\aswNdisFlt.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\System32\drivers\volsnap.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\ngvss.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\intelpep.sys \SystemRoot\System32\drivers\disk.sys \SystemRoot\System32\drivers\CLASSPNP.SYS \SystemRoot\System32\Drivers\aswVmm.sys \SystemRoot\System32\Drivers\aswRvrt.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\drivers\cdrom.sys \SystemRoot\system32\drivers\aswSnx.sys \SystemRoot\system32\DRIVERS\mwlPSDFilter.sys \SystemRoot\system32\DRIVERS\excfs.sys \SystemRoot\system32\drivers\aswSP.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\system32\drivers\aswKbd.sys \SystemRoot\System32\drivers\BasicRender.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\System32\drivers\BasicDisplay.sys \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\aswRdr2.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\System32\drivers\npsvctrig.sys \SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys \SystemRoot\system32\DRIVERS\mwlPSDNServ.sys \SystemRoot\System32\drivers\mssmbios.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\ahcache.sys \SystemRoot\System32\drivers\CompositeBus.sys \SystemRoot\system32\DRIVERS\kdnic.sys \SystemRoot\System32\drivers\umbus.sys \SystemRoot\system32\DRIVERS\igdkmd64.sys \SystemRoot\System32\drivers\USBXHCI.SYS \SystemRoot\System32\drivers\ucx01000.sys \SystemRoot\System32\drivers\HECIx64.sys \SystemRoot\System32\drivers\usbehci.sys \SystemRoot\System32\drivers\USBPORT.SYS \SystemRoot\System32\drivers\HDAudBus.sys \SystemRoot\system32\DRIVERS\k57nd60a.sys \SystemRoot\system32\DRIVERS\athw8x.sys \SystemRoot\System32\drivers\vwifibus.sys \SystemRoot\system32\DRIVERS\RtsPStor.sys \SystemRoot\System32\drivers\i8042prt.sys \SystemRoot\System32\drivers\aPs2Kb2Hid.sys \SystemRoot\System32\drivers\HIDCLASS.SYS \SystemRoot\System32\drivers\HIDPARSE.SYS \SystemRoot\System32\drivers\mouclass.sys \SystemRoot\System32\drivers\CmBatt.sys \SystemRoot\System32\drivers\BATTC.SYS \??\C:\Windows\system32\drivers\UBHelper.sys \??\C:\Windows\system32\drivers\NTIDrvr.sys \SystemRoot\System32\drivers\wmiacpi.sys \SystemRoot\System32\drivers\intelppm.sys \SystemRoot\System32\drivers\irstrtdv.sys \SystemRoot\System32\drivers\serscan.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\drivers\ks.sys \SystemRoot\System32\drivers\NdisVirtualBus.sys \SystemRoot\System32\drivers\swenum.sys \SystemRoot\System32\drivers\iwdbus.sys \SystemRoot\System32\drivers\rdpbus.sys \SystemRoot\System32\drivers\usbhub.sys \SystemRoot\System32\drivers\USBD.SYS \SystemRoot\System32\drivers\kbdhid.sys \SystemRoot\System32\drivers\kbdclass.sys \SystemRoot\System32\drivers\UsbHub3.sys \SystemRoot\system32\drivers\RTKVHD64.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\DRIVERS\IntcDAud.sys \SystemRoot\System32\drivers\hidusb.sys \SystemRoot\System32\drivers\mouhid.sys \SystemRoot\system32\DRIVERS\btfilter.sys \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\System32\Drivers\BTHUSB.sys \SystemRoot\System32\Drivers\bthport.sys \SystemRoot\System32\drivers\usbccgp.sys \SystemRoot\System32\Drivers\usbvideo.sys \SystemRoot\System32\Drivers\dump_diskdump.sys \SystemRoot\System32\Drivers\dump_iaStorA.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\drivers\BthLEEnum.sys \SystemRoot\System32\drivers\rfcomm.sys \SystemRoot\System32\drivers\BthEnum.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\bthpan.sys \SystemRoot\System32\drivers\btath_rcp.sys \SystemRoot\System32\drivers\btath_hcrp.sys \SystemRoot\System32\drivers\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\drivers\aswMonFlt.sys \??\C:\WINDOWS\system32\drivers\mbam.sys \SystemRoot\system32\drivers\aswStm.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\DRIVERS\vwifimp.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\system32\drivers\aswHwid.sys \SystemRoot\System32\drivers\condrv.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\drivers\Ndu.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys ----------- End ----------- Done! Scan started Database versions: main: v2015.11.15.04 rootkit: v2015.11.14.01 <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffe001d3b43060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xffffe001d3b43b20, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffe001d3b42060, DeviceName: \Device\excsd0\, DriverName: \Driver\excsd\ DevicePointer: 0xffffe001d3b43060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ DevicePointer: 0xffffe001d17e6060, DeviceName: \Device\0000002f\, DriverName: \Driver\iaStorA\ ------------ End ---------- Alternate DeviceName: \Device\excsd0\, DriverName: \Driver\excsd\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... File "C:\Windows\System32\drivers\1394ohci.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\1394ohci.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\acpi.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\acpi.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\acpipmi.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\acpipmi.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\AGP440.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\AGP440.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\amdk8.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\amdk8.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\amdppm.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\amdppm.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\atapi.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\atapi.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\ataport.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\ataport.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BasicDisplay.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\BasicDisplay.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BasicRender.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\BasicRender.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\battc.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\battc.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BtaMPM.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\BtaMPM.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BthAvrcpTg.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\BthAvrcpTg.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\bthenum.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\bthenum.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\bthhfenum.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\bthhfenum.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BthhfHid.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\BthhfHid.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BthLEEnum.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\BthLEEnum.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\bthmodem.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\bthmodem.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\bthpan.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\bthpan.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BTHUSB.SYS" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\BTHUSB.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\cdrom.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\cdrom.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\circlass.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\circlass.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbport.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\usbport.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hdaudbus.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\hdaudbus.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hidbatt.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\hidbatt.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hidbth.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\hidbth.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hidclass.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\hidclass.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hidi2c.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\hidi2c.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hidparse.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\hidparse.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hidusb.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\hidusb.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\intelpep.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\intelpep.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\intelppm.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\intelppm.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\msgpiowin32.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\msgpiowin32.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\msisadrv.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\msisadrv.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\msiscsi.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\msiscsi.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\npsvctrig.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\npsvctrig.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\rdpbus.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\rdpbus.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\rfcomm.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\rfcomm.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\sbp2port.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\sbp2port.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\sdstor.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\sdstor.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\serenum.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\serenum.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\serial.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\serial.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\sfloppy.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\sfloppy.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\spaceport.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\spaceport.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\stornvme.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\stornvme.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\umpass.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\umpass.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\USBAUDIO.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\USBAUDIO.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbccgp.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\usbccgp.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbcir.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\usbcir.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbd.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\usbd.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbehci.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\usbehci.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbhub.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\usbhub.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\USBHUB3.SYS" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\USBHUB3.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbohci.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\usbohci.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\CmBatt.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\CmBatt.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\CompositeBus.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\CompositeBus.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\disk.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\disk.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\drmk.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\drmk.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\drmkaud.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\drmkaud.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\fdc.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\fdc.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\flpydisk.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\flpydisk.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\fxppm.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\fxppm.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\isapnp.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\isapnp.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\kdnic.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\kdnic.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\monitor.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\monitor.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\mssmbios.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\mssmbios.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\MTConfig.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\MTConfig.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\parport.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\parport.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\pci.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\pci.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\pciide.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\pciide.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\pciidex.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\pciidex.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\pcmcia.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\pcmcia.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\portcls.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\portcls.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\processr.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\processr.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\swenum.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\swenum.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\terminpt.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\terminpt.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\tpm.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\tpm.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\TsUsbGD.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\TsUsbGD.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\uaspstor.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\uaspstor.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\UCX01000.SYS" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\UCX01000.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\uefi.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\uefi.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\umbus.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\umbus.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\volmgr.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\volmgr.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\volsnap.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\volsnap.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbprint.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\usbprint.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\USBSTOR.SYS" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\USBSTOR.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbuhci.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\usbuhci.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbvideo.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\usbvideo.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\USBXHCI.SYS" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\USBXHCI.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\vdrvroot.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\vdrvroot.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\vhdmp.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\vhdmp.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\vwifibus.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\vwifibus.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\wacompen.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\wacompen.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\winusb.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\winusb.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\wmiacpi.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\wmiacpi.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\WSDPrint.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\WSDPrint.sys" is compressed (flags = 1) Done! Drive 0 This is a System drive Scanning MBR on drive 0... Inspecting partition table: This drive is a GPT Drive. MBR Signature: 55AA Disk Signature: FBC51D97 GPT Protective MBR Partition information: Partition 0 type is EFI-GPT (0xee) Partition is NOT ACTIVE. Partition starts at LBA: 1 Numsec = 4294967295 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 GPT Partition information: GPT Header Signature 4546492050415254 GPT Header Revision 65536 Size 92 CRC 2467484061 GPT Header CurrentLba = 1 BackupLba 976773167 GPT Header FirstUsableLba 34 LastUsableLba 976773134 GPT Header Guid 38b60e89-c69b-4629-8b69-8afa824ae0d8 GPT Header Contains 128 partition entries starting at LBA 2 GPT Header Partition entry size = 128 Backup GPT header Signature 4546492050415254 Backup GPT header Revision 65536 Size 92 CRC 2467484061 Backup GPT header CurrentLba = 976773167 BackupLba 1 Backup GPT header FirstUsableLba 34 LastUsableLba 976773134 Backup GPT header Guid 38b60e89-c69b-4629-8b69-8afa824ae0d8 Backup GPT header Contains 128 partition entries starting at LBA 976773135 Backup GPT header Partition entry size = 128 Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac Partition ID 27ce7c05-5f8e-4218-acf3-f9c6dc13fad1 FirstLBA 2048 Last LBA 821247 Attributes 1 Partition Name Basic data partition Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b Partition ID 2c934baf-85c6-4739-923e-6359ed364c66 FirstLBA 821248 Last LBA 1435647 Attributes 0 Partition Name EFI system partition GPT Partition 1 is bootable Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae Partition ID 51c5c6c5-30c6-4afc-9b18-87d82a7e2b79 FirstLBA 1435648 Last LBA 1697791 Attributes 0 Partition Name Microsoft reserved partition Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7 Partition ID 1029e176-9844-465c-9cef-3377c84efa94 FirstLBA 1697792 Last LBA 938305535 Attributes 0 Partition Name Basic data partition Partition 4 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac Partition ID 8cbd222d-5ccd-485e-a784-457d8fccf2d FirstLBA 938305536 Last LBA 939022335 Attributes 1 Partition Name Partition 5 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac Partition ID 2d2f00f8-d763-496f-9c52-b52ca6a4e9c6 FirstLBA 939022336 Last LBA 976773119 Attributes 1 Partition Name Basic data partition Disk Size: 500107862016 bytes Sector size: 512 bytes Done! Physical Sector Size: 512 Drive: 1, DevicePointer: 0xffffe001d3b41060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xffffe001d3b41b20, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffe001d3b42890, DeviceName: \Device\excsd1\, DriverName: \Driver\excsd\ DevicePointer: 0xffffe001d3b41060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\ DevicePointer: 0xffffe001d21df060, DeviceName: \Device\00000030\, DriverName: \Driver\iaStorA\ ------------ End ---------- Alternate DeviceName: \Device\excsd1\, DriverName: \Driver\excsd\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 1 Scanning MBR on drive 1... Inspecting partition table: This drive is a GPT Drive. MBR Signature: 55AA Disk Signature: 2EAC232B GPT Protective MBR Partition information: Partition 0 type is EFI-GPT (0xee) Partition is NOT ACTIVE. Partition starts at LBA: 1 Numsec = 4294967295 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 GPT Partition information: GPT Header Signature 4546492050415254 GPT Header Revision 65536 Size 92 CRC 2385484839 GPT Header CurrentLba = 1 BackupLba 39091247 GPT Header FirstUsableLba 34 LastUsableLba 39091214 GPT Header Guid 1d5992d8-7a48-491c-b579-45b1dd646fa GPT Header Contains 128 partition entries starting at LBA 2 GPT Header Partition entry size = 128 Backup GPT header Signature 4546492050415254 Backup GPT header Revision 65536 Size 92 CRC 2385484839 Backup GPT header CurrentLba = 39091247 BackupLba 1 Backup GPT header FirstUsableLba 34 LastUsableLba 39091214 Backup GPT header Guid 1d5992d8-7a48-491c-b579-45b1dd646fa Backup GPT header Contains 128 partition entries starting at LBA 39091215 Backup GPT header Partition entry size = 128 Partition 0 Type b8cb5058-c187-4719-baf0-379ca2d4c97e Partition ID 4613ee39-4727-4347-8134-173f59f716f FirstLBA 7839744 Last LBA 39090175 Attributes 0 Partition Name HFS Partition 1 Type d3bfe2de-3daf-11df-ba40-e3a556d89593 Partition ID 7c573b5c-2d02-4bb1-a8ce-5865a86b2047 FirstLBA 2048 Last LBA 7837695 Attributes 0 Partition Name Basic data partition Disk Size: 20014718976 bytes Sector size: 512 bytes Done! File "C:\Windows\System32\drivers\1394ohci.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\flpydisk.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\acpi.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\isapnp.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\acpipmi.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\amdk8.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BthhfHid.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\AGP440.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\rfcomm.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\sdstor.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BASICRENDER.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\amdppm.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\atapi.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BASICDISPLAY.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\pciide.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BTHAVRCPTG.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\bthenum.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BTHHFENUM.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\BTHLEENUM.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\bthmodem.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\bthpan.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BTHUSB.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\cdrom.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\circlass.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\CmBatt.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\COMPOSITEBUS.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\monitor.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\serial.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\disk.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\drmkaud.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\umpass.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\EHSTORTCGDRV.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\parport.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\fdc.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\fxppm.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hdaudbus.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hidbatt.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hidbth.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\winusb.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hidi2c.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hidusb.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\intelpep.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\intelppm.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\msiscsi.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\volmgr.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\pcmcia.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\UCX01000.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\MSGPIOWIN32.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\msisadrv.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\mssmbios.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\MTConfig.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbhub.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\NPSVCTRIG.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbehci.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbohci.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbuhci.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\USBXHCI.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\pci.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\processr.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\rdpbus.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\uaspstor.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\sbp2port.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\serenum.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\sfloppy.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\SPACEPORT.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\stornvme.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\swenum.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\tpm.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\terminpt.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\vdrvroot.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\TsUsbGD.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\uefi.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\umbus.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\USBAUDIO.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbvideo.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbccgp.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbcir.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\USBHUB3.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbprint.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\USBSTOR.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\vhdmp.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\volsnap.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\vwifibus.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\wacompen.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\wmiacpi.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\WSDPrint.sys" is compressed (flags = 1) File "C:\Windows\System32\BthHFSrv.dll" is compressed (flags = 1) File "C:\ProgramData\AVAST Software\Avast\log\AvastSvc.log" is compressed (flags = 1) File "C:\ProgramData\AVAST Software\Avast\log\AvastUI.log" is compressed (flags = 1) File "C:\ProgramData\AVAST Software\Avast\log\GrimeFighter2.log" is compressed (flags = 1) File "C:\ProgramData\AVAST Software\Avast\log\SpamEngine.log" is compressed (flags = 1) File "C:\ProgramData\AVAST Software\Avast\log\StreamFilter.log" is compressed (flags = 1) File "C:\Windows\System32\fsquirt.exe" is compressed (flags = 1) File "C:\Windows\System32\iscsilog.dll" is compressed (flags = 1) File "C:\Windows\System32\CIRCoInst.dll" is compressed (flags = 1) File "C:\Windows\System32\WMALFXGFXDSP.dll" is compressed (flags = 1) File "C:\Windows\System32\streamci.dll" is compressed (flags = 1) File "C:\Windows\System32\SysFxUI.dll" is compressed (flags = 1) File "C:\Windows\System32\WpdMtp.dll" is compressed (flags = 1) File "C:\Windows\System32\WpdMtpUS.dll" is compressed (flags = 1) File "C:\Windows\System32\drivers\ataport.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\battc.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BtaMPM.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbport.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hidclass.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hidparse.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbd.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\drmk.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\pciidex.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\portcls.sys" is compressed (flags = 1) Scan finished ======================================= Removal queue found; removal started Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam... Removal finished --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.09.3.1001 © Malwarebytes Corporation 2011-2012 OS version: 6.3.9200 Windows 8.1 x64 Account is Administrative Internet Explorer version: 11.0.9600.18053 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 1.796000 GHz Memory total: 6248751104, free: 4468744192 ======================================= Here is the FRST scan Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015 Ran by David (administrator) on DAVID (16-11-2015 05:20:05) Running from C:\Users\David\Downloads Loaded Profiles: David (Available Profiles: David & michael) Platform: Windows 8.1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe (Nero AG) C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe (Dassault Systèmes) C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Condusiv Technologies) C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe (Acer Incorporated) C:\Program Files\Acer\Acer Instant Service\Sleep Memory Optimizer\FFSService.exe (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (Softros Systems, Inc.) C:\Program Files\Softros Systems\Process Blocker\Process Blocker.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe (Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe (Dritek System INC.) C:\Windows\RfBtnSvc64.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe (Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Flux Software LLC) C:\Users\David\AppData\Local\FluxSoftware\Flux\flux.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe (CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe (Acer Incorporated) C:\Program Files\Acer\Acer Theft Shield\USecuAppClient.exe (Tweaking.com) C:\Users\David\Downloads\tweaking.com_windows_repair_aio\WR_Tray_Icon.exe (Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-10] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1212048 2012-06-07] (Realtek Semiconductor) HKLM\...\Run: [btPreLoad] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtPreLoad.exe [64640 2013-01-28] () HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Dolby PCEE4\pcee4.exe [508256 2012-04-23] (Dolby Laboratories Inc.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6133520 2015-11-15] (AVAST Software) HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.) HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [brStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.) HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation) Winlogon\Notify\igfxcui: igfxdev.dll [X] Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKLM\...\Policies\Explorer\Run: [btvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-01-28] (Qualcomm Atheros Commnucations) HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\...\Run: [Google Update] => C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-09-01] (Google Inc.) HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\...\Run: [MusicManager] => C:\Users\David\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7646208 2015-08-13] (Google Inc.) HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\...\Run: [Amazon Cloud Player] => C:\Users\David\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3168576 2014-03-07] () HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\...\Run: [spotify Web Helper] => C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-04-11] (Spotify Ltd) HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\...\Run: [MotoCast] => C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk [2075 2014-04-21] () HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\...\Run: [f.lux] => C:\Users\David\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC) HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8551848 2015-10-19] (Piriform Ltd) HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\...\Run: [spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.) HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\...\Run: [spybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.) HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\...\Run: [GoogleChromeAutoLaunch_9A83AADA066CCEA6F8C613E0AB5C7E19] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [811848 2015-10-20] (Google Inc.) HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\...\MountPoints2: E - "E:\VZW_Software_upgrade_assistant.exe" HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\...\MountPoints2: {62ca4f68-a049-11e2-be73-20898462377a} - "E:\MotoCastSetup.exe" -a HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\...\MountPoints2: {77dff56d-862b-11e3-be8e-b8763f43915e} - "E:\LaunchU3.exe" -a HKLM\...\AppCertDlls: [ProcessBlocker] -> C:\Program Files\Softros Systems\Process Blocker\HelperLib.dll [114176 2014-10-03] (Softros Systems, inc.) HKLM\...\AppCertDlls: [ProcessBlocker86] -> C:\Program Files\Softros Systems\Process Blocker\HelperLib86.dll [95744 2014-10-03] (Softros Systems, inc.) ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-10-01] (AVAST Software) ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer Backup Manager Tray.lnk [2012-11-29] ShortcutTarget: Acer Backup Manager Tray.lnk -> C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation) BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{D6FC2674-A71D-470B-8A1A-E22E2BB35085}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{DF8C11EA-9480-4BDC-950E-C0C7926C7045}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.yahoo.com/?fr=hp-avast&type=agc511 SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKU\S-1-5-21-1808542954-3622220976-1516702403-1001 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKU\S-1-5-21-1808542954-3622220976-1516702403-1001 -> {8E6E6660-5E98-4549-ADC1-C49F462B0BC1} URL = SearchScopes: HKU\S-1-5-21-1808542954-3622220976-1516702403-1001 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms} BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-10-12] (Oracle Corporation) BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll [2013-01-28] (Qualcomm Atheros Commnucations) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-10-01] (AVAST Software) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-10-12] (Oracle Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-10-12] (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-10-01] (AVAST Software) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-10-12] (Oracle Corporation) Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File FireFox: ======== FF ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\6rbqyyt2.default FF SearchEngineOrder.1: default-search.net FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-13] () FF Plugin: @java.com/DTPlugin,version=11.60.2 -&
  21. MPB
    WIndows Repair could not finish...it stopped on 8/35 repairs. Received a Windows error message in a green bar across the screen, "This app can't run on your PC To find a version for your PC, check with the software publisher" I did not see another version.
  22. MPB
    Hi Juliet, There are no critical updates. I cannot print from the computer but I can from my cellphone. Could not print from Word, Excel or Wordpad, even in Safe Mode.
  23. MPB
    I have restored back to 11/13/15 however I received an error that said it did not complete successfully due to an unspecified error (0x80070002). When the reboot finished it said that the Restore was successful. ??? I have been successful in manually updating about 4 of 7 updates. I have repeated this 3 times. (and Lots more to do) Still cannot print from MS programs or drawing programs.
  24. MPB
    Windows update failed...message We couldn't complete the updates Undoing changes Don't turn your computer off
  25. MPB
    I've attached the Farbar scans and should also say that this may trace back to a Windows Update. The first evidence was that I could not print from a drawing application and now have to End Task just to get out. My printer is unable to connect in Word. Every time it boots I am directed to PC Settings to Activate windows and when I try it says it cannot be done. Any help you guys could give would be greatly appreciated! Mike Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015 Ran by David (administrator) on DAVID (15-11-2015 05:46:17) Running from C:\Users\David\Desktop\Utilities Loaded Profiles: David (Available Profiles: David & michael) Platform: Windows 8.1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe (Nero AG) C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe (Dassault Systèmes) C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Condusiv Technologies) C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe (Acer Incorporated) C:\Program Files\Acer\Acer Instant Service\Sleep Memory Optimizer\FFSService.exe (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (Softros Systems, Inc.) C:\Program Files\Softros Systems\Process Blocker\Process Blocker.exe (Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe (Dritek System INC.) C:\Windows\RfBtnSvc64.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Flux Software LLC) C:\Users\David\AppData\Local\FluxSoftware\Flux\flux.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe (CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe (Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe (Acer Incorporated) C:\Program Files\Acer\Acer Theft Shield\USecuAppClient.exe (Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\nacl64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\nacl64.exe (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-10] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1212048 2012-06-07] (Realtek Semiconductor) HKLM\...\Run: [btPreLoad] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtPreLoad.exe [64640 2013-01-28] () HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Dolby PCEE4\pcee4.exe [508256 2012-04-23] (Dolby Laboratories Inc.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7004376 2015-11-13] (AVAST Software) HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.) HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [brStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.) HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation) Winlogon\Notify\igfxcui: igfxdev.dll [X] Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKLM\...\Policies\Explorer\Run: [btvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-01-28] (Qualcomm Atheros Commnucations) HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\...\Run: [Google Update] => C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-09-01] (Google Inc.) HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\...\Run: [MusicManager] => C:\Users\David\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7646208 2015-08-13] (Google Inc.) HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\...\Run: [Amazon Cloud Player] => C:\Users\David\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3168576 2014-03-07] () HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\...\Run: [spotify Web Helper] => C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-04-11] (Spotify Ltd) HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\...\Run: [MotoCast] => C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk [2075 2014-04-21] () HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\...\Run: [f.lux] => C:\Users\David\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC) HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8551848 2015-10-19] (Piriform Ltd) HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\...\Run: [spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.) HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\...\Run: [spybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.) HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\...\Run: [GoogleChromeAutoLaunch_9A83AADA066CCEA6F8C613E0AB5C7E19] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [811848 2015-11-06] (Google Inc.) HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\...\MountPoints2: E - "E:\VZW_Software_upgrade_assistant.exe" HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\...\MountPoints2: {62ca4f68-a049-11e2-be73-20898462377a} - "E:\MotoCastSetup.exe" -a HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\...\MountPoints2: {77dff56d-862b-11e3-be8e-b8763f43915e} - "E:\LaunchU3.exe" -a HKLM\...\AppCertDlls: [ProcessBlocker] -> C:\Program Files\Softros Systems\Process Blocker\HelperLib.dll [114176 2014-10-03] (Softros Systems, inc.) HKLM\...\AppCertDlls: [ProcessBlocker86] -> C:\Program Files\Softros Systems\Process Blocker\HelperLib86.dll [95744 2014-10-03] (Softros Systems, inc.) ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-11-13] (AVAST Software) ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer Backup Manager Tray.lnk [2012-11-29] ShortcutTarget: Acer Backup Manager Tray.lnk -> C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{D6FC2674-A71D-470B-8A1A-E22E2BB35085}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{DF8C11EA-9480-4BDC-950E-C0C7926C7045}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.yahoo.com/?fr=hp-avast&type=agc511 SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKU\S-1-5-21-1808542954-3622220976-1516702403-1001 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKU\S-1-5-21-1808542954-3622220976-1516702403-1001 -> {8E6E6660-5E98-4549-ADC1-C49F462B0BC1} URL = SearchScopes: HKU\S-1-5-21-1808542954-3622220976-1516702403-1001 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms} BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-11-13] (Oracle Corporation) BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll [2013-01-28] (Qualcomm Atheros Commnucations) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-11-13] (AVAST Software) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-13] (Oracle Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-10-12] (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-11-13] (AVAST Software) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-10-12] (Oracle Corporation) Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File FireFox: ======== FF ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\6rbqyyt2.default FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-13] () FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-13] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-13] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-13] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-10-12] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-10-12] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin HKU\S-1-5-21-1808542954-3622220976-1516702403-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\David\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google) FF Plugin HKU\S-1-5-21-1808542954-3622220976-1516702403-1001: @talk.google.com/O1DPlugin -> C:\Users\David\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google) FF Plugin HKU\S-1-5-21-1808542954-3622220976-1516702403-1001: @tools.google.com/Google Update;version=3 -> C:\Users\David\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-21] (Google Inc.) FF Plugin HKU\S-1-5-21-1808542954-3622220976-1516702403-1001: @tools.google.com/Google Update;version=9 -> C:\Users\David\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-21] (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\David\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google) FF Plugin ProgramFiles/Appdata: C:\Users\David\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google) FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-11-13] FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2015-11-13] FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK => not found Chrome: ======= CHR HomePage: Default -> hxxp://google.com/ CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\PepperFlash\pepflashplayer.dll () CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\ppGoogleNaClPluginChrome.dll => No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\pdf.dll => No File CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll => No File CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) CHR Profile: C:\Users\David\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Entanglement Web App) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2014-09-20] CHR Extension: (Google Cast) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-10-10] CHR Extension: (Google Calendar) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-10-12] CHR Extension: (Google Play Music) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2015-11-14] CHR Extension: (AdBlock) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-10-15] CHR Extension: (Pin It Button) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2015-11-14] CHR Extension: (Google Play) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2015-02-13] CHR Extension: (The Simplex Algorithm Calculator) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\laliphfdajliicjkmlpoefhkpbgoejdg [2014-09-20] CHR Extension: (Numerics Calculator & Converter) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\liglcienpnkhdajdfmnpbgmpjglonipe [2014-09-20] CHR Extension: (Google Hangouts) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2015-11-15] CHR Extension: (Drive) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfakdllpdfjjbfommlcnfkedmbigkfdo [2014-09-20] CHR Extension: (Chrome Web Store Payments) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-26] CHR Extension: (Amazon Assistant for Chrome) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2015-11-14] CHR Profile: C:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 1 CHR Extension: (Google Slides) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-10] CHR Extension: (Google Docs) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-10] CHR Extension: (Google Drive) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-10] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-07] CHR Extension: (YouTube) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-10] CHR Extension: (Google Search) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-07] CHR Extension: (Google Sheets) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-10] CHR Extension: (Avast Online Security) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-02-10] CHR Extension: (Google Wallet) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-07] CHR Extension: (Gmail) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-07] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-11-13] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [227456 2013-01-28] (Qualcomm Atheros Commnucations) [File not signed] R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [174416 2015-11-13] (AVAST Software) R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109520 2015-11-13] (AVAST Software) R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [5554152 2015-11-13] (Avast Software) R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed] R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2449552 2012-10-26] (Acer Incorporated) S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [469648 2012-11-16] (Acer Incorporated) R2 DraftSight API Service; C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [123904 2015-01-14] (Dassault Systèmes) [File not signed] S3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658064 2012-10-23] (Acer Incorporated) R2 ExpressCache; C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe [102224 2012-08-17] (Condusiv Technologies) R2 FFSOpzSvc; C:\Program Files\Acer\Acer Instant Service\Sleep Memory Optimizer\FFSService.exe [161384 2012-03-12] (Acer Incorporated) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation) S3 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-19] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC) R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-11-02] (NTI Corporation) R2 Process Blocker; C:\Program Files\Softros Systems\Process Blocker\Process Blocker.exe [2233168 2014-10-03] (Softros Systems, Inc.) R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed] R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2013-03-08] (Dritek System INC.) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) S3 USecuAppSvc; C:\Program Files\Acer\Acer Theft Shield\USecuAppSvc.exe [345744 2012-11-12] (Acer Incorporated) R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [75336 2014-07-14] (Symantec Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 acpipagr; C:\Windows\System32\drivers\acpipagr.sys [0 2013-08-22] () <==== ATTENTION (zero byte File/Folder) S3 acpitime; C:\Windows\System32\drivers\acpitime.sys [0 2013-08-22] () <==== ATTENTION (zero byte File/Folder) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-11-13] (AVAST Software) R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28144 2015-11-13] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-11-13] (AVAST Software) R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [466400 2015-11-13] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-11-13] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-11-13] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2015-11-13] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2015-11-13] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [154256 2015-11-13] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-11-13] (AVAST Software) S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-01-28] (Qualcomm Atheros) R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation) S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation) S3 ErrDev; C:\Windows\System32\drivers\errdev.sys [0 2013-08-22] () <==== ATTENTION (zero byte File/Folder) R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23376 2012-08-17] (Condusiv Technologies) R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [103248 2012-08-17] (Condusiv Technologies) R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-20] (Intel Corporation) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation) S3 MSPCLOCK; C:\Windows\system32\drivers\MSPCLOCK.sys [0 2013-08-22] () <==== ATTENTION (zero byte File/Folder) R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [147088 2015-11-13] (AVAST Software) R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2013-03-08] (Dritek System Inc.) S3 RasAgileVpn; C:\Windows\system32\DRIVERS\AgileVpn.sys [0 2014-10-28] () <==== ATTENTION (zero byte File/Folder) S3 ssmirrdr; C:\Windows\system32\DRIVERS\ssmirrdr.sys [10112 2015-06-30] (support.com, Inc) R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [310904 2015-11-13] (Avast Software) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation) S3 MREMP50; \??\C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [X] S3 MREMP50a64; \??\C:\Program Files\Common Files\Motive\MREMP50a64.sys [X] S3 MRESP50; \??\C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [X] S3 MRESP50a64; \??\C:\Program Files\Common Files\Motive\MRESP50a64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-11-14 15:16 - 2015-11-14 15:16 - 00000000 ___SH C:\DkHyperbootSync 2015-11-14 14:51 - 2015-11-14 14:51 - 00000000 ____D C:\Users\David\AppData\Local\CrashRpt 2015-11-14 13:29 - 2015-11-14 13:29 - 00000000 ____D C:\Program Files (x86)\ESET 2015-11-14 13:28 - 2015-11-14 13:28 - 02870984 _____ (ESET) C:\Users\David\Downloads\esetsmartinstaller_enu.exe 2015-11-14 12:43 - 2015-11-14 12:43 - 00001952 _____ C:\Users\David\Desktop\JRT.txt 2015-11-14 12:39 - 2015-11-14 12:39 - 01801288 _____ (Malwarebytes) C:\Users\David\Downloads\JRT.exe 2015-11-14 12:21 - 2015-11-14 12:21 - 00000144 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2015-11-14 12:20 - 2015-11-14 14:45 - 00000308 _____ C:\WINDOWS\setupact.log 2015-11-14 12:20 - 2015-11-14 12:20 - 00000000 _____ C:\WINDOWS\setuperr.log 2015-11-14 12:16 - 2015-11-14 12:29 - 00000000 ____D C:\AdwCleaner 2015-11-14 12:06 - 2015-11-14 12:06 - 00688992 _____ (Swearware) C:\Users\David\Downloads\dds.com 2015-11-14 11:33 - 2015-11-14 11:33 - 00380416 _____ C:\Users\David\Downloads\yp31y7so.exe 2015-11-14 11:26 - 2015-11-14 11:27 - 00000333 _____ C:\WINDOWS\SysWOW64\debug.log 2015-11-14 08:28 - 2015-11-14 08:28 - 00040626 _____ C:\Users\David\Documents\cc_20151114_082754.reg 2015-11-14 08:28 - 2015-11-14 08:28 - 00000920 _____ C:\Users\David\Documents\cc_20151114_082823.reg 2015-11-14 07:42 - 2015-11-14 07:42 - 00863592 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI 2015-11-14 07:09 - 2015-11-14 07:09 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-DAVID-Windows-8.1-(64-bit).dat 2015-11-14 07:09 - 2015-11-14 07:09 - 00000000 ____D C:\RegBackup 2015-11-13 22:46 - 2015-11-13 22:44 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msobjs.dll 2015-11-13 22:02 - 2015-11-13 22:02 - 00003648 _____ C:\WINDOWS\System32\Tasks\Tweaking.com - Windows Repair Tray Icon 2015-11-13 22:01 - 2015-11-13 22:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com 2015-11-13 22:01 - 2015-11-13 22:01 - 00000000 ____D C:\Program Files (x86)\Tweaking.com 2015-11-13 21:27 - 2015-11-15 05:46 - 00000000 ____D C:\FRST 2015-11-13 21:23 - 2015-11-13 21:24 - 55560920 _____ (Microsoft Corporation) C:\Users\David\Downloads\Windows-KB890830-x64-V5.30 (1).exe 2015-11-13 21:14 - 2015-11-13 21:15 - 55560920 _____ (Microsoft Corporation) C:\Users\David\Downloads\Windows-KB890830-x64-V5.30.exe 2015-11-13 14:53 - 2015-11-13 14:53 - 00003026 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1447444372 2015-11-13 14:53 - 2015-11-13 14:53 - 00001017 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk 2015-11-13 14:49 - 2015-11-13 14:49 - 00466400 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNdisFlt.sys 2015-11-13 14:49 - 2015-11-13 14:49 - 00386096 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2015-11-13 14:49 - 2015-11-13 14:49 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr 2015-11-13 11:49 - 2015-11-13 11:49 - 00000000 ____D C:\Users\David\AppData\Roaming\supportdotcom 2015-11-13 07:39 - 2015-11-13 07:39 - 00772016 _____ (Reimage®) C:\Users\David\Downloads\ReimageRepair.exe 2015-11-13 06:07 - 2015-11-13 06:14 - 00000000 ____D C:\c9a3ecb2b734e065deb3 2015-11-13 06:02 - 2015-11-13 06:02 - 00001320 _____ C:\Users\David\Documents\cc_20151113_060232.reg 2015-11-13 05:57 - 2015-10-13 12:10 - 00559616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys 2015-11-13 05:57 - 2015-10-13 12:10 - 00108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys 2015-11-13 05:57 - 2015-09-12 08:47 - 00414559 _____ C:\WINDOWS\system32\ApnDatabase.xml 2015-11-13 05:56 - 2015-10-17 09:19 - 04176384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2015-11-13 05:56 - 2015-10-14 18:02 - 07455064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2015-11-13 05:56 - 2015-10-14 18:02 - 01659560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2015-11-13 05:56 - 2015-10-14 18:02 - 01519592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2015-11-13 05:56 - 2015-10-14 18:02 - 01487008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2015-11-13 05:56 - 2015-10-14 18:02 - 01355848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2015-11-08 10:43 - 2015-11-08 10:43 - 00000000 ____D C:\ProgramData\Auslogics 2015-11-08 10:42 - 2015-11-13 14:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics 2015-11-08 10:42 - 2015-11-13 14:01 - 00000000 ____D C:\Program Files (x86)\Auslogics 2015-11-08 09:09 - 2015-11-08 09:11 - 191477536 _____ (Microsoft Corporation) C:\Users\David\Downloads\DraftSight64 (1).exe 2015-11-08 09:06 - 2015-11-08 09:08 - 191477536 _____ (Microsoft Corporation) C:\Users\David\Downloads\DraftSight64.exe 2015-11-06 05:15 - 2015-11-06 05:15 - 03217010 _____ C:\Users\David\Downloads\RouboBench.skp 2015-11-01 06:47 - 2015-11-01 06:47 - 00086499 _____ C:\Users\David\Downloads\Cleaning and Process Records Simplification v1.pptx 2015-11-01 06:45 - 2015-11-01 06:45 - 04135132 _____ C:\Users\David\Downloads\for MB 10-15 %28KIP-Key Project Review%29Bob Draft E2E Mbonilla.pptx 2015-11-01 06:31 - 2015-11-01 06:31 - 04136857 _____ C:\Users\David\Downloads\KIP - Key Project Review - Ops update to Bob v1.pptx 2015-10-31 17:27 - 2015-10-31 17:28 - 00000000 ____D C:\Users\David\Documents\BEopt_2.5.0 2015-10-31 17:27 - 2015-10-31 17:27 - 00000000 ____D C:\Users\David\AppData\Roaming\BEopt_2.5.0 2015-10-31 17:26 - 2015-10-31 17:26 - 00001998 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BEopt 2.5.lnk 2015-10-31 17:26 - 2015-10-31 17:26 - 00001986 _____ C:\Users\Public\Desktop\BEopt 2.5.lnk 2015-10-31 17:23 - 2015-10-31 17:25 - 91201208 _____ (NREL) C:\Users\David\Downloads\BEopt_setup_2.5.0.0.exe 2015-10-29 06:31 - 2015-10-29 06:31 - 00008186 _____ C:\Users\David\Documents\cc_20151029_073108.reg 2015-10-29 06:28 - 2015-10-29 06:28 - 00000000 ____D C:\ProgramData\Motive 2015-10-27 06:54 - 2015-10-27 06:54 - 00015479 _____ C:\Users\David\Downloads\United Way Quality NR List 10.25.15.xlsx 2015-10-27 06:54 - 2015-10-27 06:54 - 00000000 _____ C:\Users\David\Downloads\United Way Quality NR List 10.25.15 (1).xlsx ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-11-15 05:46 - 2015-02-15 15:22 - 00000000 ____D C:\Users\David\Desktop\Utilities 2015-11-15 05:44 - 2015-08-23 18:52 - 01383383 _____ C:\WINDOWS\WindowsUpdate.log 2015-11-15 05:28 - 2014-03-21 21:17 - 00003914 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{F546B436-119A-412B-8AE9-604A97ED20D8} 2015-11-15 05:25 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\sru 2015-11-14 15:15 - 2013-08-04 22:35 - 00000000 ____D C:\Users\David\AppData\Local\CrashDumps 2015-11-14 15:05 - 2013-04-05 20:56 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-11-14 14:57 - 2012-07-26 02:59 - 00000000 ____D C:\WINDOWS\CbsTemp 2015-11-14 14:50 - 2014-04-21 09:27 - 00000000 ____D C:\Temp 2015-11-14 14:50 - 2013-06-15 19:05 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-11-14 14:50 - 2013-04-05 20:56 - 00000914 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-11-14 14:49 - 2013-09-29 23:04 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2015-11-14 14:45 - 2013-08-22 09:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-11-14 14:44 - 2014-09-01 18:36 - 00473624 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2015-11-14 13:27 - 2014-11-14 20:18 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-11-14 12:50 - 2013-04-05 20:26 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1808542954-3622220976-1516702403-1001 2015-11-14 12:19 - 2013-08-06 19:36 - 00000000 ____D C:\Users\David\AppData\Roaming\Common 2015-11-14 11:57 - 2014-11-15 07:04 - 00000000 __SHD C:\Users\David\AppData\Local\EmieBrowserModeList 2015-11-14 11:57 - 2014-11-15 07:03 - 00000000 __SHD C:\Users\David\AppData\LocalLow\EmieBrowserModeList 2015-11-14 11:57 - 2014-11-07 21:37 - 00000000 __SHD C:\Users\David\AppData\LocalLow\EmieUserList 2015-11-14 11:57 - 2014-11-07 21:37 - 00000000 __SHD C:\Users\David\AppData\LocalLow\EmieSiteList 2015-11-14 11:57 - 2014-11-07 21:37 - 00000000 __SHD C:\Users\David\AppData\Local\EmieUserList 2015-11-14 08:09 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\AppReadiness 2015-11-14 07:45 - 2012-07-26 00:26 - 00000337 _____ C:\WINDOWS\win.ini 2015-11-13 22:46 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\ras 2015-11-13 22:46 - 2013-08-22 01:58 - 00000000 _____ C:\WINDOWS\system32\rasctrnm.h 2015-11-13 22:45 - 2015-03-15 06:08 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WmpDui.dll 2015-11-13 22:44 - 2015-03-15 06:02 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iscsiwmiv2.dll 2015-11-13 21:01 - 2014-08-24 15:29 - 00000000 ____D C:\Users\David\Documents\My Drawings 2015-11-13 17:01 - 2015-01-14 07:59 - 00000000 ____D C:\WINDOWS\SysWOW64\vbox 2015-11-13 17:01 - 2015-01-14 07:59 - 00000000 ____D C:\WINDOWS\system32\vbox 2015-11-13 15:00 - 2015-10-01 05:46 - 00000000 ____D C:\Users\David\.oracle_jre_usage 2015-11-13 15:00 - 2014-08-02 15:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-11-13 14:59 - 2014-08-23 05:34 - 00110176 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll 2015-11-13 14:59 - 2014-08-23 05:34 - 00000000 ____D C:\Program Files\Java 2015-11-13 14:51 - 2013-08-22 08:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI 2015-11-13 14:49 - 2015-10-01 05:34 - 00147088 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\ngvss.sys 2015-11-13 14:49 - 2015-01-14 07:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2015-11-13 14:49 - 2014-04-23 19:43 - 00028656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys 2015-11-13 14:49 - 2014-01-06 20:58 - 00154256 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys 2015-11-13 14:49 - 2013-12-08 18:56 - 00028144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys 2015-11-13 14:49 - 2013-12-08 17:46 - 01059656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys 2015-11-13 14:49 - 2013-12-08 17:46 - 00449992 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys 2015-11-13 14:49 - 2013-12-08 17:46 - 00273784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys 2015-11-13 14:49 - 2013-12-08 17:46 - 00097648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2015-11-13 14:49 - 2013-12-08 17:46 - 00093528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys 2015-11-13 14:49 - 2013-12-08 17:46 - 00065224 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys 2015-11-13 14:49 - 2013-12-08 17:46 - 00000000 ____D C:\Program Files\AVAST Software 2015-11-13 14:49 - 2013-12-08 17:45 - 00000000 ____D C:\ProgramData\AVAST Software 2015-11-13 14:49 - 2013-04-06 08:22 - 00003924 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update 2015-11-13 11:51 - 2014-11-07 21:37 - 00000000 __SHD C:\Users\David\AppData\Local\EmieSiteList 2015-11-13 07:10 - 2015-04-02 05:22 - 00025600 _____ C:\Users\David\Documents\passwords.xlsx 2015-11-13 07:08 - 2014-01-02 10:05 - 00000000 ____D C:\Users\David\AppData\Local\Deployment 2015-11-13 06:14 - 2013-08-21 11:43 - 00000000 ____D C:\WINDOWS\system32\MRT 2015-11-13 06:04 - 2014-04-21 09:59 - 00001908 _____ C:\WINDOWS\System32\Tasks\Motorola Device Manager Update 2015-11-13 06:04 - 2012-11-29 06:26 - 00003408 _____ C:\WINDOWS\System32\Tasks\ALUAgent 2015-11-13 05:50 - 2013-06-15 19:05 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2015-11-08 12:54 - 2014-01-02 09:55 - 00000000 ____D C:\Users\David\AppData\Local\Microsoft Help 2015-11-08 09:57 - 2014-01-02 09:20 - 00000000 ____D C:\Users\David\AppData\Roaming\ControlCenter4 2015-11-08 09:20 - 2013-12-30 20:39 - 00000000 ____D C:\Users\David\AppData\Roaming\vlc 2015-11-02 19:23 - 2015-03-14 06:33 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-11-02 19:23 - 2015-03-14 06:33 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-10-31 17:27 - 2014-11-08 06:14 - 00000000 ____D C:\Users\David\AppData\Local\NREL 2015-10-31 17:26 - 2014-11-08 06:14 - 00000000 ____D C:\Program Files (x86)\NREL 2015-10-29 06:30 - 2013-04-05 20:18 - 00000000 ____D C:\Users\David\AppData\Local\Packages 2015-10-29 05:59 - 2014-10-19 07:07 - 00000000 ____D C:\Program Files\CCleaner 2015-10-27 18:43 - 2013-04-06 17:35 - 145617392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-10-23 14:34 - 2014-11-14 20:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-10-23 14:34 - 2014-11-14 20:18 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-10-23 14:04 - 2014-12-05 07:21 - 00000000 ____D C:\Users\David\Documents\Job 2015-10-20 17:42 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\rescache 2015-10-20 17:09 - 2013-04-06 08:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive ==================== Files in the root of some directories ======= 2014-09-10 19:08 - 2014-11-08 04:54 - 0000096 _____ () C:\Users\David\AppData\Roaming\EPDrawGUIsettings.txt 2014-08-18 20:51 - 2014-08-18 20:51 - 0007601 _____ () C:\Users\David\AppData\Local\Resmon.ResmonCfg 2015-04-13 17:36 - 2015-04-13 17:36 - 0000000 _____ () C:\Users\David\AppData\Local\{34EE548C-7A08-4079-A09A-23DBEAFCEC89} 2013-03-08 08:15 - 2013-03-08 08:15 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Some files in TEMP: ==================== C:\Users\David\AppData\Local\Temp\sqlite3.dll C:\Users\David\AppData\Local\Temp\sqlite3.exe Some zero byte size files/folders: ========================== C:\Windows\SysWOW64\advpack.dll C:\Windows\SysWOW64\api-ms-win-core-appcompat-l1-1-1.dll C:\Windows\SysWOW64\api-ms-win-core-com-l1-1-0.dll C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-1.dll C:\Windows\SysWOW64\api-ms-win-core-kernel32-legacy-l1-1-0.dll C:\Windows\SysWOW64\api-ms-win-core-kernel32-legacy-l1-1-1.dll C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-1.dll C:\Windows\SysWOW64\api-ms-win-core-multipleproviderrouter-l1-1-0.dll C:\Windows\SysWOW64\api-ms-win-core-privateprofile-l1-1-0.dll C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll C:\Windows\SysWOW64\api-ms-win-core-processtopology-l1-1-0.dll C:\Windows\SysWOW64\api-ms-win-core-processtopology-l1-2-0.dll C:\Windows\SysWOW64\api-ms-win-core-processtopology-obsolete-l1-1-0.dll C:\Windows\SysWOW64\api-ms-win-core-processtopology-private-l1-1-0.dll C:\Windows\SysWOW64\api-ms-win-core-psapi-obsolete-l1-1-0.dll C:\Windows\SysWOW64\api-ms-win-core-psm-info-l1-1-0.dll C:\Windows\SysWOW64\api-ms-win-core-psm-key-l1-1-0.dll C:\Windows\SysWOW64\api-ms-win-core-psm-plm-l1-1-0.dll C:\Windows\SysWOW64\api-ms-win-core-psm-plm-l1-1-1.dll C:\Windows\SysWOW64\api-ms-win-core-quirks-l1-1-0.dll C:\Windows\SysWOW64\api-ms-win-core-registry-l2-1-0.dll C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-2-0.dll C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-2-1.dll C:\Windows\SysWOW64\api-ms-win-core-systemtopology-l1-1-0.dll C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-2-0.dll C:\Windows\SysWOW64\api-ms-win-core-threadpool-legacy-l1-1-0.dll C:\Windows\SysWOW64\api-ms-win-core-threadpool-private-l1-1-0.dll C:\Windows\SysWOW64\api-ms-win-core-timezone-private-l1-1-0.dll C:\Windows\SysWOW64\api-ms-win-core-toolhelp-l1-1-0.dll C:\Windows\SysWOW64\api-ms-win-core-url-l1-1-0.dll C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll C:\Windows\SysWOW64\api-ms-win-core-version-l1-1-0.dll C:\Windows\SysWOW64\api-ms-win-core-version-private-l1-1-0.dll C:\Windows\SysWOW64\api-ms-win-core-versionansi-l1-1-0.dll C:\Windows\SysWOW64\api-ms-win-core-windowserrorreporting-l1-1-0.dll C:\Windows\SysWOW64\api-ms-win-core-winrt-error-l1-1-0.dll C:\Windows\SysWOW64\api-ms-win-core-winrt-propertysetprivate-l1-1-0.dll C:\Windows\SysWOW64\api-ms-win-core-winrt-registration-l1-1-0.dll C:\Windows\SysWOW64\api-ms-win-core-winrt-robuffer-l1-1-0.dll C:\Windows\SysWOW64\api-ms-win-core-winrt-roparameterizediid-l1-1-0.dll C:\Windows\SysWOW64\api-ms-win-core-winrt-string-l1-1-0.dll C:\Windows\SysWOW64\api-ms-win-core-wow64-l1-1-0.dll C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll C:\Windows\SysWOW64\api-ms-win-devices-swdevice-l1-1-0.dll C:\Windows\SysWOW64\api-ms-win-devices-swdevice-l1-1-1.dll C:\Windows\SysWOW64\api-ms-win-downlevel-kernel32-l2-1-0.dll C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-1.dll C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll C:\Windows\SysWOW64\api-ms-win-dx-d3dkmt-l1-1-0.dll C:\Windows\SysWOW64\api-ms-win-eventing-classicprovider-l1-1-0.dll C:\Windows\SysWOW64\api-ms-win-eventing-consumer-l1-1-0.dll C:\Windows\SysWOW64\api-ms-win-http-time-l1-1-0.dll C:\Windows\SysWOW64\api-ms-win-mm-joystick-l1-1-0.dll C:\Windows\SysWOW64\api-ms-win-mm-mme-l1-1-0.dll C:\Windows\SysWOW64\api-ms-win-ntuser-ie-window-l1-1-0.dll C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll C:\Windows\SysWOW64\api-ms-win-security-base-l1-2-0.dll C:\Windows\SysWOW64\api-ms-win-security-credentials-l2-1-0.dll C:\Windows\SysWOW64\api-ms-win-security-logon-l1-1-0.dll C:\Windows\SysWOW64\api-ms-win-security-sddl-ansi-l1-1-0.dll C:\Windows\SysWOW64\api-ms-win-shcore-comhelpers-l1-1-0.dll C:\Windows\SysWOW64\api-ms-win-shcore-obsolete-l1-1-0.dll C:\Windows\SysWOW64\api-ms-win-shcore-registry-l1-1-1.dll C:\Windows\SysWOW64\api-ms-win-shcore-scaling-l1-1-0.dll C:\Windows\SysWOW64\api-ms-win-shcore-scaling-l1-1-1.dll C:\Windows\SysWOW64\api-ms-win-shcore-stream-l1-1-0.dll C:\Windows\SysWOW64\api-ms-win-shcore-stream-winrt-l1-1-0.dll C:\Windows\SysWOW64\dbnetlib.dll C:\Windows\SysWOW64\devmgr.dll C:\Windows\SysWOW64\dhcpcore6.dll C:\Windows\SysWOW64\DisplaySwitch.exe C:\Windows\SysWOW64\dmdskres2.dll C:\Windows\SysWOW64\dplaysvr.exe C:\Windows\SysWOW64\dplayx.dll C:\Windows\SysWOW64\dpnet.dll C:\Windows\SysWOW64\dpnsvr.exe C:\Windows\SysWOW64\ext-ms-win-cluster-clusapi-l1-1-0.dll C:\Windows\SysWOW64\ext-ms-win-fsutilext-ulib-l1-1-0.dll C:\Windows\SysWOW64\ext-ms-win-fveapi-query-l1-1-0.dll C:\Windows\SysWOW64\ext-ms-win-gdi-dc-create-l1-1-0.dll C:\Windows\SysWOW64\ext-ms-win-gdi-dc-create-l1-1-1.dll C:\Windows\SysWOW64\ext-ms-win-gdi-render-l1-1-0.dll C:\Windows\SysWOW64\ext-ms-win-gdi-wcs-l1-1-0.dll C:\Windows\SysWOW64\ext-ms-win-mrmcorer-environment-l1-1-0.dll C:\Windows\SysWOW64\ext-ms-win-MrmCoreR-ResManager-l1-1-0.dll C:\Windows\SysWOW64\ext-ms-win-ntuser-misc-l1-2-0.dll C:\Windows\SysWOW64\ext-ms-win-ntuser-window-l1-1-1.dll C:\Windows\SysWOW64\ext-ms-win-ntuser-windowclass-l1-1-1.dll C:\Windows\SysWOW64\ext-ms-win-reinfo-query-l1-1-0.dll C:\Windows\SysWOW64\ext-ms-win-samsrv-accountstore-l1-1-0.dll C:\Windows\SysWOW64\ext-ms-win-security-credui-l1-1-0.dll C:\Windows\SysWOW64\ext-ms-win-session-userinit-l1-1-0.dll C:\Windows\SysWOW64\ext-ms-win-session-wininit-l1-1-0.dll C:\Windows\SysWOW64\ext-ms-win-session-winlogon-l1-1-0.dll C:\Windows\SysWOW64\ext-ms-win-session-wtsapi32-l1-1-0.dll C:\Windows\SysWOW64\ext-ms-win-setupApi-cfgmgr32remote-l1-1-0.dll C:\Windows\SysWOW64\ext-ms-win-setupapi-classinstallers-l1-1-0.dll C:\Windows\SysWOW64\ext-ms-win-shell-shell32-l1-2-0.dll C:\Windows\SysWOW64\ext-ms-win-shell-shlwapi-l1-1-0.dll C:\Windows\SysWOW64\ext-ms-win-shell32-shellcom-l1-1-0.dll C:\Windows\SysWOW64\ext-ms-win-shell32-shellfolders-l1-1-0.dll C:\Windows\SysWOW64\ext-ms-win-smbshare-browser-l1-1-0.dll C:\Windows\SysWOW64\ext-ms-win-uiacore-l1-1-0.dll C:\Windows\SysWOW64\ext-ms-win-winbici-l1-1-0.dll C:\Windows\SysWOW64\ext-ms-win-wsclient-devlicense-l1-1-0.dll C:\Windows\SysWOW64\hnetcfg.dll C:\Windows\SysWOW64\iassdo.dll C:\Windows\SysWOW64\iernonce.dll C:\Windows\SysWOW64\iesetup.dll C:\Windows\SysWOW64\iexpress.exe C:\Windows\SysWOW64\INETRES.dll C:\Windows\SysWOW64\kbd101c.DLL C:\Windows\SysWOW64\kbd103.DLL C:\Windows\SysWOW64\kbd106.dll C:\Windows\SysWOW64\kbd106n.dll C:\Windows\SysWOW64\KBDA1.DLL C:\Windows\SysWOW64\KBDA2.DLL C:\Windows\SysWOW64\KBDA3.DLL C:\Windows\SysWOW64\KBDAL.DLL C:\Windows\SysWOW64\KBDARME.DLL C:\Windows\SysWOW64\kbdarmph.dll C:\Windows\SysWOW64\kbdarmty.dll C:\Windows\SysWOW64\KBDARMW.DLL C:\Windows\SysWOW64\kbdax2.dll C:\Windows\SysWOW64\KBDAZE.DLL C:\Windows\SysWOW64\KBDAZEL.DLL C:\Windows\SysWOW64\KBDBE.DLL C:\Windows\SysWOW64\KBDBENE.DLL C:\Windows\SysWOW64\KBDBGPH.DLL C:\Windows\SysWOW64\KBDBGPH1.DLL C:\Windows\SysWOW64\KBDBHC.DLL C:\Windows\SysWOW64\KBDBLR.DLL C:\Windows\SysWOW64\KBDBR.DLL C:\Windows\SysWOW64\KBDBU.DLL C:\Windows\SysWOW64\KBDBUG.DLL C:\Windows\SysWOW64\KBDBULG.DLL C:\Windows\SysWOW64\KBDCA.DLL C:\Windows\SysWOW64\KBDCHER.DLL C:\Windows\SysWOW64\KBDCZ1.DLL C:\Windows\SysWOW64\KBDCZ2.DLL C:\Windows\SysWOW64\KBDDA.DLL C:\Windows\SysWOW64\KBDDIV1.DLL C:\Windows\SysWOW64\KBDDIV2.DLL C:\Windows\SysWOW64\KBDDV.DLL C:\Windows\SysWOW64\KBDES.DLL C:\Windows\SysWOW64\KBDEST.DLL C:\Windows\SysWOW64\KBDFA.DLL C:\Windows\SysWOW64\KBDFI.DLL C:\Windows\SysWOW64\kbdgeoer.dll C:\Windows\SysWOW64\kbdgeooa.dll C:\Windows\SysWOW64\KBDGKL.DLL C:\Windows\SysWOW64\KBDGN.DLL C:\Windows\SysWOW64\KBDGR.DLL C:\Windows\SysWOW64\KBDGR1.DLL C:\Windows\SysWOW64\KBDGRLND.DLL C:\Windows\SysWOW64\KBDHE.DLL C:\Windows\SysWOW64\KBDHE220.DLL C:\Windows\SysWOW64\KBDHU1.DLL C:\Windows\SysWOW64\kbdibm02.DLL C:\Windows\SysWOW64\KBDINBE1.DLL C:\Windows\SysWOW64\KBDINHIN.DLL C:\Windows\SysWOW64\KBDINKAN.DLL C:\Windows\SysWOW64\KBDINMAL.DLL C:\Windows\SysWOW64\KBDINMAR.DLL C:\Windows\SysWOW64\KBDINORI.DLL C:\Windows\SysWOW64\KBDINTAM.DLL C:\Windows\SysWOW64\KBDLT.DLL C:\Windows\SysWOW64\KBDLT1.DLL C:\Windows\SysWOW64\KBDMAC.DLL C:\Windows\SysWOW64\KBDMACST.DLL C:\Windows\SysWOW64\KBDMAORI.DLL C:\Windows\SysWOW64\KBDMLT47.DLL C:\Windows\SysWOW64\KBDMLT48.DLL C:\Windows\SysWOW64\KBDMON.DLL C:\Windows\SysWOW64\KBDMONMO.DLL C:\Windows\SysWOW64\KBDMONST.DLL C:\Windows\SysWOW64\kbdnec95.DLL C:\Windows\SysWOW64\kbdnecnt.DLL C:\Windows\SysWOW64\KBDOLCH.DLL C:\Windows\SysWOW64\KBDOLDIT.DLL C:\Windows\SysWOW64\KBDOSM.DLL C:\Windows\SysWOW64\licmgr10.dll C:\Windows\SysWOW64\mfh264enc.dll C:\Windows\SysWOW64\mmcshext.dll C:\Windows\SysWOW64\mscandui.dll C:\Windows\SysWOW64\mscpx32r.dLL C:\Windows\SysWOW64\mshta.exe C:\Windows\SysWOW64\msidntld.dll C:\Windows\SysWOW64\NlsData0007.dll C:\Windows\SysWOW64\NlsData004c.dll C:\Windows\SysWOW64\NlsData0816.dll C:\Windows\SysWOW64\NlsLexicons0002.dll C:\Windows\SysWOW64\NlsLexicons003e.dll C:\Windows\SysWOW64\NlsLexicons004c.dll C:\Windows\SysWOW64\ogldrv.dll C:\Windows\SysWOW64\onex.dll C:\Windows\SysWOW64\perfproc.dll C:\Windows\SysWOW64\pngfilt.dll C:\Windows\SysWOW64\PortableDeviceStatus.dll C:\Windows\SysWOW64\psisdecd.dll C:\Windows\SysWOW64\rasppp.dll C:\Windows\SysWOW64\rpchttp.dll C:\Windows\SysWOW64\security.dll C:\Windows\SysWOW64\SettingMonitor.dll C:\Windows\SysWOW64\spwizres.dll C:\Windows\SysWOW64\syncui.dll C:\Windows\SysWOW64\TSWorkspace.dll C:\Windows\SysWOW64\usbceip.dll C:\Windows\SysWOW64\UserAccountControlSettings.exe C:\Windows\SysWOW64\wextract.exe C:\Windows\SysWOW64\Windows.Graphics.Printing.dll C:\Windows\SysWOW64\Windows.Media.Streaming.ps.dll C:\Windows\SysWOW64\Windows.System.Profile.HardwareId.dll C:\Windows\SysWOW64\WinSyncMetastore.dll C:\Windows\SysWOW64\wisp.dll C:\Windows\SysWOW64\wlanpref.dll C:\Windows\SysWOW64\xwizards.dll C:\Windows\System32\api-ms-win-appmodel-identity-l1-1-0.dll C:\Windows\System32\api-ms-win-core-biplmapi-l1-1-1.dll C:\Windows\System32\api-ms-win-core-crt-l1-1-0.dll C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll C:\Windows\System32\api-ms-win-core-delayload-l1-1-1.dll C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-1.dll C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll C:\Windows\System32\api-ms-win-core-fibers-l1-1-1.dll C:\Windows\System32\api-ms-win-core-fibers-l2-1-0.dll C:\Windows\System32\api-ms-win-core-fibers-l2-1-1.dll C:\Windows\System32\api-ms-win-core-firmware-l1-1-0.dll C:\Windows\System32\api-ms-win-core-heap-obsolete-l1-1-0.dll C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll C:\Windows\System32\api-ms-win-core-job-l2-1-0.dll
×
×
  • Create New...