Jump to content
Sign in to follow this  
MPB

Bad Image Error, Cannot Print and other weird stuff

Recommended Posts

I've attached the Farbar scans and should also say that this may trace back to a Windows Update. The first evidence was that I could not print from a drawing application and now have to End Task just to get out. My printer is unable to connect in Word. Every time it boots I am directed to PC Settings to Activate windows and when I try it says it cannot be done. Any help you guys could give would be greatly appreciated!


Mike




Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015

Ran by David (administrator) on DAVID (15-11-2015 05:46:17)

Running from C:\Users\David\Desktop\Utilities

Loaded Profiles: David (Available Profiles: David & michael)

Platform: Windows 8.1 (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal



==================== Processes (Whitelisted) =================


(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)


(Intel Corporation) C:\Windows\System32\igfxCUIService.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe

(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe

(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe

(Nero AG) C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe

(Dassault Systèmes) C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe

(Condusiv Technologies) C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe

(Acer Incorporated) C:\Program Files\Acer\Acer Instant Service\Sleep Memory Optimizer\FFSService.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe

(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe

(Softros Systems, Inc.) C:\Program Files\Softros Systems\Process Blocker\Process Blocker.exe

(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe

(Dritek System INC.) C:\Windows\RfBtnSvc64.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe

(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe

(Intel Corporation) C:\Windows\System32\igfxEM.exe

(Intel Corporation) C:\Windows\System32\igfxHK.exe

(Intel Corporation) C:\Windows\System32\igfxTray.exe

(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Flux Software LLC) C:\Users\David\AppData\Local\FluxSoftware\Flux\flux.exe

(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe

(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe

(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe

(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe

(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe

(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe

(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe

(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe

(Acer Incorporated) C:\Program Files\Acer\Acer Theft Shield\USecuAppClient.exe

(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\nacl64.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\nacl64.exe

(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe



==================== Registry (Whitelisted) ===========================


(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)


HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-10] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1212048 2012-06-07] (Realtek Semiconductor)

HKLM\...\Run: [btPreLoad] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtPreLoad.exe [64640 2013-01-28] ()

HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Dolby PCEE4\pcee4.exe [508256 2012-04-23] (Dolby Laboratories Inc.)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7004376 2015-11-13] (AVAST Software)

HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.)

HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)

HKLM-x32\...\Run: [brStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)

HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)

HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)

Winlogon\Notify\igfxcui: igfxdev.dll [X]

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]

HKLM\...\Policies\Explorer\Run: [btvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-01-28] (Qualcomm Atheros Commnucations)

HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\...\Run: [Google Update] => C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-09-01] (Google Inc.)

HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\...\Run: [MusicManager] => C:\Users\David\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7646208 2015-08-13] (Google Inc.)

HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\...\Run: [Amazon Cloud Player] => C:\Users\David\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3168576 2014-03-07] ()

HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\...\Run: [spotify Web Helper] => C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-04-11] (Spotify Ltd)

HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\...\Run: [MotoCast] => C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk [2075 2014-04-21] ()

HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\...\Run: [f.lux] => C:\Users\David\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)

HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8551848 2015-10-19] (Piriform Ltd)

HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\...\Run: [spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)

HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\...\Run: [spybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)

HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\...\Run: [GoogleChromeAutoLaunch_9A83AADA066CCEA6F8C613E0AB5C7E19] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [811848 2015-11-06] (Google Inc.)

HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\...\MountPoints2: E - "E:\VZW_Software_upgrade_assistant.exe"

HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\...\MountPoints2: {62ca4f68-a049-11e2-be73-20898462377a} - "E:\MotoCastSetup.exe" -a

HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\...\MountPoints2: {77dff56d-862b-11e3-be8e-b8763f43915e} - "E:\LaunchU3.exe" -a

HKLM\...\AppCertDlls: [ProcessBlocker] -> C:\Program Files\Softros Systems\Process Blocker\HelperLib.dll [114176 2014-10-03] (Softros Systems, inc.)

HKLM\...\AppCertDlls: [ProcessBlocker86] -> C:\Program Files\Softros Systems\Process Blocker\HelperLib86.dll [95744 2014-10-03] (Softros Systems, inc.)

ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)

ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)

ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-11-13] (AVAST Software)

ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer Backup Manager Tray.lnk [2012-11-29]

ShortcutTarget: Acer Backup Manager Tray.lnk -> C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)


==================== Internet (Whitelisted) ====================


(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)


Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{D6FC2674-A71D-470B-8A1A-E22E2BB35085}: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{DF8C11EA-9480-4BDC-950E-C0C7926C7045}: [DhcpNameServer] 192.168.1.1


Internet Explorer:

==================

HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =

HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.yahoo.com/?fr=hp-avast&type=agc511

SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}

SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}

SearchScopes: HKU\S-1-5-21-1808542954-3622220976-1516702403-1001 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}

SearchScopes: HKU\S-1-5-21-1808542954-3622220976-1516702403-1001 -> {8E6E6660-5E98-4549-ADC1-C49F462B0BC1} URL =

SearchScopes: HKU\S-1-5-21-1808542954-3622220976-1516702403-1001 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}

BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)

BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-11-13] (Oracle Corporation)

BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll [2013-01-28] (Qualcomm Atheros Commnucations)

BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-11-13] (AVAST Software)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-13] (Oracle Corporation)

BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-10-12] (Oracle Corporation)

BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-11-13] (AVAST Software)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-10-12] (Oracle Corporation)

Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File

Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File


FireFox:

========

FF ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\6rbqyyt2.default

FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-13] ()

FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-13] (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-13] (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-13] ()

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-10-12] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-10-12] (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)

FF Plugin HKU\S-1-5-21-1808542954-3622220976-1516702403-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\David\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)

FF Plugin HKU\S-1-5-21-1808542954-3622220976-1516702403-1001: @talk.google.com/O1DPlugin -> C:\Users\David\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)

FF Plugin HKU\S-1-5-21-1808542954-3622220976-1516702403-1001: @tools.google.com/Google Update;version=3 -> C:\Users\David\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-21] (Google Inc.)

FF Plugin HKU\S-1-5-21-1808542954-3622220976-1516702403-1001: @tools.google.com/Google Update;version=9 -> C:\Users\David\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-21] (Google Inc.)

FF Plugin ProgramFiles/Appdata: C:\Users\David\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)

FF Plugin ProgramFiles/Appdata: C:\Users\David\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)

FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-11-13]

FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF

FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2015-11-13]

FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK => not found


Chrome:

=======

CHR HomePage: Default -> hxxp://google.com/

CHR StartupUrls: Default -> "hxxp://www.google.com/"

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\ppGoogleNaClPluginChrome.dll => No File

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\pdf.dll => No File

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll => No File

CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

CHR Profile: C:\Users\David\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Entanglement Web App) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2014-09-20]

CHR Extension: (Google Cast) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-10-10]

CHR Extension: (Google Calendar) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-10-12]

CHR Extension: (Google Play Music) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2015-11-14]

CHR Extension: (AdBlock) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-10-15]

CHR Extension: (Pin It Button) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2015-11-14]

CHR Extension: (Google Play) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2015-02-13]

CHR Extension: (The Simplex Algorithm Calculator) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\laliphfdajliicjkmlpoefhkpbgoejdg [2014-09-20]

CHR Extension: (Numerics Calculator & Converter) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\liglcienpnkhdajdfmnpbgmpjglonipe [2014-09-20]

CHR Extension: (Google Hangouts) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2015-11-15]

CHR Extension: (Drive) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfakdllpdfjjbfommlcnfkedmbigkfdo [2014-09-20]

CHR Extension: (Chrome Web Store Payments) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-26]

CHR Extension: (Amazon Assistant for Chrome) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2015-11-14]

CHR Profile: C:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 1

CHR Extension: (Google Slides) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-10]

CHR Extension: (Google Docs) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-10]

CHR Extension: (Google Drive) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-10]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-07]

CHR Extension: (YouTube) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-10]

CHR Extension: (Google Search) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-07]

CHR Extension: (Google Sheets) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-10]

CHR Extension: (Avast Online Security) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-02-10]

CHR Extension: (Google Wallet) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-07]

CHR Extension: (Gmail) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-07]

CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-11-13]


==================== Services (Whitelisted) ========================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [227456 2013-01-28] (Qualcomm Atheros Commnucations) [File not signed]

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [174416 2015-11-13] (AVAST Software)

R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109520 2015-11-13] (AVAST Software)

R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [5554152 2015-11-13] (Avast Software)

R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]

R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2449552 2012-10-26] (Acer Incorporated)

S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [469648 2012-11-16] (Acer Incorporated)

R2 DraftSight API Service; C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [123904 2015-01-14] (Dassault Systèmes) [File not signed]

S3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658064 2012-10-23] (Acer Incorporated)

R2 ExpressCache; C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe [102224 2012-08-17] (Condusiv Technologies)

R2 FFSOpzSvc; C:\Program Files\Acer\Acer Instant Service\Sleep Memory Optimizer\FFSService.exe [161384 2012-03-12] (Acer Incorporated)

R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation)

S3 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-19] (Intel Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)

R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)

R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-11-02] (NTI Corporation)

R2 Process Blocker; C:\Program Files\Softros Systems\Process Blocker\Process Blocker.exe [2233168 2014-10-03] (Softros Systems, Inc.)

R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]

R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2013-03-08] (Dritek System INC.)

R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)

R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)

R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)

S3 USecuAppSvc; C:\Program Files\Acer\Acer Theft Shield\USecuAppSvc.exe [345744 2012-11-12] (Acer Incorporated)

R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [75336 2014-07-14] (Symantec Corporation)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)


===================== Drivers (Whitelisted) ==========================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


S3 acpipagr; C:\Windows\System32\drivers\acpipagr.sys [0 2013-08-22] () <==== ATTENTION (zero byte File/Folder)

S3 acpitime; C:\Windows\System32\drivers\acpitime.sys [0 2013-08-22] () <==== ATTENTION (zero byte File/Folder)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-11-13] (AVAST Software)

R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28144 2015-11-13] (AVAST Software)

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-11-13] (AVAST Software)

R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [466400 2015-11-13] (AVAST Software)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-11-13] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-11-13] (AVAST Software)

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2015-11-13] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2015-11-13] (AVAST Software)

R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [154256 2015-11-13] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-11-13] (AVAST Software)

S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-01-28] (Qualcomm Atheros)

R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)

S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)

S3 ErrDev; C:\Windows\System32\drivers\errdev.sys [0 2013-08-22] () <==== ATTENTION (zero byte File/Folder)

R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23376 2012-08-17] (Condusiv Technologies)

R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [103248 2012-08-17] (Condusiv Technologies)

R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-20] (Intel Corporation)

R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)

S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)

S3 MSPCLOCK; C:\Windows\system32\drivers\MSPCLOCK.sys [0 2013-08-22] () <==== ATTENTION (zero byte File/Folder)

R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [147088 2015-11-13] (AVAST Software)

R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2013-03-08] (Dritek System Inc.)

S3 RasAgileVpn; C:\Windows\system32\DRIVERS\AgileVpn.sys [0 2014-10-28] () <==== ATTENTION (zero byte File/Folder)

S3 ssmirrdr; C:\Windows\system32\DRIVERS\ssmirrdr.sys [10112 2015-06-30] (support.com, Inc)

R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [310904 2015-11-13] (Avast Software)

S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)

S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)

S3 MREMP50; \??\C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [X]

S3 MREMP50a64; \??\C:\Program Files\Common Files\Motive\MREMP50a64.sys [X]

S3 MRESP50; \??\C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [X]

S3 MRESP50a64; \??\C:\Program Files\Common Files\Motive\MRESP50a64.sys [X]


==================== NetSvcs (Whitelisted) ===================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)



==================== One Month Created files and folders ========


(If an entry is included in the fixlist, the file/folder will be moved.)


2015-11-14 15:16 - 2015-11-14 15:16 - 00000000 ___SH C:\DkHyperbootSync

2015-11-14 14:51 - 2015-11-14 14:51 - 00000000 ____D C:\Users\David\AppData\Local\CrashRpt

2015-11-14 13:29 - 2015-11-14 13:29 - 00000000 ____D C:\Program Files (x86)\ESET

2015-11-14 13:28 - 2015-11-14 13:28 - 02870984 _____ (ESET) C:\Users\David\Downloads\esetsmartinstaller_enu.exe

2015-11-14 12:43 - 2015-11-14 12:43 - 00001952 _____ C:\Users\David\Desktop\JRT.txt

2015-11-14 12:39 - 2015-11-14 12:39 - 01801288 _____ (Malwarebytes) C:\Users\David\Downloads\JRT.exe

2015-11-14 12:21 - 2015-11-14 12:21 - 00000144 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat

2015-11-14 12:20 - 2015-11-14 14:45 - 00000308 _____ C:\WINDOWS\setupact.log

2015-11-14 12:20 - 2015-11-14 12:20 - 00000000 _____ C:\WINDOWS\setuperr.log

2015-11-14 12:16 - 2015-11-14 12:29 - 00000000 ____D C:\AdwCleaner

2015-11-14 12:06 - 2015-11-14 12:06 - 00688992 _____ (Swearware) C:\Users\David\Downloads\dds.com

2015-11-14 11:33 - 2015-11-14 11:33 - 00380416 _____ C:\Users\David\Downloads\yp31y7so.exe

2015-11-14 11:26 - 2015-11-14 11:27 - 00000333 _____ C:\WINDOWS\SysWOW64\debug.log

2015-11-14 08:28 - 2015-11-14 08:28 - 00040626 _____ C:\Users\David\Documents\cc_20151114_082754.reg

2015-11-14 08:28 - 2015-11-14 08:28 - 00000920 _____ C:\Users\David\Documents\cc_20151114_082823.reg

2015-11-14 07:42 - 2015-11-14 07:42 - 00863592 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI

2015-11-14 07:09 - 2015-11-14 07:09 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-DAVID-Windows-8.1-(64-bit).dat

2015-11-14 07:09 - 2015-11-14 07:09 - 00000000 ____D C:\RegBackup

2015-11-13 22:46 - 2015-11-13 22:44 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msobjs.dll

2015-11-13 22:02 - 2015-11-13 22:02 - 00003648 _____ C:\WINDOWS\System32\Tasks\Tweaking.com - Windows Repair Tray Icon

2015-11-13 22:01 - 2015-11-13 22:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com

2015-11-13 22:01 - 2015-11-13 22:01 - 00000000 ____D C:\Program Files (x86)\Tweaking.com

2015-11-13 21:27 - 2015-11-15 05:46 - 00000000 ____D C:\FRST

2015-11-13 21:23 - 2015-11-13 21:24 - 55560920 _____ (Microsoft Corporation) C:\Users\David\Downloads\Windows-KB890830-x64-V5.30 (1).exe

2015-11-13 21:14 - 2015-11-13 21:15 - 55560920 _____ (Microsoft Corporation) C:\Users\David\Downloads\Windows-KB890830-x64-V5.30.exe

2015-11-13 14:53 - 2015-11-13 14:53 - 00003026 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1447444372

2015-11-13 14:53 - 2015-11-13 14:53 - 00001017 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk

2015-11-13 14:49 - 2015-11-13 14:49 - 00466400 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNdisFlt.sys

2015-11-13 14:49 - 2015-11-13 14:49 - 00386096 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe

2015-11-13 14:49 - 2015-11-13 14:49 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr

2015-11-13 11:49 - 2015-11-13 11:49 - 00000000 ____D C:\Users\David\AppData\Roaming\supportdotcom

2015-11-13 07:39 - 2015-11-13 07:39 - 00772016 _____ (Reimage®) C:\Users\David\Downloads\ReimageRepair.exe

2015-11-13 06:07 - 2015-11-13 06:14 - 00000000 ____D C:\c9a3ecb2b734e065deb3

2015-11-13 06:02 - 2015-11-13 06:02 - 00001320 _____ C:\Users\David\Documents\cc_20151113_060232.reg

2015-11-13 05:57 - 2015-10-13 12:10 - 00559616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys

2015-11-13 05:57 - 2015-10-13 12:10 - 00108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys

2015-11-13 05:57 - 2015-09-12 08:47 - 00414559 _____ C:\WINDOWS\system32\ApnDatabase.xml

2015-11-13 05:56 - 2015-10-17 09:19 - 04176384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys

2015-11-13 05:56 - 2015-10-14 18:02 - 07455064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe

2015-11-13 05:56 - 2015-10-14 18:02 - 01659560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi

2015-11-13 05:56 - 2015-10-14 18:02 - 01519592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe

2015-11-13 05:56 - 2015-10-14 18:02 - 01487008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi

2015-11-13 05:56 - 2015-10-14 18:02 - 01355848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe

2015-11-08 10:43 - 2015-11-08 10:43 - 00000000 ____D C:\ProgramData\Auslogics

2015-11-08 10:42 - 2015-11-13 14:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics

2015-11-08 10:42 - 2015-11-13 14:01 - 00000000 ____D C:\Program Files (x86)\Auslogics

2015-11-08 09:09 - 2015-11-08 09:11 - 191477536 _____ (Microsoft Corporation) C:\Users\David\Downloads\DraftSight64 (1).exe

2015-11-08 09:06 - 2015-11-08 09:08 - 191477536 _____ (Microsoft Corporation) C:\Users\David\Downloads\DraftSight64.exe

2015-11-06 05:15 - 2015-11-06 05:15 - 03217010 _____ C:\Users\David\Downloads\RouboBench.skp

2015-11-01 06:47 - 2015-11-01 06:47 - 00086499 _____ C:\Users\David\Downloads\Cleaning and Process Records Simplification v1.pptx

2015-11-01 06:45 - 2015-11-01 06:45 - 04135132 _____ C:\Users\David\Downloads\for MB 10-15 %28KIP-Key Project Review%29Bob Draft E2E Mbonilla.pptx

2015-11-01 06:31 - 2015-11-01 06:31 - 04136857 _____ C:\Users\David\Downloads\KIP - Key Project Review - Ops update to Bob v1.pptx

2015-10-31 17:27 - 2015-10-31 17:28 - 00000000 ____D C:\Users\David\Documents\BEopt_2.5.0

2015-10-31 17:27 - 2015-10-31 17:27 - 00000000 ____D C:\Users\David\AppData\Roaming\BEopt_2.5.0

2015-10-31 17:26 - 2015-10-31 17:26 - 00001998 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BEopt 2.5.lnk

2015-10-31 17:26 - 2015-10-31 17:26 - 00001986 _____ C:\Users\Public\Desktop\BEopt 2.5.lnk

2015-10-31 17:23 - 2015-10-31 17:25 - 91201208 _____ (NREL) C:\Users\David\Downloads\BEopt_setup_2.5.0.0.exe

2015-10-29 06:31 - 2015-10-29 06:31 - 00008186 _____ C:\Users\David\Documents\cc_20151029_073108.reg

2015-10-29 06:28 - 2015-10-29 06:28 - 00000000 ____D C:\ProgramData\Motive

2015-10-27 06:54 - 2015-10-27 06:54 - 00015479 _____ C:\Users\David\Downloads\United Way Quality NR List 10.25.15.xlsx

2015-10-27 06:54 - 2015-10-27 06:54 - 00000000 _____ C:\Users\David\Downloads\United Way Quality NR List 10.25.15 (1).xlsx


==================== One Month Modified files and folders ========


(If an entry is included in the fixlist, the file/folder will be moved.)


2015-11-15 05:46 - 2015-02-15 15:22 - 00000000 ____D C:\Users\David\Desktop\Utilities

2015-11-15 05:44 - 2015-08-23 18:52 - 01383383 _____ C:\WINDOWS\WindowsUpdate.log

2015-11-15 05:28 - 2014-03-21 21:17 - 00003914 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{F546B436-119A-412B-8AE9-604A97ED20D8}

2015-11-15 05:25 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\sru

2015-11-14 15:15 - 2013-08-04 22:35 - 00000000 ____D C:\Users\David\AppData\Local\CrashDumps

2015-11-14 15:05 - 2013-04-05 20:56 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2015-11-14 14:57 - 2012-07-26 02:59 - 00000000 ____D C:\WINDOWS\CbsTemp

2015-11-14 14:50 - 2014-04-21 09:27 - 00000000 ____D C:\Temp

2015-11-14 14:50 - 2013-06-15 19:05 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2015-11-14 14:50 - 2013-04-05 20:56 - 00000914 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2015-11-14 14:49 - 2013-09-29 23:04 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2015-11-14 14:45 - 2013-08-22 09:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

2015-11-14 14:44 - 2014-09-01 18:36 - 00473624 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2015-11-14 13:27 - 2014-11-14 20:18 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2015-11-14 12:50 - 2013-04-05 20:26 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1808542954-3622220976-1516702403-1001

2015-11-14 12:19 - 2013-08-06 19:36 - 00000000 ____D C:\Users\David\AppData\Roaming\Common

2015-11-14 11:57 - 2014-11-15 07:04 - 00000000 __SHD C:\Users\David\AppData\Local\EmieBrowserModeList

2015-11-14 11:57 - 2014-11-15 07:03 - 00000000 __SHD C:\Users\David\AppData\LocalLow\EmieBrowserModeList

2015-11-14 11:57 - 2014-11-07 21:37 - 00000000 __SHD C:\Users\David\AppData\LocalLow\EmieUserList

2015-11-14 11:57 - 2014-11-07 21:37 - 00000000 __SHD C:\Users\David\AppData\LocalLow\EmieSiteList

2015-11-14 11:57 - 2014-11-07 21:37 - 00000000 __SHD C:\Users\David\AppData\Local\EmieUserList

2015-11-14 08:09 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\AppReadiness

2015-11-14 07:45 - 2012-07-26 00:26 - 00000337 _____ C:\WINDOWS\win.ini

2015-11-13 22:46 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\ras

2015-11-13 22:46 - 2013-08-22 01:58 - 00000000 _____ C:\WINDOWS\system32\rasctrnm.h

2015-11-13 22:45 - 2015-03-15 06:08 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WmpDui.dll

2015-11-13 22:44 - 2015-03-15 06:02 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iscsiwmiv2.dll

2015-11-13 21:01 - 2014-08-24 15:29 - 00000000 ____D C:\Users\David\Documents\My Drawings

2015-11-13 17:01 - 2015-01-14 07:59 - 00000000 ____D C:\WINDOWS\SysWOW64\vbox

2015-11-13 17:01 - 2015-01-14 07:59 - 00000000 ____D C:\WINDOWS\system32\vbox

2015-11-13 15:00 - 2015-10-01 05:46 - 00000000 ____D C:\Users\David\.oracle_jre_usage

2015-11-13 15:00 - 2014-08-02 15:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2015-11-13 14:59 - 2014-08-23 05:34 - 00110176 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll

2015-11-13 14:59 - 2014-08-23 05:34 - 00000000 ____D C:\Program Files\Java

2015-11-13 14:51 - 2013-08-22 08:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI

2015-11-13 14:49 - 2015-10-01 05:34 - 00147088 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\ngvss.sys

2015-11-13 14:49 - 2015-01-14 07:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software

2015-11-13 14:49 - 2014-04-23 19:43 - 00028656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys

2015-11-13 14:49 - 2014-01-06 20:58 - 00154256 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys

2015-11-13 14:49 - 2013-12-08 18:56 - 00028144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys

2015-11-13 14:49 - 2013-12-08 17:46 - 01059656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys

2015-11-13 14:49 - 2013-12-08 17:46 - 00449992 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys

2015-11-13 14:49 - 2013-12-08 17:46 - 00273784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys

2015-11-13 14:49 - 2013-12-08 17:46 - 00097648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys

2015-11-13 14:49 - 2013-12-08 17:46 - 00093528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys

2015-11-13 14:49 - 2013-12-08 17:46 - 00065224 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys

2015-11-13 14:49 - 2013-12-08 17:46 - 00000000 ____D C:\Program Files\AVAST Software

2015-11-13 14:49 - 2013-12-08 17:45 - 00000000 ____D C:\ProgramData\AVAST Software

2015-11-13 14:49 - 2013-04-06 08:22 - 00003924 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update

2015-11-13 11:51 - 2014-11-07 21:37 - 00000000 __SHD C:\Users\David\AppData\Local\EmieSiteList

2015-11-13 07:10 - 2015-04-02 05:22 - 00025600 _____ C:\Users\David\Documents\passwords.xlsx

2015-11-13 07:08 - 2014-01-02 10:05 - 00000000 ____D C:\Users\David\AppData\Local\Deployment

2015-11-13 06:14 - 2013-08-21 11:43 - 00000000 ____D C:\WINDOWS\system32\MRT

2015-11-13 06:04 - 2014-04-21 09:59 - 00001908 _____ C:\WINDOWS\System32\Tasks\Motorola Device Manager Update

2015-11-13 06:04 - 2012-11-29 06:26 - 00003408 _____ C:\WINDOWS\System32\Tasks\ALUAgent

2015-11-13 05:50 - 2013-06-15 19:05 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater

2015-11-08 12:54 - 2014-01-02 09:55 - 00000000 ____D C:\Users\David\AppData\Local\Microsoft Help

2015-11-08 09:57 - 2014-01-02 09:20 - 00000000 ____D C:\Users\David\AppData\Roaming\ControlCenter4

2015-11-08 09:20 - 2013-12-30 20:39 - 00000000 ____D C:\Users\David\AppData\Roaming\vlc

2015-11-02 19:23 - 2015-03-14 06:33 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

2015-11-02 19:23 - 2015-03-14 06:33 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

2015-10-31 17:27 - 2014-11-08 06:14 - 00000000 ____D C:\Users\David\AppData\Local\NREL

2015-10-31 17:26 - 2014-11-08 06:14 - 00000000 ____D C:\Program Files (x86)\NREL

2015-10-29 06:30 - 2013-04-05 20:18 - 00000000 ____D C:\Users\David\AppData\Local\Packages

2015-10-29 05:59 - 2014-10-19 07:07 - 00000000 ____D C:\Program Files\CCleaner

2015-10-27 18:43 - 2013-04-06 17:35 - 145617392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2015-10-23 14:34 - 2014-11-14 20:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-10-23 14:34 - 2014-11-14 20:18 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-10-23 14:04 - 2014-12-05 07:21 - 00000000 ____D C:\Users\David\Documents\Job

2015-10-20 17:42 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\rescache

2015-10-20 17:09 - 2013-04-06 08:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive


==================== Files in the root of some directories =======


2014-09-10 19:08 - 2014-11-08 04:54 - 0000096 _____ () C:\Users\David\AppData\Roaming\EPDrawGUIsettings.txt

2014-08-18 20:51 - 2014-08-18 20:51 - 0007601 _____ () C:\Users\David\AppData\Local\Resmon.ResmonCfg

2015-04-13 17:36 - 2015-04-13 17:36 - 0000000 _____ () C:\Users\David\AppData\Local\{34EE548C-7A08-4079-A09A-23DBEAFCEC89}

2013-03-08 08:15 - 2013-03-08 08:15 - 0000000 ____H () C:\ProgramData\DP45977C.lfl


Some files in TEMP:

====================

C:\Users\David\AppData\Local\Temp\sqlite3.dll

C:\Users\David\AppData\Local\Temp\sqlite3.exe



Some zero byte size files/folders:

==========================

C:\Windows\SysWOW64\advpack.dll

C:\Windows\SysWOW64\api-ms-win-core-appcompat-l1-1-1.dll

C:\Windows\SysWOW64\api-ms-win-core-com-l1-1-0.dll

C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-1.dll

C:\Windows\SysWOW64\api-ms-win-core-kernel32-legacy-l1-1-0.dll

C:\Windows\SysWOW64\api-ms-win-core-kernel32-legacy-l1-1-1.dll

C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll

C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-1.dll

C:\Windows\SysWOW64\api-ms-win-core-multipleproviderrouter-l1-1-0.dll

C:\Windows\SysWOW64\api-ms-win-core-privateprofile-l1-1-0.dll

C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll

C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll

C:\Windows\SysWOW64\api-ms-win-core-processtopology-l1-1-0.dll

C:\Windows\SysWOW64\api-ms-win-core-processtopology-l1-2-0.dll

C:\Windows\SysWOW64\api-ms-win-core-processtopology-obsolete-l1-1-0.dll

C:\Windows\SysWOW64\api-ms-win-core-processtopology-private-l1-1-0.dll

C:\Windows\SysWOW64\api-ms-win-core-psapi-obsolete-l1-1-0.dll

C:\Windows\SysWOW64\api-ms-win-core-psm-info-l1-1-0.dll

C:\Windows\SysWOW64\api-ms-win-core-psm-key-l1-1-0.dll

C:\Windows\SysWOW64\api-ms-win-core-psm-plm-l1-1-0.dll

C:\Windows\SysWOW64\api-ms-win-core-psm-plm-l1-1-1.dll

C:\Windows\SysWOW64\api-ms-win-core-quirks-l1-1-0.dll

C:\Windows\SysWOW64\api-ms-win-core-registry-l2-1-0.dll

C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll

C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll

C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-2-0.dll

C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-2-1.dll

C:\Windows\SysWOW64\api-ms-win-core-systemtopology-l1-1-0.dll

C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll

C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-2-0.dll

C:\Windows\SysWOW64\api-ms-win-core-threadpool-legacy-l1-1-0.dll

C:\Windows\SysWOW64\api-ms-win-core-threadpool-private-l1-1-0.dll

C:\Windows\SysWOW64\api-ms-win-core-timezone-private-l1-1-0.dll

C:\Windows\SysWOW64\api-ms-win-core-toolhelp-l1-1-0.dll

C:\Windows\SysWOW64\api-ms-win-core-url-l1-1-0.dll

C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll

C:\Windows\SysWOW64\api-ms-win-core-version-l1-1-0.dll

C:\Windows\SysWOW64\api-ms-win-core-version-private-l1-1-0.dll

C:\Windows\SysWOW64\api-ms-win-core-versionansi-l1-1-0.dll

C:\Windows\SysWOW64\api-ms-win-core-windowserrorreporting-l1-1-0.dll

C:\Windows\SysWOW64\api-ms-win-core-winrt-error-l1-1-0.dll

C:\Windows\SysWOW64\api-ms-win-core-winrt-propertysetprivate-l1-1-0.dll

C:\Windows\SysWOW64\api-ms-win-core-winrt-registration-l1-1-0.dll

C:\Windows\SysWOW64\api-ms-win-core-winrt-robuffer-l1-1-0.dll

C:\Windows\SysWOW64\api-ms-win-core-winrt-roparameterizediid-l1-1-0.dll

C:\Windows\SysWOW64\api-ms-win-core-winrt-string-l1-1-0.dll

C:\Windows\SysWOW64\api-ms-win-core-wow64-l1-1-0.dll

C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll

C:\Windows\SysWOW64\api-ms-win-devices-swdevice-l1-1-0.dll

C:\Windows\SysWOW64\api-ms-win-devices-swdevice-l1-1-1.dll

C:\Windows\SysWOW64\api-ms-win-downlevel-kernel32-l2-1-0.dll

C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-1.dll

C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll

C:\Windows\SysWOW64\api-ms-win-dx-d3dkmt-l1-1-0.dll

C:\Windows\SysWOW64\api-ms-win-eventing-classicprovider-l1-1-0.dll

C:\Windows\SysWOW64\api-ms-win-eventing-consumer-l1-1-0.dll

C:\Windows\SysWOW64\api-ms-win-http-time-l1-1-0.dll

C:\Windows\SysWOW64\api-ms-win-mm-joystick-l1-1-0.dll

C:\Windows\SysWOW64\api-ms-win-mm-mme-l1-1-0.dll

C:\Windows\SysWOW64\api-ms-win-ntuser-ie-window-l1-1-0.dll

C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll

C:\Windows\SysWOW64\api-ms-win-security-base-l1-2-0.dll

C:\Windows\SysWOW64\api-ms-win-security-credentials-l2-1-0.dll

C:\Windows\SysWOW64\api-ms-win-security-logon-l1-1-0.dll

C:\Windows\SysWOW64\api-ms-win-security-sddl-ansi-l1-1-0.dll

C:\Windows\SysWOW64\api-ms-win-shcore-comhelpers-l1-1-0.dll

C:\Windows\SysWOW64\api-ms-win-shcore-obsolete-l1-1-0.dll

C:\Windows\SysWOW64\api-ms-win-shcore-registry-l1-1-1.dll

C:\Windows\SysWOW64\api-ms-win-shcore-scaling-l1-1-0.dll

C:\Windows\SysWOW64\api-ms-win-shcore-scaling-l1-1-1.dll

C:\Windows\SysWOW64\api-ms-win-shcore-stream-l1-1-0.dll

C:\Windows\SysWOW64\api-ms-win-shcore-stream-winrt-l1-1-0.dll

C:\Windows\SysWOW64\dbnetlib.dll

C:\Windows\SysWOW64\devmgr.dll

C:\Windows\SysWOW64\dhcpcore6.dll

C:\Windows\SysWOW64\DisplaySwitch.exe

C:\Windows\SysWOW64\dmdskres2.dll

C:\Windows\SysWOW64\dplaysvr.exe

C:\Windows\SysWOW64\dplayx.dll

C:\Windows\SysWOW64\dpnet.dll

C:\Windows\SysWOW64\dpnsvr.exe

C:\Windows\SysWOW64\ext-ms-win-cluster-clusapi-l1-1-0.dll

C:\Windows\SysWOW64\ext-ms-win-fsutilext-ulib-l1-1-0.dll

C:\Windows\SysWOW64\ext-ms-win-fveapi-query-l1-1-0.dll

C:\Windows\SysWOW64\ext-ms-win-gdi-dc-create-l1-1-0.dll

C:\Windows\SysWOW64\ext-ms-win-gdi-dc-create-l1-1-1.dll

C:\Windows\SysWOW64\ext-ms-win-gdi-render-l1-1-0.dll

C:\Windows\SysWOW64\ext-ms-win-gdi-wcs-l1-1-0.dll

C:\Windows\SysWOW64\ext-ms-win-mrmcorer-environment-l1-1-0.dll

C:\Windows\SysWOW64\ext-ms-win-MrmCoreR-ResManager-l1-1-0.dll

C:\Windows\SysWOW64\ext-ms-win-ntuser-misc-l1-2-0.dll

C:\Windows\SysWOW64\ext-ms-win-ntuser-window-l1-1-1.dll

C:\Windows\SysWOW64\ext-ms-win-ntuser-windowclass-l1-1-1.dll

C:\Windows\SysWOW64\ext-ms-win-reinfo-query-l1-1-0.dll

C:\Windows\SysWOW64\ext-ms-win-samsrv-accountstore-l1-1-0.dll

C:\Windows\SysWOW64\ext-ms-win-security-credui-l1-1-0.dll

C:\Windows\SysWOW64\ext-ms-win-session-userinit-l1-1-0.dll

C:\Windows\SysWOW64\ext-ms-win-session-wininit-l1-1-0.dll

C:\Windows\SysWOW64\ext-ms-win-session-winlogon-l1-1-0.dll

C:\Windows\SysWOW64\ext-ms-win-session-wtsapi32-l1-1-0.dll

C:\Windows\SysWOW64\ext-ms-win-setupApi-cfgmgr32remote-l1-1-0.dll

C:\Windows\SysWOW64\ext-ms-win-setupapi-classinstallers-l1-1-0.dll

C:\Windows\SysWOW64\ext-ms-win-shell-shell32-l1-2-0.dll

C:\Windows\SysWOW64\ext-ms-win-shell-shlwapi-l1-1-0.dll

C:\Windows\SysWOW64\ext-ms-win-shell32-shellcom-l1-1-0.dll

C:\Windows\SysWOW64\ext-ms-win-shell32-shellfolders-l1-1-0.dll

C:\Windows\SysWOW64\ext-ms-win-smbshare-browser-l1-1-0.dll

C:\Windows\SysWOW64\ext-ms-win-uiacore-l1-1-0.dll

C:\Windows\SysWOW64\ext-ms-win-winbici-l1-1-0.dll

C:\Windows\SysWOW64\ext-ms-win-wsclient-devlicense-l1-1-0.dll

C:\Windows\SysWOW64\hnetcfg.dll

C:\Windows\SysWOW64\iassdo.dll

C:\Windows\SysWOW64\iernonce.dll

C:\Windows\SysWOW64\iesetup.dll

C:\Windows\SysWOW64\iexpress.exe

C:\Windows\SysWOW64\INETRES.dll

C:\Windows\SysWOW64\kbd101c.DLL

C:\Windows\SysWOW64\kbd103.DLL

C:\Windows\SysWOW64\kbd106.dll

C:\Windows\SysWOW64\kbd106n.dll

C:\Windows\SysWOW64\KBDA1.DLL

C:\Windows\SysWOW64\KBDA2.DLL

C:\Windows\SysWOW64\KBDA3.DLL

C:\Windows\SysWOW64\KBDAL.DLL

C:\Windows\SysWOW64\KBDARME.DLL

C:\Windows\SysWOW64\kbdarmph.dll

C:\Windows\SysWOW64\kbdarmty.dll

C:\Windows\SysWOW64\KBDARMW.DLL

C:\Windows\SysWOW64\kbdax2.dll

C:\Windows\SysWOW64\KBDAZE.DLL

C:\Windows\SysWOW64\KBDAZEL.DLL

C:\Windows\SysWOW64\KBDBE.DLL

C:\Windows\SysWOW64\KBDBENE.DLL

C:\Windows\SysWOW64\KBDBGPH.DLL

C:\Windows\SysWOW64\KBDBGPH1.DLL

C:\Windows\SysWOW64\KBDBHC.DLL

C:\Windows\SysWOW64\KBDBLR.DLL

C:\Windows\SysWOW64\KBDBR.DLL

C:\Windows\SysWOW64\KBDBU.DLL

C:\Windows\SysWOW64\KBDBUG.DLL

C:\Windows\SysWOW64\KBDBULG.DLL

C:\Windows\SysWOW64\KBDCA.DLL

C:\Windows\SysWOW64\KBDCHER.DLL

C:\Windows\SysWOW64\KBDCZ1.DLL

C:\Windows\SysWOW64\KBDCZ2.DLL

C:\Windows\SysWOW64\KBDDA.DLL

C:\Windows\SysWOW64\KBDDIV1.DLL

C:\Windows\SysWOW64\KBDDIV2.DLL

C:\Windows\SysWOW64\KBDDV.DLL

C:\Windows\SysWOW64\KBDES.DLL

C:\Windows\SysWOW64\KBDEST.DLL

C:\Windows\SysWOW64\KBDFA.DLL

C:\Windows\SysWOW64\KBDFI.DLL

C:\Windows\SysWOW64\kbdgeoer.dll

C:\Windows\SysWOW64\kbdgeooa.dll

C:\Windows\SysWOW64\KBDGKL.DLL

C:\Windows\SysWOW64\KBDGN.DLL

C:\Windows\SysWOW64\KBDGR.DLL

C:\Windows\SysWOW64\KBDGR1.DLL

C:\Windows\SysWOW64\KBDGRLND.DLL

C:\Windows\SysWOW64\KBDHE.DLL

C:\Windows\SysWOW64\KBDHE220.DLL

C:\Windows\SysWOW64\KBDHU1.DLL

C:\Windows\SysWOW64\kbdibm02.DLL

C:\Windows\SysWOW64\KBDINBE1.DLL

C:\Windows\SysWOW64\KBDINHIN.DLL

C:\Windows\SysWOW64\KBDINKAN.DLL

C:\Windows\SysWOW64\KBDINMAL.DLL

C:\Windows\SysWOW64\KBDINMAR.DLL

C:\Windows\SysWOW64\KBDINORI.DLL

C:\Windows\SysWOW64\KBDINTAM.DLL

C:\Windows\SysWOW64\KBDLT.DLL

C:\Windows\SysWOW64\KBDLT1.DLL

C:\Windows\SysWOW64\KBDMAC.DLL

C:\Windows\SysWOW64\KBDMACST.DLL

C:\Windows\SysWOW64\KBDMAORI.DLL

C:\Windows\SysWOW64\KBDMLT47.DLL

C:\Windows\SysWOW64\KBDMLT48.DLL

C:\Windows\SysWOW64\KBDMON.DLL

C:\Windows\SysWOW64\KBDMONMO.DLL

C:\Windows\SysWOW64\KBDMONST.DLL

C:\Windows\SysWOW64\kbdnec95.DLL

C:\Windows\SysWOW64\kbdnecnt.DLL

C:\Windows\SysWOW64\KBDOLCH.DLL

C:\Windows\SysWOW64\KBDOLDIT.DLL

C:\Windows\SysWOW64\KBDOSM.DLL

C:\Windows\SysWOW64\licmgr10.dll

C:\Windows\SysWOW64\mfh264enc.dll

C:\Windows\SysWOW64\mmcshext.dll

C:\Windows\SysWOW64\mscandui.dll

C:\Windows\SysWOW64\mscpx32r.dLL

C:\Windows\SysWOW64\mshta.exe

C:\Windows\SysWOW64\msidntld.dll

C:\Windows\SysWOW64\NlsData0007.dll

C:\Windows\SysWOW64\NlsData004c.dll

C:\Windows\SysWOW64\NlsData0816.dll

C:\Windows\SysWOW64\NlsLexicons0002.dll

C:\Windows\SysWOW64\NlsLexicons003e.dll

C:\Windows\SysWOW64\NlsLexicons004c.dll

C:\Windows\SysWOW64\ogldrv.dll

C:\Windows\SysWOW64\onex.dll

C:\Windows\SysWOW64\perfproc.dll

C:\Windows\SysWOW64\pngfilt.dll

C:\Windows\SysWOW64\PortableDeviceStatus.dll

C:\Windows\SysWOW64\psisdecd.dll

C:\Windows\SysWOW64\rasppp.dll

C:\Windows\SysWOW64\rpchttp.dll

C:\Windows\SysWOW64\security.dll

C:\Windows\SysWOW64\SettingMonitor.dll

C:\Windows\SysWOW64\spwizres.dll

C:\Windows\SysWOW64\syncui.dll

C:\Windows\SysWOW64\TSWorkspace.dll

C:\Windows\SysWOW64\usbceip.dll

C:\Windows\SysWOW64\UserAccountControlSettings.exe

C:\Windows\SysWOW64\wextract.exe

C:\Windows\SysWOW64\Windows.Graphics.Printing.dll

C:\Windows\SysWOW64\Windows.Media.Streaming.ps.dll

C:\Windows\SysWOW64\Windows.System.Profile.HardwareId.dll

C:\Windows\SysWOW64\WinSyncMetastore.dll

C:\Windows\SysWOW64\wisp.dll

C:\Windows\SysWOW64\wlanpref.dll

C:\Windows\SysWOW64\xwizards.dll

C:\Windows\System32\api-ms-win-appmodel-identity-l1-1-0.dll

C:\Windows\System32\api-ms-win-core-biplmapi-l1-1-1.dll

C:\Windows\System32\api-ms-win-core-crt-l1-1-0.dll

C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll

C:\Windows\System32\api-ms-win-core-delayload-l1-1-1.dll

C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll

C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-1.dll

C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll

C:\Windows\System32\api-ms-win-core-fibers-l1-1-1.dll

C:\Windows\System32\api-ms-win-core-fibers-l2-1-0.dll

C:\Windows\System32\api-ms-win-core-fibers-l2-1-1.dll

C:\Windows\System32\api-ms-win-core-firmware-l1-1-0.dll

C:\Windows\System32\api-ms-win-core-heap-obsolete-l1-1-0.dll

C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll

C:\Windows\System32\api-ms-win-core-job-l2-1-0.dll

Share this post


Link to post
Share on other sites

Windows update failed...message

 

We couldn't complete the updates

Undoing changes

Don't turn your computer off

Share this post


Link to post
Share on other sites

I'm kinda hesitant to jump in here because I think Microsoft has messed this machine up.

I looked over the logs and did see several updates it couldn't install, reason being, I don't know.

Let's try a couple of things.

reboot in Safe Mode and use system restore to a time before this date ==>13-11-2015 06:04:14 Windows Update,
then change the update settings to not automatically install,
Change the settings to manually install the updates. Install a few updates at a time if they are small. Install the large ones one at a time. This will narrow down what might be causing the issue.

 

Try this and let me know.

Share this post


Link to post
Share on other sites

I have restored back to 11/13/15 however I received an error that said it did not complete successfully due to an unspecified error (0x80070002). When the reboot finished it said that the Restore was successful. ???

 

I have been successful in manually updating about 4 of 7 updates. I have repeated this 3 times. (and Lots more to do)

 

Still cannot print from MS programs or drawing programs.

Share this post


Link to post
Share on other sites

Only install critical for the time being.

 

 

Can it print a test page?

 

When it gets to where you can check things out, look over the below link.

 

https://support.microsoft.com/en-us/kb/822005

 

Forgot to ask if you had tried to boot into safe mode and test printing there?

 

good article below

https://support.microsoft.com/en-us/kb/826845

Edited by Juliet

Share this post


Link to post
Share on other sites

Hi Juliet,

 

There are no critical updates.

 

I cannot print from the computer but I can from my cellphone.

 

Could not print from Word, Excel or Wordpad, even in Safe Mode.

Share this post


Link to post
Share on other sites

grrrrrr, to heck with simple.

 

Before anyone makes you go to great lengths like uninstall reinstall the printer, let's try this

 

Also please download Windows Repair (all in one) from here

 

step-4-tab.jpg

Install the program then go to step 4 and create a new system restore point and new registry backup.

 

Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

p22001645.gif

 

 

 

NEXT

On the the Start Repairs tab => Click the Start

start-repairs-tab.jpg

 

 

Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):

p22001647.gif

 

Click on box next to the Restart System when Finished. Then click on Start.

Share this post


Link to post
Share on other sites

WIndows Repair could not finish...it stopped on 8/35 repairs.

 

Received a Windows error message in a green bar across the screen,

 

"This app can't run on your PC

To find a version for your PC, check with the software publisher"

 

I did not see another version.

Share this post


Link to post
Share on other sites

I don't think there is a different version.

 

bullseye_zpse9eaf36e.gifMalwarebytes Anti-Rootkit

  • Download Malwarebytes Anti-Rootkit
  • Once the file has been downloaded, right click on the downloaded file and select the Extract all menu option.
  • Follow the instructions to extract the ZIP file to a folder called mbar-versionnumber on your desktop.
  • Once the ZIP file has been extracted, open the folder and when that folder opens, double-click on the mbar folder.
  • Double-click on the mbar.exe file to launch Malwarebytes Anti-Rootkit.
  • After you double-click on the mbar.exe file, you may receive a User Account Control (UAC) message if you are sure you wish to allow the program to run. Please allow to start Malwarebytes Anti-Rootkit correctly.
  • Malwarebytes Anti-Rootkit will now install necessary drivers that are required for the program to operate correctly.
  • If you receive a DDA driver message like could not load DDA driver, click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer and will start automatically.
MBAMAnti-Rootkit1_zps4613be8c.png
  • Please click by the introduction screen on the Next button to continue.
MBAMAnti-Rootkit2update_zpsf85fca28.png
  • Next you will see the Update Database screen.
  • Click on the Update button so Malwarebytes Anti-Rootkit can download the latest definition updates.
MBAMAnti-Rootkitupdatecomplete_zpscf9f4c
  • When the update has finished, click on the Next button.
MBAMAnti-Rootkitscan_zps9b346fe7.png
  • Next you can select some basic scanning options. Make sure the Drivers, Sectors, and System scan targets are selected before you click on the Scan button.
  • Malwarebytes Anti-Rootkit will now start scanning your computer for rootkits. This scan can take some time, so please be patient.
MBAMAnti-Rootkitscan-results_zps9f0fdf8e
  • When the scan with Malwarebytes Anti-Rootkit is finished, the program will display a screen with the results from the scan.
  • Make sure everything is selected and that the option to create a restore point is checked.
  • Next click on the Cleanup button. Malwarebytes Anti-Rootkit will then prompt you to reboot your computer.
  • Click on Yes button to restart your computer.
  • There will now be two log files created in the mbar folder called system-log.txt and one that starts with mbar-log.
  • The mbar-log file will always start with mbar-log, but the rest will be named using a timestamp indicating the time it was run.
    • For example, mbar-log-2012-11-12 (19-13-32).txt corresponds to mbar-log-year-month-day (hour-minute-second).txt.
  • The system-log.txt contains information about each time you have run MBAR and contains diagnostic information from the program.
~~~~~~~~~~~~

 

Delete the FRST.txt & Addition.txt you should have on desktop I'd like for you to run another FRST and post the results,

  • Right-Click FRST.exe / FRST64.exe and select AVOiBNU.jpgRun as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.

     

Post these 2 logs when finished.

 

Also, wont be able to check back till morning.

Share this post


Link to post
Share on other sites

Running from C:\Users\David\Desktop\Utilities

It's located here

Share this post


Link to post
Share on other sites

Good morning.

 

The Malwarebytes scan finished and found no malware. See attached results including FRST.

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001
© Malwarebytes Corporation 2011-2012
OS version: 6.3.9200 Windows 8.1 x64
Account is Administrative
Internet Explorer version: 11.0.9600.18053
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.796000 GHz
Memory total: 6248751104, free: 3371937792
Downloaded database version: v2015.11.15.04
Downloaded database version: v2015.11.14.01
Downloaded database version: v2015.11.13.01
=======================================
Initializing...
Driver version: 0.3.0.4
------------ Kernel report ------------
11/15/2015 21:12:31
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\excsd.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\iaStorA.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wfplwfs.sys
\SystemRoot\system32\DRIVERS\aswNdisFlt.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\ngvss.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\aswVmm.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\aswSnx.sys
\SystemRoot\system32\DRIVERS\mwlPSDFilter.sys
\SystemRoot\system32\DRIVERS\excfs.sys
\SystemRoot\system32\drivers\aswSP.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\drivers\aswKbd.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\aswRdr2.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys
\SystemRoot\system32\DRIVERS\mwlPSDNServ.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\System32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\HECIx64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\k57nd60a.sys
\SystemRoot\system32\DRIVERS\athw8x.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\system32\DRIVERS\RtsPStor.sys
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\System32\drivers\aPs2Kb2Hid.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\??\C:\Windows\system32\drivers\UBHelper.sys
\??\C:\Windows\system32\drivers\NTIDrvr.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\irstrtdv.sys
\SystemRoot\System32\drivers\serscan.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\iwdbus.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\system32\DRIVERS\btfilter.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\drivers\BthLEEnum.sys
\SystemRoot\System32\drivers\rfcomm.sys
\SystemRoot\System32\drivers\BthEnum.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\bthpan.sys
\SystemRoot\System32\drivers\btath_rcp.sys
\SystemRoot\System32\drivers\btath_hcrp.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\aswMonFlt.sys
\??\C:\WINDOWS\system32\drivers\mbam.sys
\SystemRoot\system32\drivers\aswStm.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\aswHwid.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Done!
Scan started
Database versions:
main: v2015.11.15.04
rootkit: v2015.11.14.01
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffe001d3b43060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffe001d3b43b20, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe001d3b42060, DeviceName: \Device\excsd0\, DriverName: \Driver\excsd\
DevicePointer: 0xffffe001d3b43060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffe001d17e6060, DeviceName: \Device\0000002f\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\excsd0\, DriverName: \Driver\excsd\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
File "C:\Windows\System32\drivers\1394ohci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\1394ohci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpipmi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpipmi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\AGP440.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\AGP440.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\amdk8.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\amdk8.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\amdppm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\amdppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\atapi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atapi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\ataport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ataport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BasicDisplay.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BasicDisplay.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BasicRender.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BasicRender.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\battc.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\battc.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BtaMPM.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BtaMPM.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BthAvrcpTg.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BthAvrcpTg.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthhfenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthhfenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BthhfHid.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BthhfHid.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BthLEEnum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BthLEEnum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthmodem.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthmodem.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthpan.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthpan.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BTHUSB.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BTHUSB.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\cdrom.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\cdrom.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\circlass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\circlass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hdaudbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hdaudbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidbatt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidbatt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidbth.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidbth.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidclass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidi2c.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidi2c.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidparse.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidparse.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidusb.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidusb.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\intelpep.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\intelpep.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\intelppm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\intelppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\msgpiowin32.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\msgpiowin32.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\msisadrv.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\msisadrv.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\msiscsi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\msiscsi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\npsvctrig.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\npsvctrig.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\rdpbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\rdpbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\rfcomm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\rfcomm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sbp2port.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sbp2port.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sdstor.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sdstor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\serenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\serenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\serial.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\serial.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sfloppy.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sfloppy.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\spaceport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\spaceport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\stornvme.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\stornvme.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\umpass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\umpass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBAUDIO.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\USBAUDIO.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbccgp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbccgp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbcir.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbcir.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbd.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbd.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbehci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbehci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbhub.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbhub.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBHUB3.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\USBHUB3.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbohci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbohci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\CmBatt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\CmBatt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\CompositeBus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\CompositeBus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\disk.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\disk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\drmk.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\drmk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\drmkaud.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\drmkaud.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\fdc.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\fdc.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\flpydisk.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\flpydisk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\fxppm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\fxppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\isapnp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\isapnp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\kdnic.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\kdnic.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\monitor.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\monitor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mssmbios.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mssmbios.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\MTConfig.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\MTConfig.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\parport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\parport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pciide.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pciide.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pciidex.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pciidex.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pcmcia.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pcmcia.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\portcls.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\portcls.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\processr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\processr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\swenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\swenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\terminpt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\terminpt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\tpm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\tpm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\TsUsbGD.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\TsUsbGD.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\uaspstor.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\uaspstor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\UCX01000.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\UCX01000.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\uefi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\uefi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\umbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\umbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\volmgr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\volmgr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\volsnap.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\volsnap.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbprint.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbprint.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBSTOR.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\USBSTOR.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbuhci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbuhci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbvideo.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbvideo.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBXHCI.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\USBXHCI.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\vdrvroot.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\vdrvroot.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\vhdmp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\vhdmp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\vwifibus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\vwifibus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\wacompen.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\wacompen.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\winusb.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\winusb.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\wmiacpi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\wmiacpi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\WSDPrint.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\WSDPrint.sys" is compressed (flags = 1)
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: FBC51D97
GPT Protective MBR Partition information:
Partition 0 type is EFI-GPT (0xee)
Partition is NOT ACTIVE.
Partition starts at LBA: 1 Numsec = 4294967295
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
GPT Partition information:
GPT Header Signature 4546492050415254
GPT Header Revision 65536 Size 92 CRC 2467484061
GPT Header CurrentLba = 1 BackupLba 976773167
GPT Header FirstUsableLba 34 LastUsableLba 976773134
GPT Header Guid 38b60e89-c69b-4629-8b69-8afa824ae0d8
GPT Header Contains 128 partition entries starting at LBA 2
GPT Header Partition entry size = 128
Backup GPT header Signature 4546492050415254
Backup GPT header Revision 65536 Size 92 CRC 2467484061
Backup GPT header CurrentLba = 976773167 BackupLba 1
Backup GPT header FirstUsableLba 34 LastUsableLba 976773134
Backup GPT header Guid 38b60e89-c69b-4629-8b69-8afa824ae0d8
Backup GPT header Contains 128 partition entries starting at LBA 976773135
Backup GPT header Partition entry size = 128
Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID 27ce7c05-5f8e-4218-acf3-f9c6dc13fad1
FirstLBA 2048 Last LBA 821247
Attributes 1
Partition Name Basic data partition
Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
Partition ID 2c934baf-85c6-4739-923e-6359ed364c66
FirstLBA 821248 Last LBA 1435647
Attributes 0
Partition Name EFI system partition
GPT Partition 1 is bootable
Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae
Partition ID 51c5c6c5-30c6-4afc-9b18-87d82a7e2b79
FirstLBA 1435648 Last LBA 1697791
Attributes 0
Partition Name Microsoft reserved partition
Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID 1029e176-9844-465c-9cef-3377c84efa94
FirstLBA 1697792 Last LBA 938305535
Attributes 0
Partition Name Basic data partition
Partition 4 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID 8cbd222d-5ccd-485e-a784-457d8fccf2d
FirstLBA 938305536 Last LBA 939022335
Attributes 1
Partition Name
Partition 5 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID 2d2f00f8-d763-496f-9c52-b52ca6a4e9c6
FirstLBA 939022336 Last LBA 976773119
Attributes 1
Partition Name Basic data partition
Disk Size: 500107862016 bytes
Sector size: 512 bytes
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffe001d3b41060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffe001d3b41b20, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe001d3b42890, DeviceName: \Device\excsd1\, DriverName: \Driver\excsd\
DevicePointer: 0xffffe001d3b41060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xffffe001d21df060, DeviceName: \Device\00000030\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\excsd1\, DriverName: \Driver\excsd\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 2EAC232B
GPT Protective MBR Partition information:
Partition 0 type is EFI-GPT (0xee)
Partition is NOT ACTIVE.
Partition starts at LBA: 1 Numsec = 4294967295
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
GPT Partition information:
GPT Header Signature 4546492050415254
GPT Header Revision 65536 Size 92 CRC 2385484839
GPT Header CurrentLba = 1 BackupLba 39091247
GPT Header FirstUsableLba 34 LastUsableLba 39091214
GPT Header Guid 1d5992d8-7a48-491c-b579-45b1dd646fa
GPT Header Contains 128 partition entries starting at LBA 2
GPT Header Partition entry size = 128
Backup GPT header Signature 4546492050415254
Backup GPT header Revision 65536 Size 92 CRC 2385484839
Backup GPT header CurrentLba = 39091247 BackupLba 1
Backup GPT header FirstUsableLba 34 LastUsableLba 39091214
Backup GPT header Guid 1d5992d8-7a48-491c-b579-45b1dd646fa
Backup GPT header Contains 128 partition entries starting at LBA 39091215
Backup GPT header Partition entry size = 128
Partition 0 Type b8cb5058-c187-4719-baf0-379ca2d4c97e
Partition ID 4613ee39-4727-4347-8134-173f59f716f
FirstLBA 7839744 Last LBA 39090175
Attributes 0
Partition Name HFS
Partition 1 Type d3bfe2de-3daf-11df-ba40-e3a556d89593
Partition ID 7c573b5c-2d02-4bb1-a8ce-5865a86b2047
FirstLBA 2048 Last LBA 7837695
Attributes 0
Partition Name Basic data partition
Disk Size: 20014718976 bytes
Sector size: 512 bytes
Done!
File "C:\Windows\System32\drivers\1394ohci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\flpydisk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\isapnp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpipmi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\amdk8.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BthhfHid.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\AGP440.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\rfcomm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sdstor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BASICRENDER.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\amdppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\atapi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BASICDISPLAY.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pciide.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BTHAVRCPTG.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BTHHFENUM.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BTHLEENUM.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthmodem.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthpan.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BTHUSB.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\cdrom.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\circlass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\CmBatt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\COMPOSITEBUS.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\monitor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\serial.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\disk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\drmkaud.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\umpass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\EHSTORTCGDRV.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\parport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\fdc.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\fxppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hdaudbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidbatt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidbth.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\winusb.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidi2c.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidusb.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\intelpep.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\intelppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\msiscsi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\volmgr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pcmcia.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\UCX01000.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\MSGPIOWIN32.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\msisadrv.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mssmbios.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\MTConfig.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbhub.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\NPSVCTRIG.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbehci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbohci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbuhci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBXHCI.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\processr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\rdpbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\uaspstor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sbp2port.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\serenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sfloppy.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\SPACEPORT.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\stornvme.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\swenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\tpm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\terminpt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\vdrvroot.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\TsUsbGD.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\uefi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\umbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBAUDIO.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbvideo.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbccgp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbcir.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBHUB3.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbprint.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBSTOR.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\vhdmp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\volsnap.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\vwifibus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\wacompen.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\wmiacpi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\WSDPrint.sys" is compressed (flags = 1)
File "C:\Windows\System32\BthHFSrv.dll" is compressed (flags = 1)
File "C:\ProgramData\AVAST Software\Avast\log\AvastSvc.log" is compressed (flags = 1)
File "C:\ProgramData\AVAST Software\Avast\log\AvastUI.log" is compressed (flags = 1)
File "C:\ProgramData\AVAST Software\Avast\log\GrimeFighter2.log" is compressed (flags = 1)
File "C:\ProgramData\AVAST Software\Avast\log\SpamEngine.log" is compressed (flags = 1)
File "C:\ProgramData\AVAST Software\Avast\log\StreamFilter.log" is compressed (flags = 1)
File "C:\Windows\System32\fsquirt.exe" is compressed (flags = 1)
File "C:\Windows\System32\iscsilog.dll" is compressed (flags = 1)
File "C:\Windows\System32\CIRCoInst.dll" is compressed (flags = 1)
File "C:\Windows\System32\WMALFXGFXDSP.dll" is compressed (flags = 1)
File "C:\Windows\System32\streamci.dll" is compressed (flags = 1)
File "C:\Windows\System32\SysFxUI.dll" is compressed (flags = 1)
File "C:\Windows\System32\WpdMtp.dll" is compressed (flags = 1)
File "C:\Windows\System32\WpdMtpUS.dll" is compressed (flags = 1)
File "C:\Windows\System32\drivers\ataport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\battc.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BtaMPM.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidparse.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbd.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\drmk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pciidex.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\portcls.sys" is compressed (flags = 1)
Scan finished
=======================================
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001
© Malwarebytes Corporation 2011-2012
OS version: 6.3.9200 Windows 8.1 x64
Account is Administrative
Internet Explorer version: 11.0.9600.18053
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.796000 GHz
Memory total: 6248751104, free: 4468744192
=======================================
Here is the FRST scan
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015
Ran by David (administrator) on DAVID (16-11-2015 05:20:05)
Running from C:\Users\David\Downloads
Loaded Profiles: David (Available Profiles: David & michael)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Nero AG) C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
(Dassault Systèmes) C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Condusiv Technologies) C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Instant Service\Sleep Memory Optimizer\FFSService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Softros Systems, Inc.) C:\Program Files\Softros Systems\Process Blocker\Process Blocker.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Flux Software LLC) C:\Users\David\AppData\Local\FluxSoftware\Flux\flux.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Theft Shield\USecuAppClient.exe
(Tweaking.com) C:\Users\David\Downloads\tweaking.com_windows_repair_aio\WR_Tray_Icon.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-10] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1212048 2012-06-07] (Realtek Semiconductor)
HKLM\...\Run: [btPreLoad] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtPreLoad.exe [64640 2013-01-28] ()
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Dolby PCEE4\pcee4.exe [508256 2012-04-23] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6133520 2015-11-15] (AVAST Software)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [brStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer\Run: [btvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-01-28] (Qualcomm Atheros Commnucations)
HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\...\Run: [Google Update] => C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-09-01] (Google Inc.)
HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\...\Run: [MusicManager] => C:\Users\David\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7646208 2015-08-13] (Google Inc.)
HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\...\Run: [Amazon Cloud Player] => C:\Users\David\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3168576 2014-03-07] ()
HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\...\Run: [spotify Web Helper] => C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-04-11] (Spotify Ltd)
HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\...\Run: [MotoCast] => C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk [2075 2014-04-21] ()
HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\...\Run: [f.lux] => C:\Users\David\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8551848 2015-10-19] (Piriform Ltd)
HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\...\Run: [spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\...\Run: [spybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\...\Run: [GoogleChromeAutoLaunch_9A83AADA066CCEA6F8C613E0AB5C7E19] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [811848 2015-10-20] (Google Inc.)
HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\...\MountPoints2: E - "E:\VZW_Software_upgrade_assistant.exe"
HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\...\MountPoints2: {62ca4f68-a049-11e2-be73-20898462377a} - "E:\MotoCastSetup.exe" -a
HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\...\MountPoints2: {77dff56d-862b-11e3-be8e-b8763f43915e} - "E:\LaunchU3.exe" -a
HKLM\...\AppCertDlls: [ProcessBlocker] -> C:\Program Files\Softros Systems\Process Blocker\HelperLib.dll [114176 2014-10-03] (Softros Systems, inc.)
HKLM\...\AppCertDlls: [ProcessBlocker86] -> C:\Program Files\Softros Systems\Process Blocker\HelperLib86.dll [95744 2014-10-03] (Softros Systems, inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-10-01] (AVAST Software)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer Backup Manager Tray.lnk [2012-11-29]
ShortcutTarget: Acer Backup Manager Tray.lnk -> C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D6FC2674-A71D-470B-8A1A-E22E2BB35085}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{DF8C11EA-9480-4BDC-950E-C0C7926C7045}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.yahoo.com/?fr=hp-avast&type=agc511
SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1808542954-3622220976-1516702403-1001 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1808542954-3622220976-1516702403-1001 -> {8E6E6660-5E98-4549-ADC1-C49F462B0BC1} URL =
SearchScopes: HKU\S-1-5-21-1808542954-3622220976-1516702403-1001 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-10-12] (Oracle Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll [2013-01-28] (Qualcomm Atheros Commnucations)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-10-01] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-10-12] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-10-12] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-10-01] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-10-12] (Oracle Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
FireFox:
========
FF ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\6rbqyyt2.default
FF SearchEngineOrder.1: default-search.net
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-13] ()
FF Plugin: @java.com/DTPlugin,version=11.60.2 -&

Share this post


Link to post
Share on other sites

Can you try to post those logs again (FRST.txt & Addition.txt), afraid they were cut off?

Edited by Juliet
typo

Share this post


Link to post
Share on other sites

Running from C:\Users\David\Downloads

 

It's best we move Farbar's to desktop.

 

Please go to your downloads folder, locate Farbar Recovery Scan Tool, right click and select CUT

Go to an open spot on your desktop, right click and select PASTE

You should now have Farbar Recovery Scan Tool on your desktop.

 

 

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:

To do this highlight the contents of the box and right click on it and select copy.

Paste this into the open notepad. save it to the Desktop as fixlist.txt

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

 

 

FRSTfix.JPG

 

 

start

CreateRestorePoint:

CloseProcesses:

ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =

SearchScopes: HKU\S-1-5-21-1808542954-3622220976-1516702403-1001 -> {8E6E6660-5E98-4549-ADC1-C49F462B0BC1} URL =

SearchScopes: HKU\S-1-5-21-1808542954-3622220976-1516702403-1001 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL =

Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File

Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File

FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK => not found

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\ppGoogleNaClPluginChrome.dll => No File

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\pdf.dll => No File

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll => No File

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm

EmptyTemp:

End

Open FRST/FRST64 and press the > Fix < button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

~~~~~~~~~~~~~~~~`

 

thisisujrt.gif

Please download Junkware Removal Tool

or from here http://downloads.malwarebytes.org/file/jrt

to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
~~~~~~

please post

Fixlog.txt

JRT.txt

Share this post


Link to post
Share on other sites

Back again. Here are the results as requested.

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:16-11-2015
Ran by David (2015-11-16 19:06:18) Run:1
Running from C:\Users\David\Desktop
Loaded Profiles: David (Available Profiles: David & michael)
Boot Mode: Normal
==============================================
fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKU\S-1-5-21-1808542954-3622220976-1516702403-1001 -> {8E6E6660-5E98-4549-ADC1-C49F462B0BC1} URL =
SearchScopes: HKU\S-1-5-21-1808542954-3622220976-1516702403-1001 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL =
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK => not found
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll => No File
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm
EmptyTemp:
End
*****************
Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\GDriveSharedOverlay" => key removed successfully
HKCR\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => key not found.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
"HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8E6E6660-5E98-4549-ADC1-C49F462B0BC1}" => key removed successfully
HKCR\CLSID\{8E6E6660-5E98-4549-ADC1-C49F462B0BC1} => key not found.
"HKU\S-1-5-21-1808542954-3622220976-1516702403-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}" => key removed successfully
HKCR\CLSID\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value removed successfully
HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value removed successfully
HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => key not found.
HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\[email protected] => value removed successfully
C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\pdf.dll => not found.
C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll => not found.
C:\ProgramData\Reprise => ":wupeogjxldtlfudivq`qsp`26hfm" ADS removed successfully.
EmptyTemp: => 126.6 MB temporary data Removed.
The system needed a reboot.
==== End of Fixlog 19:06:44 ====

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.0 (11.12.2015)
Operating System: Windows 8.1 x64
Ran by David (Administrator) on Mon 11/16/2015 at 19:12:48.44
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 7
Successfully deleted: C:\Users\David\AppData\Local\crashrpt (Folder)
Successfully deleted: C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic (Folder)
Successfully deleted: C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam (Folder)
Successfully deleted: C:\Users\David\AppData\Roaming\datamgr (Folder)
Successfully deleted: C:\Users\David\AppData\Roaming\intermediate (Folder)
Successfully deleted: C:\Users\David\AppData\Roaming\ssync (Folder)
Successfully deleted: C:\WINDOWS\wininit.ini (File)
Deleted the following from C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\6rbqyyt2.default\prefs.js
user_pref(browser.search.order.1, default-search.net);
Registry: 1
Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_9A83AADA066CCEA6F8C613E0AB5C7E19 (Registry Value)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 11/16/2015 at 19:15:14.03
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Share this post


Link to post
Share on other sites

How's it go now?

 

Got a question, did any of this start after maybe your machine downloading and installing the latest windows updates?

Share this post


Link to post
Share on other sites

Still no printing capability.

 

I think this may trace back to an update a week ago (Oct 8-9).

Share this post


Link to post
Share on other sites

I think this may trace back to an update a week ago (Oct 8-9).

How about Nov 10-12?

 

MS15-115 -KB3097877 causing severe difficulties

look in your installed microsoft windows update and see if this installed, right click and remove it if it is or whatever the procedure is to remove one from Windows 8

 

It's just a long shot.

 

What I'd like to do is rule out malware infection.

 

There is an online scan to do, but what I fear is if anything is found, and likely will since we've run tools that have quarantine folders, we still wont be able to see or locate why you can't print

 

 

What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.

Most reliable and thorough.

The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.

This scanner can take quite a bit of time to run, depending of course how full your computer is.

 

 

 

Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

 

GzlsbnV.pngESET Online Scan

Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

  • Please download ESET Online Scan and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Double-click esetsmartinstaller_enu.exe to run the programme.
  • Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
  • Agree to the Terms of Use once more and click Start. Allow components to download.
  • Place a checkmark next to Enable detection of potentially unwanted applications.
  • Click Advanced settings. Place a checkmark next to:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Ensure Remove found threats is unchecked.
  • Click Start.
  • Wait for the scan to finish. Please be patient as this can take some time.
  • Upon completion, click esetListThreats.png. If no threats were found, skip the next two bullet points.
  • Click esetExport.png and save the file to your Desktop, naming it something such as "MyEsetScan".
  • Push the Back button.
  • Place a checkmark next to xKN1w2nv.png.pagespeed.ic.JWqIaEgZi7.png and click SzOC1p0.png.pagespeed.ce.OWDP45O6oG.png.
  • Re-enable your anti-virus software.
  • Copy the contents of the log and paste in your next reply.

Share this post


Link to post
Share on other sites

No Windows update during that time.

 

ESET Scan results:

 

C:\Users\David\Downloads\ccsetup501 (1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\David\Downloads\ccsetup501.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\David\Downloads\ccsetup502.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\David\Downloads\FLVPlayer-Chrome (1).exe NSIS/TrojanDownloader.Adload.AA trojan
C:\Users\David\Downloads\FLVPlayer-Chrome.exe NSIS/TrojanDownloader.Adload.AA trojan

Share this post


Link to post
Share on other sites

Also as I logged on this morning, but not every time, I am instructed to go to PC Settings to Activate Windows. And after doing so it says it cannot be done at this time.

Share this post


Link to post
Share on other sites

Something got in there and changed settings, what, I don't know.

 

We need to get rid of what Eset found.

 

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:

To do this highlight the contents of the box and right click on it and select copy.

Paste this into the open notepad. save it to the Desktop as fixlist.txt

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

 

start

CreateRestorePoint:

CloseProcesses:

C:\Users\David\Downloads\FLVPlayer-Chrome (1).exe

C:\Users\David\Downloads\FLVPlayer-Chrome.exe

EmptyTemp:

Hosts:

End

Open FRST/FRST64 and press the > Fix < button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Have you tried a system restore point back to before these issues came up?

 

 

check this

Press Windows Key + C or swipe in from the right to open the charms bar, tap Settings, and tap Change PC settings. You'll see an Activate Windows option here if Windows isn't yet activated. You can also navigate to PC and devices > PC info to see whether Windows is activated.

Share this post


Link to post
Share on other sites

I tried to Activate from PC Settings but it could not.

 

How do I see the earlier Restore Points?

 

Fix result of Farbar Recovery Scan Tool (x64) Version:16-11-2015
Ran by David (2015-11-17 06:39:58) Run:2
Running from C:\Users\David\Desktop
Loaded Profiles: David (Available Profiles: David & michael)
Boot Mode: Normal
==============================================
fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
C:\Users\David\Downloads\FLVPlayer-Chrome (1).exe
C:\Users\David\Downloads\FLVPlayer-Chrome.exe
EmptyTemp:
Hosts:
End
*****************
Restore point was successfully created.
Processes closed successfully.
C:\Users\David\Downloads\FLVPlayer-Chrome (1).exe => moved successfully
C:\Users\David\Downloads\FLVPlayer-Chrome.exe => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 105.3 MB temporary data Removed.
The system needed a reboot.
==== End of Fixlog 06:40:14 ====

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×
×
  • Create New...