by_accident
2015-12-02, 01:49
My problems started with the BSoD. Just prior to BSod, I would get a message that my display driver has stopped working but has been restarted successfully...then BSOD.. I have disabled my display driver and that has prevented any more blue screens. While working on that issue, i discovered that my task manager and system restore are no longer available. ALso, windows action center is telling me to turn on windows security center. When I try to turn it on, error says that the service cant be started.
I ran TrendMicro housecall and it detected Mal_Bigtof virus. Clicked on repair, but still have issues. Tried Kaspersky, but had too many issues when trying to run it, so I uninstalled that.
My log files are split as it exceeds the sites max allowed: 12421
I could not run aswMBR scan as I was getting error "Avast Antirootkit has stopped working"
Any help you can give would be greatly appreciated.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:01-12-2015
Ran by Lou (administrator) on LOU-PC (01-12-2015 18:05:45)
Running from C:\Users\Lou\Desktop
Loaded Profiles: Lou (Available Profiles: Lou)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe
(IObit) C:\Program Files (x86)\IObit\Smart Defrag 4\SmartDefrag.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
() C:\Program Files (x86)\CardIcon\iconcs2268301.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe
() C:\Windows\SysWOW64\afasrv64.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(MSI CO.,LTD.) C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\PresentationHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6612072 2011-03-07] (Realtek Semiconductor)
HKLM\...\Run: [USBestCR] => C:\Program Files (x86)\CardIcon\iconcs2268301.exe [7373824 2015-08-16] ()
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Super-Charger] => C:\Program Files (x86)\MSI\Super-Charger\StartSuperCharger.exe [303104 2011-01-25] (TODO: <Company name>)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-10-06] (Oracle Corporation)
HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\COMODO <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\COMODO <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\COMODO <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\COMODO <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\COMODO <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\COMODO <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\COMODO <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\COMODO <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\COMODO <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\COMODO <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\COMODO <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\COMODO <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\COMODO <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\COMODO <====== ATTENTION
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <===== ATTENTION
HKU\S-1-5-21-3388803297-3879758489-340360114-1000\...\Run: [Advanced SystemCare 8] => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe [2429728 2015-04-08] (IObit)
HKU\S-1-5-21-3388803297-3879758489-340360114-1000\...\Policies\system: [DisableTaskMgr] 1
HKU\S-1-5-18\...\Run: [KSS] => "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun
BootExecute: autocheck autochk * SmartDefragBootTime.exe
GroupPolicyScripts: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{F3F01220-67D3-497D-81E7-D8217777E1F9}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll [2015-08-20] (IObit)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-07-23] (Logitech, Inc.)
BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\x64\IEExt\ie_plugin.dll [2015-12-01] (AO Kaspersky Lab)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-21] (Oracle Corporation)
Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\x64\IEExt\ie_plugin.dll [2015-12-01] (AO Kaspersky Lab)
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-21] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-01] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2015-08-31] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\FFExt\light_plugin_firefox
FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\FFExt\light_plugin_firefox [2015-12-01]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Lou\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Lou\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-16]
CHR Extension: (Google Docs) - C:\Users\Lou\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-16]
CHR Extension: (Google Drive) - C:\Users\Lou\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (YouTube) - C:\Users\Lou\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Google Cast) - C:\Users\Lou\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-11-21]
CHR Extension: (Google Search) - C:\Users\Lou\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-07]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\Lou\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2015-08-24]
CHR Extension: (Google Sheets) - C:\Users\Lou\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-16]
CHR Extension: (Google Docs Offline) - C:\Users\Lou\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-21]
CHR Extension: (AdBlock) - C:\Users\Lou\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-11-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lou\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-16]
CHR Extension: (Gmail) - C:\Users\Lou\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-16]
CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdvancedSystemCareService8; C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [821024 2015-08-05] (IObit)
R3 AfaService; C:\Windows\SysWOW64\afasrv64.exe [73728 2015-08-16] () [File not signed]
S2 AVP16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avp.exe [194000 2015-12-01] (Kaspersky Lab ZAO)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-08-19] (IObit)
R2 LPDSVC; C:\Windows\system32\lpdsvc.dll [45568 2009-07-13] (Microsoft Corporation)
R2 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-20] (Microsoft Corporation)
R2 SNMP; C:\Windows\SysWOW64\snmp.exe [47616 2010-11-20] (Microsoft Corporation)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 kss; no ImagePath
S3 vssbrigde64; no ImagePath
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-22] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [70000 2015-06-27] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [68280 2015-06-06] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [181640 2015-12-01] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [227000 2015-12-01] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [940928 2015-12-01] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [39096 2015-06-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [41144 2015-06-06] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [41352 2015-12-01] (AO Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [65208 2015-06-11] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [103096 2015-06-16] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [187056 2015-06-23] (Kaspersky Lab ZAO)
S3 npf; C:\Users\Lou\AppData\Local\Temp\HouseCall\tmase\nmap\npf\x64\npf.sys [36600 2014-08-19] (Riverbed Technology, Inc.)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [14136 2010-07-12] (MSI)
R3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [2978520 2015-11-15] (Realtek Semiconductor Corporation )
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
S3 athur; system32\DRIVERS\athurx.sys [X]
U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-12-01 18:05 - 2015-12-01 18:06 - 00019400 _____ C:\Users\Lou\Desktop\FRST.txt
2015-12-01 17:44 - 2015-12-01 17:44 - 05198336 _____ (AVAST Software) C:\Users\Lou\Desktop\aswMBR.exe
2015-12-01 17:41 - 2015-12-01 17:41 - 00262144 _____ C:\Windows\system32\config\elam
2015-12-01 17:39 - 2015-12-01 18:05 - 00000000 ____D C:\FRST
2015-12-01 17:39 - 2015-12-01 17:39 - 02350080 _____ (Farbar) C:\Users\Lou\Desktop\FRST64.exe
2015-12-01 17:38 - 2015-12-01 17:38 - 00000207 _____ C:\Windows\tweaking.com-regbackup-LOU-PC-Windows-7-Ultimate-(64-bit).dat
2015-12-01 17:37 - 2015-12-01 17:37 - 00000000 ____D C:\RegBackup
2015-12-01 17:36 - 2015-12-01 17:36 - 00016377 _____ C:\Windows\Tweaking.com - Registry Backup Setup Log.txt
2015-12-01 17:36 - 2015-12-01 17:36 - 00002246 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-12-01 17:36 - 2015-12-01 17:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-12-01 17:36 - 2015-12-01 17:36 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2015-12-01 17:35 - 2015-12-01 17:35 - 04777232 _____ (Tweaking.com) C:\Users\Lou\Downloads\tweaking.com_registry_backup_setup.exe
2015-12-01 07:52 - 2015-12-01 07:52 - 00000000 ____D C:\Windows\ELAMBKUP
2015-12-01 07:52 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2015-12-01 07:51 - 2015-12-01 08:15 - 00940928 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2015-12-01 07:51 - 2015-12-01 08:15 - 00227000 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys
2015-12-01 07:51 - 2015-12-01 08:15 - 00181640 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys
2015-12-01 07:20 - 2015-12-01 07:20 - 01897072 _____ (Kaspersky Lab) C:\Users\Lou\Downloads\kav16.0.0.614en_8368.exe
2015-11-30 22:30 - 2015-11-30 22:30 - 00000428 __RSH C:\Users\Lou\ntuser.pol
2015-11-30 22:28 - 2015-12-01 18:00 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-11-30 22:28 - 2015-12-01 17:47 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2015-11-30 22:24 - 2015-11-30 22:24 - 00717656 _____ (Kaspersky Lab) C:\Users\Lou\Downloads\setup.exe
2015-11-30 22:19 - 2015-11-30 22:19 - 00399360 _____ (Trend Micro Inc.) C:\Windows\RegBootClean64.exe
2015-11-30 22:18 - 2015-11-30 22:18 - 00381396 _____ C:\Users\Lou\AppData\Local\census.cache
2015-11-30 22:17 - 2015-11-30 22:17 - 00156399 _____ C:\Users\Lou\AppData\Local\ars.cache
2015-11-30 22:00 - 2015-11-30 22:00 - 00000036 _____ C:\Users\Lou\AppData\Local\housecall.guid.cache
2015-11-30 22:00 - 2015-05-29 02:43 - 00307352 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2015-11-30 21:59 - 2015-11-30 21:59 - 02494944 _____ (Trend Micro Inc.) C:\Users\Lou\Downloads\HousecallLauncher64.exe
2015-11-30 20:17 - 2015-11-30 20:17 - 00602112 _____ (OldTimer Tools) C:\Users\Lou\Downloads\OTL.exe
2015-11-30 20:17 - 2015-11-30 20:17 - 00602112 _____ (OldTimer Tools) C:\Users\Lou\Desktop\OTL.exe
2015-11-30 20:02 - 2015-11-30 20:02 - 01395088 _____ (Essentware) C:\Users\Lou\Downloads\Unconfirmed 144639.crdownload
2015-11-30 20:02 - 2015-11-30 20:02 - 01395088 _____ (Essentware) C:\Users\Lou\Downloads\PCKeeper Installer.exe
2015-11-30 20:02 - 2015-11-30 20:02 - 01395088 _____ (Essentware) C:\Users\Lou\Downloads\PCKeeper Installer (1).exe
2015-11-30 19:57 - 2015-12-01 17:56 - 00002896 _____ C:\Windows\System32\Tasks\Uninstaller_SkipUac_Lou
2015-11-30 19:24 - 2015-11-30 21:21 - 00000000 ____D C:\Program Files\AMD
2015-11-30 19:17 - 2015-11-30 19:20 - 300806184 _____ (AMD Inc.) C:\Users\Lou\Downloads\amd-catalyst-15.7.1-with-dotnet45-win7-64bit.exe
2015-11-30 18:42 - 2015-11-30 21:48 - 00000000 ____D C:\Windows\Minidump
2015-11-30 18:39 - 2015-12-01 17:33 - 00000000 ____H C:\ProgramData\@system.temp
2015-11-30 18:07 - 2015-12-01 17:35 - 00000000 ____D C:\Users\Lou\AppData\Roaming\BrowserMe
2015-11-30 18:07 - 2015-12-01 15:38 - 00000640 ____H C:\ProgramData\@system3.att
2015-11-30 18:07 - 2015-11-30 18:08 - 00000000 ___HD C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2015-11-30 18:07 - 2015-11-30 18:08 - 00000000 ____D C:\Users\Lou\AppData\Roaming\FF32A6D9-ACAE-42F5-AE3C-A6CAF0BDEBA9
2015-11-30 18:07 - 2015-11-30 18:07 - 00000480 ____H C:\Users\Lou\AppData\Roaming\½ž’“Ó™œ‰
2015-11-30 18:07 - 2015-11-30 18:07 - 00000254 _____ C:\Users\Lou\Documents\recover_file_iwdmcanxn.txt
2015-11-28 17:39 - 2015-11-28 17:39 - 00000000 ____D C:\Users\Lou\AppData\Local\ElevatedDiagnostics
2015-11-22 12:45 - 2015-11-22 12:45 - 00194817 _____ C:\Users\Lou\Downloads\EligibilityNotice.pdf
2015-11-15 14:55 - 2015-11-15 14:55 - 00004669 _____ C:\Users\Lou\Desktop\comcast.txt
2015-11-15 13:26 - 2015-11-15 13:26 - 00000000 ____D C:\Users\Lou\Downloads\Archer T4U_V1_141219
2015-11-15 13:02 - 2015-11-15 13:02 - 09736240 _____ (CyberGhost S.R.L. ) C:\Users\Lou\Downloads\CG_5.5.0.2_7.exe
2015-11-15 12:30 - 2015-11-15 12:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG5300 series
2015-11-15 12:29 - 2015-11-15 12:29 - 00000000 ____D C:\Windows\SysWOW64\STRING
2015-11-15 12:26 - 2015-11-15 12:26 - 24632480 _____ C:\Users\Lou\Downloads\mast-win-mg5300-1_1-ucd.exe
2015-11-15 10:11 - 2015-11-15 10:11 - 82821120 _____ C:\Windows\system32\config\software.iodefrag.bak
2015-11-15 10:11 - 2015-11-15 10:11 - 00225280 _____ C:\Windows\system32\config\default.iodefrag.bak
2015-11-15 10:11 - 2015-11-15 10:11 - 00024576 _____ C:\Windows\system32\config\security.iodefrag.bak
2015-11-15 10:11 - 2015-11-15 10:11 - 00024576 _____ C:\Windows\system32\config\sam.iodefrag.bak
2015-11-15 10:10 - 2015-11-15 10:10 - 50606080 _____ C:\Windows\system32\config\components.iodefrag.bak
2015-11-15 10:10 - 2015-11-15 10:10 - 00000000 ____H C:\asc_rdflag
2015-11-14 21:37 - 2015-11-14 21:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server
2015-11-14 20:56 - 2015-11-14 20:56 - 00000000 ____D C:\Users\Lou\Downloads\NETGEAR
2015-11-14 12:30 - 2015-11-14 12:31 - 170221752 _____ C:\Users\Lou\Downloads\Letters From The Labrinth + Digital Booklet.zip
2015-11-14 11:06 - 2015-10-20 10:00 - 14292992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-11-14 11:06 - 2015-10-20 08:53 - 19283456 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-11-14 11:05 - 2015-10-20 13:42 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-11-14 11:05 - 2015-10-20 13:42 - 02608128 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-11-14 11:05 - 2015-10-20 13:42 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-11-14 11:05 - 2015-10-20 13:42 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-11-14 11:05 - 2015-10-20 13:42 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-11-14 11:05 - 2015-10-20 13:42 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-11-14 11:05 - 2015-10-20 13:42 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-11-14 11:05 - 2015-10-20 13:41 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-11-14 11:05 - 2015-10-20 13:41 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-11-14 11:05 - 2015-10-20 13:41 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-11-14 11:05 - 2015-10-20 13:41 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-11-14 11:05 - 2015-10-20 12:46 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-11-14 11:05 - 2015-10-20 12:46 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-11-14 11:05 - 2015-10-20 12:46 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-11-14 11:05 - 2015-10-20 12:46 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-11-14 11:05 - 2015-10-20 12:45 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-11-14 11:05 - 2015-10-20 10:01 - 01763328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-11-14 11:05 - 2015-10-20 10:01 - 00525824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-11-14 11:05 - 2015-10-20 10:00 - 13775360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-11-14 11:05 - 2015-10-20 10:00 - 02866176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-11-14 11:05 - 2015-10-20 10:00 - 02056704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-11-14 11:05 - 2015-10-20 10:00 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-11-14 11:05 - 2015-10-20 10:00 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-11-14 11:05 - 2015-10-20 10:00 - 00715776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-11-14 11:05 - 2015-10-20 10:00 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-11-14 11:05 - 2015-10-20 10:00 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-11-14 11:05 - 2015-10-20 10:00 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-11-14 11:05 - 2015-10-20 10:00 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-11-14 11:05 - 2015-10-20 10:00 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-11-14 11:05 - 2015-10-20 10:00 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-11-14 11:05 - 2015-10-20 10:00 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2015-11-14 11:05 - 2015-10-20 10:00 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-11-14 11:05 - 2015-10-20 10:00 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-11-14 11:05 - 2015-10-20 10:00 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-11-14 11:05 - 2015-10-20 10:00 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-11-14 11:05 - 2015-10-20 08:54 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-11-14 11:05 - 2015-10-20 08:54 - 01409024 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-11-14 11:05 - 2015-10-20 08:54 - 00603648 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-11-14 11:05 - 2015-10-20 08:54 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-11-14 11:05 - 2015-10-20 08:53 - 15416320 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-11-14 11:05 - 2015-10-20 08:53 - 03960832 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-11-14 11:05 - 2015-10-20 08:53 - 02657280 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-11-14 11:05 - 2015-10-20 08:53 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-11-14 11:05 - 2015-10-20 08:53 - 00857600 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-11-14 11:05 - 2015-10-20 08:53 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-11-14 11:05 - 2015-10-20 08:53 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-11-14 11:05 - 2015-10-20 08:53 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-11-14 11:05 - 2015-10-20 08:53 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-11-14 11:05 - 2015-10-20 08:53 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-11-14 11:05 - 2015-10-20 08:53 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-11-14 11:05 - 2015-10-20 08:53 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-11-14 11:05 - 2015-10-20 08:53 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-11-14 11:05 - 2015-10-20 08:53 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-11-14 11:05 - 2015-10-20 08:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-11-14 11:05 - 2015-10-20 08:53 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-11-14 11:05 - 2015-10-19 20:12 - 05570496 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-11-14 11:05 - 2015-10-19 20:05 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-14 11:05 - 2015-10-19 19:52 - 03991488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-11-14 11:05 - 2015-10-19 19:52 - 03935680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-11-14 11:05 - 2015-10-15 14:12 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-11-14 11:05 - 2015-10-15 14:04 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-11-14 11:05 - 2015-10-15 13:39 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-11-14 11:05 - 2015-10-15 13:36 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-11-14 11:05 - 2015-10-15 13:11 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-11-14 11:05 - 2015-10-15 13:11 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2015-11-14 11:04 - 2015-11-03 12:55 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-11-14 11:04 - 2015-10-29 12:50 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-11-14 11:04 - 2015-10-29 12:50 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-11-14 11:04 - 2015-10-29 12:50 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-11-14 11:04 - 2015-10-29 12:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-11-14 11:04 - 2015-10-29 12:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-11-14 11:04 - 2015-10-29 12:49 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-11-14 11:04 - 2015-10-29 12:49 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-11-14 11:04 - 2015-10-19 20:12 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-11-14 11:04 - 2015-10-19 20:12 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-11-14 11:04 - 2015-10-19 20:09 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-11-14 11:04 - 2015-10-19 20:06 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-11-14 11:04 - 2015-10-19 20:06 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-11-14 11:04 - 2015-10-19 20:06 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-11-14 11:04 - 2015-10-19 20:06 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-11-14 11:04 - 2015-10-19 20:05 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-11-14 11:04 - 2015-10-19 20:05 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-11-14 11:04 - 2015-10-19 20:05 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-11-14 11:04 - 2015-10-19 20:05 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-14 11:04 - 2015-10-19 20:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-11-14 11:04 - 2015-10-19 20:05 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-11-14 11:04 - 2015-10-19 20:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-11-14 11:04 - 2015-10-19 20:05 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-11-14 11:04 - 2015-10-19 20:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-11-14 11:04 - 2015-10-19 20:05 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-11-14 11:04 - 2015-10-19 20:05 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-11-14 11:04 - 2015-10-19 20:05 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-11-14 11:04 - 2015-10-19 20:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-11-14 11:04 - 2015-10-19 20:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-11-14 11:04 - 2015-10-19 20:05 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-11-14 11:04 - 2015-10-19 20:05 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-11-14 11:04 - 2015-10-19 20:05 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-11-14 11:04 - 2015-10-19 20:05 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-11-14 11:04 - 2015-10-19 20:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-11-14 11:04 - 2015-10-19 20:05 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-11-14 11:04 - 2015-10-19 20:04 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-11-14 11:04 - 2015-10-19 20:04 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-11-14 11:04 - 2015-10-19 20:04 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-11-14 11:04 - 2015-10-19 20:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-11-14 11:04 - 2015-10-19 19:59 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-11-14 11:04 - 2015-10-19 19:53 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-11-14 11:04 - 2015-10-19 19:53 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-11-14 11:04 - 2015-10-19 19:53 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:53 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:48 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-11-14 11:04 - 2015-10-19 19:45 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-11-14 11:04 - 2015-10-19 19:45 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-11-14 11:04 - 2015-10-19 19:45 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-11-14 11:04 - 2015-10-19 19:45 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-11-14 11:04 - 2015-10-19 19:45 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-11-14 11:04 - 2015-10-19 19:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-11-14 11:04 - 2015-10-19 19:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-11-14 11:04 - 2015-10-19 19:45 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-11-14 11:04 - 2015-10-19 19:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-11-14 11:04 - 2015-10-19 19:45 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-11-14 11:04 - 2015-10-19 19:45 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-11-14 11:04 - 2015-10-19 19:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-11-14 11:04 - 2015-10-19 19:44 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-11-14 11:04 - 2015-10-19 19:44 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-11-14 11:04 - 2015-10-19 19:44 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-11-14 11:04 - 2015-10-19 19:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-11-14 11:04 - 2015-10-19 19:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-11-14 11:04 - 2015-10-19 19:44 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-11-14 11:04 - 2015-10-19 19:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-11-14 11:04 - 2015-10-19 19:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-11-14 11:04 - 2015-10-19 19:35 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-11-14 11:04 - 2015-10-19 19:35 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-11-14 11:04 - 2015-10-19 19:35 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:35 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 18:41 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-11-14 11:04 - 2015-10-19 18:40 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-11-14 11:04 - 2015-10-19 18:40 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-11-14 11:04 - 2015-10-19 18:29 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-11-14 11:04 - 2015-10-19 18:29 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-11-14 11:04 - 2015-10-19 18:27 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 18:27 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 18:27 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 18:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-11-14 11:04 - 2015-10-13 11:41 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-11-14 11:04 - 2015-10-13 11:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-11-14 11:04 - 2015-10-12 23:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-11-14 11:04 - 2015-09-23 08:15 - 00460776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-11-14 11:04 - 2015-09-23 08:15 - 00299632 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2015-11-14 11:04 - 2015-09-23 08:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2015-11-14 10:57 - 2015-10-01 13:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-11-14 10:57 - 2015-10-01 13:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-11-14 10:57 - 2015-10-01 12:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-11-14 10:49 - 2014-10-16 09:27 - 00027424 _____ (IObit) C:\Windows\system32\RegistryDefragBootTime.exe
2015-11-14 10:35 - 2015-11-14 10:35 - 07942416 _____ (IObit ) C:\Users\Lou\Downloads\smart-defrag-setup.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-12-01 18:06 - 2015-08-16 14:35 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-01 18:06 - 2009-07-14 00:13 - 00802762 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-01 18:06 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2015-12-01 18:05 - 2009-07-13 23:45 - 00014544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-01 18:05 - 2009-07-13 23:45 - 00014544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-01 18:05 - 2009-07-13 22:20 - 00000000 ____D C:\Windows
2015-12-01 18:00 - 2015-08-16 14:35 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-01 17:59 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-01 14:46 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2015-12-01 08:15 - 2015-06-08 19:43 - 00041352 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klpd.sys
2015-12-01 08:01 - 2015-08-16 14:35 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-01 08:00 - 2015-08-16 14:35 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-01 07:47 - 2015-08-16 14:30 - 00109296 _____ C:\Users\Lou\AppData\Local\GDIPFONTCACHEV1.DAT
2015-12-01 07:47 - 2009-07-13 23:45 - 00415096 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-01 07:27 - 2015-08-16 20:59 - 00000000 ____D C:\ProgramData\Panda Security
2015-12-01 07:27 - 2015-08-16 20:59 - 00000000 ____D C:\Program Files (x86)\Panda Security
2015-12-01 07:26 - 2015-08-16 21:00 - 00000000 ____D C:\Users\Lou\AppData\Roaming\Panda Security
2015-11-30 22:30 - 2015-08-16 16:47 - 00000000 ____D C:\Users\Lou
2015-11-30 19:24 - 2015-08-16 14:26 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2015-11-30 19:22 - 2012-06-28 18:39 - 00000000 ____D C:\AMD
2015-11-30 18:40 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\LiveKernelReports
2015-11-30 18:36 - 2015-08-19 22:09 - 00000000 ____D C:\ProgramData\ProductData
2015-11-30 18:07 - 2015-08-14 21:14 - 00000000 ___HD C:\$SysReset
2015-11-30 18:07 - 2015-08-02 14:20 - 00000000 ____D C:\81e9708521e86f94a234
2015-11-30 18:07 - 2011-07-16 11:27 - 00000000 ____D C:\4b318d7c3ab90976e725c758
2015-11-28 12:12 - 2015-08-19 21:46 - 00000000 ____D C:\Program Files\CARCare
2015-11-28 11:57 - 2012-12-28 21:56 - 00000000 ____D C:\Users\Lou\Documents\Quicken
2015-11-28 11:33 - 2009-07-13 21:34 - 00000503 _____ C:\Windows\win.ini
2015-11-28 10:37 - 2015-09-07 13:50 - 00098756 _____ C:\Users\Lou\Documents\Port_#0005 Hub_#0004
2015-11-27 18:38 - 2015-08-16 14:34 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-23 18:28 - 2015-08-16 17:19 - 00000000 ____D C:\Windows\Panther
2015-11-22 12:47 - 2015-08-16 22:21 - 00000000 ____D C:\Windows\system32\MRT
2015-11-22 12:44 - 2015-08-16 22:21 - 145617392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-11-22 12:44 - 2015-08-16 20:50 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-22 12:32 - 2015-08-16 20:54 - 00777980 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-11-22 12:30 - 2009-07-14 02:46 - 00000000 ____D C:\Program Files\Windows Journal
2015-11-21 17:23 - 2015-08-16 21:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-11-21 17:23 - 2015-08-16 21:25 - 00000000 ____D C:\ProgramData\Oracle
2015-11-21 17:23 - 2015-08-16 21:25 - 00000000 ____D C:\Program Files (x86)\Java
2015-11-21 17:17 - 2015-08-29 16:54 - 00000000 ____D C:\Users\Lou\.oracle_jre_usage
2015-11-21 17:17 - 2015-08-16 21:26 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-11-15 13:26 - 2014-08-05 18:07 - 02978520 _____ (Realtek Semiconductor Corporation ) C:\Windows\system32\Drivers\RTWlanU.sys
2015-11-15 13:26 - 2014-08-05 18:07 - 00020184 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\system32\rtlCoInst.dll
2015-11-15 13:26 - 2014-05-12 23:12 - 00008099 _____ C:\Windows\system32\rtlCoInst.dat
2015-11-15 12:59 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2015-11-15 12:41 - 2015-08-24 17:55 - 00000000 ____D C:\Program Files (x86)\Canon
2015-11-15 12:27 - 2008-09-12 19:40 - 00000000 ____D C:\Users\Lou\Desktop\Maintenance
2015-11-14 21:37 - 2015-09-09 17:38 - 00000000 ____D C:\ProgramData\Package Cache
2015-11-14 21:32 - 2015-09-09 17:39 - 00000000 ____D C:\Users\Lou\AppData\Local\Plex Media Server
2015-11-14 21:06 - 2015-08-08 12:12 - 00000000 ____D C:\temp
2015-11-14 11:15 - 2015-08-16 14:35 - 00002194 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-11-14 10:36 - 2015-08-31 18:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 4
==================== Files in the root of some directories =======
2015-11-30 18:07 - 2015-11-30 18:07 - 0000480 ____H () C:\Users\Lou\AppData\Roaming\½ž’“Ó™œ‰
2015-11-30 22:17 - 2015-11-30 22:17 - 0156399 _____ () C:\Users\Lou\AppData\Local\ars.cache
2015-11-30 22:18 - 2015-11-30 22:18 - 0381396 _____ () C:\Users\Lou\AppData\Local\census.cache
2015-11-30 22:00 - 2015-11-30 22:00 - 0000036 _____ () C:\Users\Lou\AppData\Local\housecall.guid.cache
2015-11-30 18:39 - 2015-12-01 17:33 - 0000000 ____H () C:\ProgramData\@system.temp
2015-11-30 18:07 - 2015-12-01 15:38 - 0000640 ____H () C:\ProgramData\@system3.att
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-12-01 14:39
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:01-12-2015
Ran by Lou (2015-12-01 18:06:47)
Running from C:\Users\Lou\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2015-08-16 21:47:45)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3388803297-3879758489-340360114-500 - Administrator - Disabled)
Guest (S-1-5-21-3388803297-3879758489-340360114-501 - Limited - Enabled)
Lou (S-1-5-21-3388803297-3879758489-340360114-1000 - Administrator - Enabled) => C:\Users\Lou
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Panda Free Antivirus (Enabled - Up to date) {AAF74A68-8713-CDF1-004F-30003398BE9E}
AS: Panda Free Antivirus (Enabled - Up to date) {1196AB8C-A129-C27F-3AFF-0B72481FF423}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Panda Firewall (Disabled) {92CCCB4D-CD7C-CCA9-2B10-9935CD4BF9E5}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
AnswerWorks 5.0 English Runtime (HKLM-x32\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)
ATI AVIVO64 Codecs (Version: 11.6.0.51125 - ATI Technologies Inc.) Hidden
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Canon MG5300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series) (Version: - Canon Inc.)
Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version: - )
Card Icon Program 1.7.0.0 (HKLM-x32\...\Card Icon Program_is1) (Version: - )
ccc-core-static (x32 Version: 2010.1125.2142.38865 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
Folder Size 3.4.0.0 (HKLM-x32\...\{2DFA85ED-588F-4CE3-A175-29E52C3804A8}_is1) (Version: 3.4.0.0 - MindGems, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.3.0.5 - IObit)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.17 - Oracle Corporation)
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.82 - Logitech)
Metzcal 2.5.0 (HKLM-x32\...\Metzcal 2.5.0) (Version: - )
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mp3tag v2.71 (HKLM-x32\...\Mp3tag) (Version: v2.71 - Florian Heidenreich)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Plex Media Server (HKLM-x32\...\{24f6f734-f790-479b-bd0f-38409a456508}) (Version: 0.9.1219 - Plex, Inc.)
Plex Media Server (x32 Version: 0.9.1219 - Plex, Inc.) Hidden
Quicken 2011 (HKLM-x32\...\{5FE545A1-D215-4216-9189-E7B39C9D1CC1}) (Version: 20.1.8.6 - Intuit)
Quicken 2014 (HKLM-x32\...\{0877F595-254F-45F4-991D-3F72E86B17CE}) (Version: 23.1.8.8 - Intuit)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.41.216.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6334 - Realtek Semiconductor Corp.)
Registry Help Free (HKU\S-1-5-21-3388803297-3879758489-340360114-1000\...\Registry Help Free) (Version: - )
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0 - Renesas Electronics Corporation) Hidden
ResScan (HKLM-x32\...\{105A1073-76D9-4FDB-BEE0-7979D8C034EF}) (Version: 5.4.1 - ResMed Ltd)
Smart Defrag 4 (HKLM-x32\...\Smart Defrag 4_is1) (Version: 4.3 - IObit)
Super-Charger (HKLM-x32\...\Super-Charger_is1) (Version: - MSI CO.,LTD.)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.3.1 - Tweaking.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.8.0 - Elaborate Bytes)
WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
22-11-2015 19:00:18 Windows Backup
28-11-2015 16:57:25 Windows Modules Installer
28-11-2015 17:23:47 Windows Modules Installer
28-11-2015 17:36:39 Windows Update
29-11-2015 03:00:22 Windows Update
29-11-2015 19:00:20 Windows Backup
30-11-2015 03:00:25 Windows Update
30-11-2015 17:54:30 Windows Backup
30-11-2015 20:35:07 Windows Backup
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {04029E87-9D4B-45D5-AF0C-09301D4187D8} - System32\Tasks\SmartDefrag4_Startup => C:\Program Files (x86)\IObit\Smart Defrag 4\SmartDefrag.exe [2015-10-27] (IObit)
Task: {0435853C-5A18-4396-8614-3033043D8863} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-16] (Google Inc.)
Task: {16728246-D373-4641-A5A7-00643074F654} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {601E8ED1-53B8-41A0-85B8-EE59B247B654} - System32\Tasks\ASC8_SkipUac_Lou => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe [2015-08-17] (IObit)
Task: {7E0DF8AC-BB74-47B2-8AC8-762AE2A25E68} - System32\Tasks\Uninstaller_SkipUac_Lou => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-05-20] (IObit)
Task: {82EF0E4D-A29A-4AF1-9506-2B9EA45B492E} - System32\Tasks\SmartDefrag4_Update => C:\Program Files (x86)\IObit\Smart Defrag 4\AutoUpdate.exe [2015-08-21] (IObit)
Task: {C8560D2D-10AC-4B0F-8B47-75F375B196E6} - System32\Tasks\ASC8_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe [2015-08-12] (IObit)
Task: {C91B16EB-548E-4DF3-9A3C-D651B5995000} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-05-20] (IObit)
Task: {F504DAFA-C9E9-492F-B072-87DDCC859FCB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-16] (Google Inc.)
Task: {F7AAA285-E563-418A-B73D-FBE181191639} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2015-08-16 21:45 - 2015-08-16 21:45 - 07373824 _____ () C:\Program Files (x86)\CardIcon\iconcs2268301.exe
2015-08-16 14:31 - 2015-08-16 21:45 - 00073728 _____ () C:\Windows\SysWOW64\afasrv64.exe
2015-11-14 10:36 - 2015-10-27 14:05 - 00618784 _____ () C:\Program Files (x86)\IObit\Smart Defrag 4\ProductStatistics.dll
2015-08-31 18:31 - 2013-01-15 18:47 - 00893248 _____ () C:\Program Files (x86)\IObit\Smart Defrag 4\webres.dll
2015-08-20 09:17 - 2013-01-15 17:47 - 00893248 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\webres.dll
2015-08-19 22:09 - 2013-01-15 17:48 - 00348992 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2015-08-19 22:09 - 2013-01-15 17:48 - 00183616 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2015-08-19 22:09 - 2013-01-15 17:48 - 00051008 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:BB5B0476
AlternateDataStreams: C:\Users\Lou\Local Settings:init
AlternateDataStreams: C:\Users\Lou\AppData\Local:init
AlternateDataStreams: C:\Users\Lou\AppData\Local\Application Data:init
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\S-1-5-21-3388803297-3879758489-340360114-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3388803297-3879758489-340360114-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-3388803297-3879758489-340360114-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-3388803297-3879758489-340360114-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3388803297-3879758489-340360114-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3388803297-3879758489-340360114-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3388803297-3879758489-340360114-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3388803297-3879758489-340360114-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3388803297-3879758489-340360114-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3388803297-3879758489-340360114-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3388803297-3879758489-340360114-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3388803297-3879758489-340360114-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3388803297-3879758489-340360114-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-3388803297-3879758489-340360114-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-3388803297-3879758489-340360114-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3388803297-3879758489-340360114-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-3388803297-3879758489-340360114-1000\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-3388803297-3879758489-340360114-1000\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-3388803297-3879758489-340360114-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-3388803297-3879758489-340360114-1000\...\100sexlinks.com -> 100sexlinks.com
There are 4788 more sites.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3388803297-3879758489-340360114-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Lou\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
mpsdrv => Firewall Service is not running.
MpsSvc => Firewall Service is not running.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{3AE90507-F210-4EB1-A75C-E6C380B16BD3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{0F339F85-7794-4C5F-AA63-F2C806B69F96}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
FirewallRules: [{2B17BE19-888F-40A3-8E5E-3A0A9F91BC12}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
FirewallRules: [{54FB2E3D-C329-4A0F-A0F6-1D8494664C3B}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
FirewallRules: [SNMP-In-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-Out-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-In-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-Out-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
==================== Faulty Device Manager Devices =============
Name: AMD Radeon HD 6800 Series
Description: AMD Radeon HD 6800 Series
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: ATI Technologies Inc.
Service: amdkmdap
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Could not list Devices. Check "winmgmt" service or repair WMI.
==================== Event log errors: =========================
Application errors:
==================
Error: (12/01/2015 05:57:04 PM) (Source: MsiInstaller) (EventID: 10005) (User: Lou-PC)
Description: Application: Kaspersky Anti-Virus -- Error 29000. You must close Kaspersky Anti-Virus before proceeding with the installation.
Error: (12/01/2015 05:53:59 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid
Error: (12/01/2015 05:53:59 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid
Error: (12/01/2015 05:48:13 PM) (Source: MsiInstaller) (EventID: 10005) (User: Lou-PC)
Description: Application: Kaspersky Anti-Virus -- Error 29000. You must close Kaspersky Anti-Virus before proceeding with the installation.
Error: (12/01/2015 05:28:18 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The interface is unknown
Error: (12/01/2015 05:28:17 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid
Error: (12/01/2015 07:45:58 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The interface is unknown
Error: (12/01/2015 07:45:57 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid
Error: (11/30/2015 10:22:36 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Error: (11/30/2015 10:22:36 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.
Context: Windows Application
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
System errors:
=============
Error: (12/01/2015 06:00:09 PM) (Source: SNMP) (EventID: 1500) (User: )
Description: The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.
Error: (12/01/2015 05:59:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Kaspersky Security Scan Service service failed to start due to the following error:
%%3
Error: (12/01/2015 05:59:52 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126
Error: (12/01/2015 05:59:32 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!
Error: (12/01/2015 05:55:35 PM) (Source: SNMP) (EventID: 1500) (User: )
Description: The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.
Error: (12/01/2015 05:55:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Kaspersky Security Scan Service service failed to start due to the following error:
%%3
Error: (12/01/2015 05:55:16 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126
Error: (12/01/2015 05:54:54 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!
Error: (12/01/2015 05:37:06 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5
Error: (12/01/2015 05:29:45 PM) (Source: SNMP) (EventID: 1500) (User: )
Description: The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.
CodeIntegrity:
===================================
Date: 2015-12-01 10:17:08.814
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23040_none_b5d708a5e200a8e0\appid.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-12-01 10:17:08.753
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23040_none_b5d708a5e200a8e0\appid.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-12-01 10:17:08.667
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23040_none_b5d708a5e200a8e0\appid.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-12-01 10:17:08.608
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23040_none_b5d708a5e200a8e0\appid.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-12-01 10:17:08.521
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23040_none_b5d708a5e200a8e0\appidapi.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-12-01 10:17:08.460
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23040_none_b5d708a5e200a8e0\appidapi.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-12-01 10:17:08.396
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23040_none_b5d708a5e200a8e0\appidapi.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-12-01 10:17:08.326
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23040_none_b5d708a5e200a8e0\appidapi.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-12-01 10:17:07.911
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23002_none_b60448e9e1de6bca\appid.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-12-01 10:17:07.853
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23002_none_b60448e9e1de6bca\appid.sys because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-3550 CPU @ 3.30GHz
Percentage of memory in use: 55%
Total physical RAM: 8150.38 MB
Available physical RAM: 3611.41 MB
Total Virtual: 16298.96 MB
Available Virtual: 11497.54 MB
==================== Drives ================================
Drive c: (Main Drive ) (Fixed) (Total:931.5 GB) (Free:603.3 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive l: (Backup of Maxtor) (Fixed) (Total:596.16 GB) (Free:427.38 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 661BBF3B)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: EFE7EFE7)
Partition 1: (Not Active) - (Size=596.2 GB) - (Type=OF Extended)
==================== End of Addition.txt ============================
I ran TrendMicro housecall and it detected Mal_Bigtof virus. Clicked on repair, but still have issues. Tried Kaspersky, but had too many issues when trying to run it, so I uninstalled that.
My log files are split as it exceeds the sites max allowed: 12421
I could not run aswMBR scan as I was getting error "Avast Antirootkit has stopped working"
Any help you can give would be greatly appreciated.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:01-12-2015
Ran by Lou (administrator) on LOU-PC (01-12-2015 18:05:45)
Running from C:\Users\Lou\Desktop
Loaded Profiles: Lou (Available Profiles: Lou)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe
(IObit) C:\Program Files (x86)\IObit\Smart Defrag 4\SmartDefrag.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
() C:\Program Files (x86)\CardIcon\iconcs2268301.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe
() C:\Windows\SysWOW64\afasrv64.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(MSI CO.,LTD.) C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\PresentationHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6612072 2011-03-07] (Realtek Semiconductor)
HKLM\...\Run: [USBestCR] => C:\Program Files (x86)\CardIcon\iconcs2268301.exe [7373824 2015-08-16] ()
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Super-Charger] => C:\Program Files (x86)\MSI\Super-Charger\StartSuperCharger.exe [303104 2011-01-25] (TODO: <Company name>)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-10-06] (Oracle Corporation)
HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\COMODO <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\COMODO <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\COMODO <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\COMODO <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\COMODO <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\COMODO <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\COMODO <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\COMODO <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\COMODO <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\COMODO <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\COMODO <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\COMODO <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\COMODO <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\COMODO <====== ATTENTION
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <===== ATTENTION
HKU\S-1-5-21-3388803297-3879758489-340360114-1000\...\Run: [Advanced SystemCare 8] => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe [2429728 2015-04-08] (IObit)
HKU\S-1-5-21-3388803297-3879758489-340360114-1000\...\Policies\system: [DisableTaskMgr] 1
HKU\S-1-5-18\...\Run: [KSS] => "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun
BootExecute: autocheck autochk * SmartDefragBootTime.exe
GroupPolicyScripts: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{F3F01220-67D3-497D-81E7-D8217777E1F9}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll [2015-08-20] (IObit)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-07-23] (Logitech, Inc.)
BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\x64\IEExt\ie_plugin.dll [2015-12-01] (AO Kaspersky Lab)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-21] (Oracle Corporation)
Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\x64\IEExt\ie_plugin.dll [2015-12-01] (AO Kaspersky Lab)
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-21] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-01] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2015-08-31] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\FFExt\light_plugin_firefox
FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\FFExt\light_plugin_firefox [2015-12-01]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Lou\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Lou\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-16]
CHR Extension: (Google Docs) - C:\Users\Lou\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-16]
CHR Extension: (Google Drive) - C:\Users\Lou\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (YouTube) - C:\Users\Lou\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Google Cast) - C:\Users\Lou\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-11-21]
CHR Extension: (Google Search) - C:\Users\Lou\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-07]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\Lou\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2015-08-24]
CHR Extension: (Google Sheets) - C:\Users\Lou\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-16]
CHR Extension: (Google Docs Offline) - C:\Users\Lou\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-21]
CHR Extension: (AdBlock) - C:\Users\Lou\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-11-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lou\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-16]
CHR Extension: (Gmail) - C:\Users\Lou\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-16]
CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdvancedSystemCareService8; C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [821024 2015-08-05] (IObit)
R3 AfaService; C:\Windows\SysWOW64\afasrv64.exe [73728 2015-08-16] () [File not signed]
S2 AVP16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avp.exe [194000 2015-12-01] (Kaspersky Lab ZAO)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-08-19] (IObit)
R2 LPDSVC; C:\Windows\system32\lpdsvc.dll [45568 2009-07-13] (Microsoft Corporation)
R2 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-20] (Microsoft Corporation)
R2 SNMP; C:\Windows\SysWOW64\snmp.exe [47616 2010-11-20] (Microsoft Corporation)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 kss; no ImagePath
S3 vssbrigde64; no ImagePath
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-22] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [70000 2015-06-27] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [68280 2015-06-06] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [181640 2015-12-01] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [227000 2015-12-01] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [940928 2015-12-01] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [39096 2015-06-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [41144 2015-06-06] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [41352 2015-12-01] (AO Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [65208 2015-06-11] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [103096 2015-06-16] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [187056 2015-06-23] (Kaspersky Lab ZAO)
S3 npf; C:\Users\Lou\AppData\Local\Temp\HouseCall\tmase\nmap\npf\x64\npf.sys [36600 2014-08-19] (Riverbed Technology, Inc.)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [14136 2010-07-12] (MSI)
R3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [2978520 2015-11-15] (Realtek Semiconductor Corporation )
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
S3 athur; system32\DRIVERS\athurx.sys [X]
U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-12-01 18:05 - 2015-12-01 18:06 - 00019400 _____ C:\Users\Lou\Desktop\FRST.txt
2015-12-01 17:44 - 2015-12-01 17:44 - 05198336 _____ (AVAST Software) C:\Users\Lou\Desktop\aswMBR.exe
2015-12-01 17:41 - 2015-12-01 17:41 - 00262144 _____ C:\Windows\system32\config\elam
2015-12-01 17:39 - 2015-12-01 18:05 - 00000000 ____D C:\FRST
2015-12-01 17:39 - 2015-12-01 17:39 - 02350080 _____ (Farbar) C:\Users\Lou\Desktop\FRST64.exe
2015-12-01 17:38 - 2015-12-01 17:38 - 00000207 _____ C:\Windows\tweaking.com-regbackup-LOU-PC-Windows-7-Ultimate-(64-bit).dat
2015-12-01 17:37 - 2015-12-01 17:37 - 00000000 ____D C:\RegBackup
2015-12-01 17:36 - 2015-12-01 17:36 - 00016377 _____ C:\Windows\Tweaking.com - Registry Backup Setup Log.txt
2015-12-01 17:36 - 2015-12-01 17:36 - 00002246 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-12-01 17:36 - 2015-12-01 17:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-12-01 17:36 - 2015-12-01 17:36 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2015-12-01 17:35 - 2015-12-01 17:35 - 04777232 _____ (Tweaking.com) C:\Users\Lou\Downloads\tweaking.com_registry_backup_setup.exe
2015-12-01 07:52 - 2015-12-01 07:52 - 00000000 ____D C:\Windows\ELAMBKUP
2015-12-01 07:52 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2015-12-01 07:51 - 2015-12-01 08:15 - 00940928 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2015-12-01 07:51 - 2015-12-01 08:15 - 00227000 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys
2015-12-01 07:51 - 2015-12-01 08:15 - 00181640 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys
2015-12-01 07:20 - 2015-12-01 07:20 - 01897072 _____ (Kaspersky Lab) C:\Users\Lou\Downloads\kav16.0.0.614en_8368.exe
2015-11-30 22:30 - 2015-11-30 22:30 - 00000428 __RSH C:\Users\Lou\ntuser.pol
2015-11-30 22:28 - 2015-12-01 18:00 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-11-30 22:28 - 2015-12-01 17:47 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2015-11-30 22:24 - 2015-11-30 22:24 - 00717656 _____ (Kaspersky Lab) C:\Users\Lou\Downloads\setup.exe
2015-11-30 22:19 - 2015-11-30 22:19 - 00399360 _____ (Trend Micro Inc.) C:\Windows\RegBootClean64.exe
2015-11-30 22:18 - 2015-11-30 22:18 - 00381396 _____ C:\Users\Lou\AppData\Local\census.cache
2015-11-30 22:17 - 2015-11-30 22:17 - 00156399 _____ C:\Users\Lou\AppData\Local\ars.cache
2015-11-30 22:00 - 2015-11-30 22:00 - 00000036 _____ C:\Users\Lou\AppData\Local\housecall.guid.cache
2015-11-30 22:00 - 2015-05-29 02:43 - 00307352 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2015-11-30 21:59 - 2015-11-30 21:59 - 02494944 _____ (Trend Micro Inc.) C:\Users\Lou\Downloads\HousecallLauncher64.exe
2015-11-30 20:17 - 2015-11-30 20:17 - 00602112 _____ (OldTimer Tools) C:\Users\Lou\Downloads\OTL.exe
2015-11-30 20:17 - 2015-11-30 20:17 - 00602112 _____ (OldTimer Tools) C:\Users\Lou\Desktop\OTL.exe
2015-11-30 20:02 - 2015-11-30 20:02 - 01395088 _____ (Essentware) C:\Users\Lou\Downloads\Unconfirmed 144639.crdownload
2015-11-30 20:02 - 2015-11-30 20:02 - 01395088 _____ (Essentware) C:\Users\Lou\Downloads\PCKeeper Installer.exe
2015-11-30 20:02 - 2015-11-30 20:02 - 01395088 _____ (Essentware) C:\Users\Lou\Downloads\PCKeeper Installer (1).exe
2015-11-30 19:57 - 2015-12-01 17:56 - 00002896 _____ C:\Windows\System32\Tasks\Uninstaller_SkipUac_Lou
2015-11-30 19:24 - 2015-11-30 21:21 - 00000000 ____D C:\Program Files\AMD
2015-11-30 19:17 - 2015-11-30 19:20 - 300806184 _____ (AMD Inc.) C:\Users\Lou\Downloads\amd-catalyst-15.7.1-with-dotnet45-win7-64bit.exe
2015-11-30 18:42 - 2015-11-30 21:48 - 00000000 ____D C:\Windows\Minidump
2015-11-30 18:39 - 2015-12-01 17:33 - 00000000 ____H C:\ProgramData\@system.temp
2015-11-30 18:07 - 2015-12-01 17:35 - 00000000 ____D C:\Users\Lou\AppData\Roaming\BrowserMe
2015-11-30 18:07 - 2015-12-01 15:38 - 00000640 ____H C:\ProgramData\@system3.att
2015-11-30 18:07 - 2015-11-30 18:08 - 00000000 ___HD C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2015-11-30 18:07 - 2015-11-30 18:08 - 00000000 ____D C:\Users\Lou\AppData\Roaming\FF32A6D9-ACAE-42F5-AE3C-A6CAF0BDEBA9
2015-11-30 18:07 - 2015-11-30 18:07 - 00000480 ____H C:\Users\Lou\AppData\Roaming\½ž’“Ó™œ‰
2015-11-30 18:07 - 2015-11-30 18:07 - 00000254 _____ C:\Users\Lou\Documents\recover_file_iwdmcanxn.txt
2015-11-28 17:39 - 2015-11-28 17:39 - 00000000 ____D C:\Users\Lou\AppData\Local\ElevatedDiagnostics
2015-11-22 12:45 - 2015-11-22 12:45 - 00194817 _____ C:\Users\Lou\Downloads\EligibilityNotice.pdf
2015-11-15 14:55 - 2015-11-15 14:55 - 00004669 _____ C:\Users\Lou\Desktop\comcast.txt
2015-11-15 13:26 - 2015-11-15 13:26 - 00000000 ____D C:\Users\Lou\Downloads\Archer T4U_V1_141219
2015-11-15 13:02 - 2015-11-15 13:02 - 09736240 _____ (CyberGhost S.R.L. ) C:\Users\Lou\Downloads\CG_5.5.0.2_7.exe
2015-11-15 12:30 - 2015-11-15 12:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG5300 series
2015-11-15 12:29 - 2015-11-15 12:29 - 00000000 ____D C:\Windows\SysWOW64\STRING
2015-11-15 12:26 - 2015-11-15 12:26 - 24632480 _____ C:\Users\Lou\Downloads\mast-win-mg5300-1_1-ucd.exe
2015-11-15 10:11 - 2015-11-15 10:11 - 82821120 _____ C:\Windows\system32\config\software.iodefrag.bak
2015-11-15 10:11 - 2015-11-15 10:11 - 00225280 _____ C:\Windows\system32\config\default.iodefrag.bak
2015-11-15 10:11 - 2015-11-15 10:11 - 00024576 _____ C:\Windows\system32\config\security.iodefrag.bak
2015-11-15 10:11 - 2015-11-15 10:11 - 00024576 _____ C:\Windows\system32\config\sam.iodefrag.bak
2015-11-15 10:10 - 2015-11-15 10:10 - 50606080 _____ C:\Windows\system32\config\components.iodefrag.bak
2015-11-15 10:10 - 2015-11-15 10:10 - 00000000 ____H C:\asc_rdflag
2015-11-14 21:37 - 2015-11-14 21:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server
2015-11-14 20:56 - 2015-11-14 20:56 - 00000000 ____D C:\Users\Lou\Downloads\NETGEAR
2015-11-14 12:30 - 2015-11-14 12:31 - 170221752 _____ C:\Users\Lou\Downloads\Letters From The Labrinth + Digital Booklet.zip
2015-11-14 11:06 - 2015-10-20 10:00 - 14292992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-11-14 11:06 - 2015-10-20 08:53 - 19283456 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-11-14 11:05 - 2015-10-20 13:42 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-11-14 11:05 - 2015-10-20 13:42 - 02608128 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-11-14 11:05 - 2015-10-20 13:42 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-11-14 11:05 - 2015-10-20 13:42 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-11-14 11:05 - 2015-10-20 13:42 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-11-14 11:05 - 2015-10-20 13:42 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-11-14 11:05 - 2015-10-20 13:42 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-11-14 11:05 - 2015-10-20 13:41 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-11-14 11:05 - 2015-10-20 13:41 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-11-14 11:05 - 2015-10-20 13:41 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-11-14 11:05 - 2015-10-20 13:41 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-11-14 11:05 - 2015-10-20 12:46 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-11-14 11:05 - 2015-10-20 12:46 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-11-14 11:05 - 2015-10-20 12:46 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-11-14 11:05 - 2015-10-20 12:46 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-11-14 11:05 - 2015-10-20 12:45 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-11-14 11:05 - 2015-10-20 10:01 - 01763328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-11-14 11:05 - 2015-10-20 10:01 - 00525824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-11-14 11:05 - 2015-10-20 10:00 - 13775360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-11-14 11:05 - 2015-10-20 10:00 - 02866176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-11-14 11:05 - 2015-10-20 10:00 - 02056704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-11-14 11:05 - 2015-10-20 10:00 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-11-14 11:05 - 2015-10-20 10:00 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-11-14 11:05 - 2015-10-20 10:00 - 00715776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-11-14 11:05 - 2015-10-20 10:00 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-11-14 11:05 - 2015-10-20 10:00 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-11-14 11:05 - 2015-10-20 10:00 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-11-14 11:05 - 2015-10-20 10:00 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-11-14 11:05 - 2015-10-20 10:00 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-11-14 11:05 - 2015-10-20 10:00 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-11-14 11:05 - 2015-10-20 10:00 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2015-11-14 11:05 - 2015-10-20 10:00 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-11-14 11:05 - 2015-10-20 10:00 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-11-14 11:05 - 2015-10-20 10:00 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-11-14 11:05 - 2015-10-20 10:00 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-11-14 11:05 - 2015-10-20 08:54 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-11-14 11:05 - 2015-10-20 08:54 - 01409024 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-11-14 11:05 - 2015-10-20 08:54 - 00603648 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-11-14 11:05 - 2015-10-20 08:54 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-11-14 11:05 - 2015-10-20 08:53 - 15416320 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-11-14 11:05 - 2015-10-20 08:53 - 03960832 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-11-14 11:05 - 2015-10-20 08:53 - 02657280 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-11-14 11:05 - 2015-10-20 08:53 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-11-14 11:05 - 2015-10-20 08:53 - 00857600 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-11-14 11:05 - 2015-10-20 08:53 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-11-14 11:05 - 2015-10-20 08:53 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-11-14 11:05 - 2015-10-20 08:53 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-11-14 11:05 - 2015-10-20 08:53 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-11-14 11:05 - 2015-10-20 08:53 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-11-14 11:05 - 2015-10-20 08:53 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-11-14 11:05 - 2015-10-20 08:53 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-11-14 11:05 - 2015-10-20 08:53 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-11-14 11:05 - 2015-10-20 08:53 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-11-14 11:05 - 2015-10-20 08:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-11-14 11:05 - 2015-10-20 08:53 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-11-14 11:05 - 2015-10-19 20:12 - 05570496 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-11-14 11:05 - 2015-10-19 20:05 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-14 11:05 - 2015-10-19 19:52 - 03991488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-11-14 11:05 - 2015-10-19 19:52 - 03935680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-11-14 11:05 - 2015-10-15 14:12 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-11-14 11:05 - 2015-10-15 14:04 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-11-14 11:05 - 2015-10-15 13:39 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-11-14 11:05 - 2015-10-15 13:36 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-11-14 11:05 - 2015-10-15 13:11 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-11-14 11:05 - 2015-10-15 13:11 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2015-11-14 11:04 - 2015-11-03 12:55 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-11-14 11:04 - 2015-10-29 12:50 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-11-14 11:04 - 2015-10-29 12:50 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-11-14 11:04 - 2015-10-29 12:50 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-11-14 11:04 - 2015-10-29 12:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-11-14 11:04 - 2015-10-29 12:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-11-14 11:04 - 2015-10-29 12:49 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-11-14 11:04 - 2015-10-29 12:49 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-11-14 11:04 - 2015-10-19 20:12 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-11-14 11:04 - 2015-10-19 20:12 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-11-14 11:04 - 2015-10-19 20:09 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-11-14 11:04 - 2015-10-19 20:06 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-11-14 11:04 - 2015-10-19 20:06 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-11-14 11:04 - 2015-10-19 20:06 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-11-14 11:04 - 2015-10-19 20:06 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-11-14 11:04 - 2015-10-19 20:05 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-11-14 11:04 - 2015-10-19 20:05 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-11-14 11:04 - 2015-10-19 20:05 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-11-14 11:04 - 2015-10-19 20:05 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-14 11:04 - 2015-10-19 20:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-11-14 11:04 - 2015-10-19 20:05 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-11-14 11:04 - 2015-10-19 20:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-11-14 11:04 - 2015-10-19 20:05 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-11-14 11:04 - 2015-10-19 20:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-11-14 11:04 - 2015-10-19 20:05 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-11-14 11:04 - 2015-10-19 20:05 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-11-14 11:04 - 2015-10-19 20:05 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-11-14 11:04 - 2015-10-19 20:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-11-14 11:04 - 2015-10-19 20:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-11-14 11:04 - 2015-10-19 20:05 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-11-14 11:04 - 2015-10-19 20:05 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-11-14 11:04 - 2015-10-19 20:05 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-11-14 11:04 - 2015-10-19 20:05 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-11-14 11:04 - 2015-10-19 20:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-11-14 11:04 - 2015-10-19 20:05 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-11-14 11:04 - 2015-10-19 20:04 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-11-14 11:04 - 2015-10-19 20:04 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-11-14 11:04 - 2015-10-19 20:04 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-11-14 11:04 - 2015-10-19 20:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-11-14 11:04 - 2015-10-19 19:59 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-11-14 11:04 - 2015-10-19 19:53 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-11-14 11:04 - 2015-10-19 19:53 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-11-14 11:04 - 2015-10-19 19:53 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:53 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:48 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-11-14 11:04 - 2015-10-19 19:45 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-11-14 11:04 - 2015-10-19 19:45 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-11-14 11:04 - 2015-10-19 19:45 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-11-14 11:04 - 2015-10-19 19:45 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-11-14 11:04 - 2015-10-19 19:45 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-11-14 11:04 - 2015-10-19 19:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-11-14 11:04 - 2015-10-19 19:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-11-14 11:04 - 2015-10-19 19:45 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-11-14 11:04 - 2015-10-19 19:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-11-14 11:04 - 2015-10-19 19:45 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-11-14 11:04 - 2015-10-19 19:45 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-11-14 11:04 - 2015-10-19 19:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-11-14 11:04 - 2015-10-19 19:44 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-11-14 11:04 - 2015-10-19 19:44 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-11-14 11:04 - 2015-10-19 19:44 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-11-14 11:04 - 2015-10-19 19:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-11-14 11:04 - 2015-10-19 19:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-11-14 11:04 - 2015-10-19 19:44 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-11-14 11:04 - 2015-10-19 19:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-11-14 11:04 - 2015-10-19 19:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-11-14 11:04 - 2015-10-19 19:35 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-11-14 11:04 - 2015-10-19 19:35 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-11-14 11:04 - 2015-10-19 19:35 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:35 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 18:41 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-11-14 11:04 - 2015-10-19 18:40 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-11-14 11:04 - 2015-10-19 18:40 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-11-14 11:04 - 2015-10-19 18:29 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-11-14 11:04 - 2015-10-19 18:29 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-11-14 11:04 - 2015-10-19 18:27 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 18:27 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 18:27 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 18:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-11-14 11:04 - 2015-10-13 11:41 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-11-14 11:04 - 2015-10-13 11:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-11-14 11:04 - 2015-10-12 23:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-11-14 11:04 - 2015-09-23 08:15 - 00460776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-11-14 11:04 - 2015-09-23 08:15 - 00299632 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2015-11-14 11:04 - 2015-09-23 08:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2015-11-14 10:57 - 2015-10-01 13:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-11-14 10:57 - 2015-10-01 13:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-11-14 10:57 - 2015-10-01 12:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-11-14 10:49 - 2014-10-16 09:27 - 00027424 _____ (IObit) C:\Windows\system32\RegistryDefragBootTime.exe
2015-11-14 10:35 - 2015-11-14 10:35 - 07942416 _____ (IObit ) C:\Users\Lou\Downloads\smart-defrag-setup.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-12-01 18:06 - 2015-08-16 14:35 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-01 18:06 - 2009-07-14 00:13 - 00802762 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-01 18:06 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2015-12-01 18:05 - 2009-07-13 23:45 - 00014544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-01 18:05 - 2009-07-13 23:45 - 00014544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-01 18:05 - 2009-07-13 22:20 - 00000000 ____D C:\Windows
2015-12-01 18:00 - 2015-08-16 14:35 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-01 17:59 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-01 14:46 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2015-12-01 08:15 - 2015-06-08 19:43 - 00041352 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klpd.sys
2015-12-01 08:01 - 2015-08-16 14:35 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-01 08:00 - 2015-08-16 14:35 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-01 07:47 - 2015-08-16 14:30 - 00109296 _____ C:\Users\Lou\AppData\Local\GDIPFONTCACHEV1.DAT
2015-12-01 07:47 - 2009-07-13 23:45 - 00415096 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-01 07:27 - 2015-08-16 20:59 - 00000000 ____D C:\ProgramData\Panda Security
2015-12-01 07:27 - 2015-08-16 20:59 - 00000000 ____D C:\Program Files (x86)\Panda Security
2015-12-01 07:26 - 2015-08-16 21:00 - 00000000 ____D C:\Users\Lou\AppData\Roaming\Panda Security
2015-11-30 22:30 - 2015-08-16 16:47 - 00000000 ____D C:\Users\Lou
2015-11-30 19:24 - 2015-08-16 14:26 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2015-11-30 19:22 - 2012-06-28 18:39 - 00000000 ____D C:\AMD
2015-11-30 18:40 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\LiveKernelReports
2015-11-30 18:36 - 2015-08-19 22:09 - 00000000 ____D C:\ProgramData\ProductData
2015-11-30 18:07 - 2015-08-14 21:14 - 00000000 ___HD C:\$SysReset
2015-11-30 18:07 - 2015-08-02 14:20 - 00000000 ____D C:\81e9708521e86f94a234
2015-11-30 18:07 - 2011-07-16 11:27 - 00000000 ____D C:\4b318d7c3ab90976e725c758
2015-11-28 12:12 - 2015-08-19 21:46 - 00000000 ____D C:\Program Files\CARCare
2015-11-28 11:57 - 2012-12-28 21:56 - 00000000 ____D C:\Users\Lou\Documents\Quicken
2015-11-28 11:33 - 2009-07-13 21:34 - 00000503 _____ C:\Windows\win.ini
2015-11-28 10:37 - 2015-09-07 13:50 - 00098756 _____ C:\Users\Lou\Documents\Port_#0005 Hub_#0004
2015-11-27 18:38 - 2015-08-16 14:34 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-23 18:28 - 2015-08-16 17:19 - 00000000 ____D C:\Windows\Panther
2015-11-22 12:47 - 2015-08-16 22:21 - 00000000 ____D C:\Windows\system32\MRT
2015-11-22 12:44 - 2015-08-16 22:21 - 145617392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-11-22 12:44 - 2015-08-16 20:50 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-22 12:32 - 2015-08-16 20:54 - 00777980 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-11-22 12:30 - 2009-07-14 02:46 - 00000000 ____D C:\Program Files\Windows Journal
2015-11-21 17:23 - 2015-08-16 21:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-11-21 17:23 - 2015-08-16 21:25 - 00000000 ____D C:\ProgramData\Oracle
2015-11-21 17:23 - 2015-08-16 21:25 - 00000000 ____D C:\Program Files (x86)\Java
2015-11-21 17:17 - 2015-08-29 16:54 - 00000000 ____D C:\Users\Lou\.oracle_jre_usage
2015-11-21 17:17 - 2015-08-16 21:26 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-11-15 13:26 - 2014-08-05 18:07 - 02978520 _____ (Realtek Semiconductor Corporation ) C:\Windows\system32\Drivers\RTWlanU.sys
2015-11-15 13:26 - 2014-08-05 18:07 - 00020184 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\system32\rtlCoInst.dll
2015-11-15 13:26 - 2014-05-12 23:12 - 00008099 _____ C:\Windows\system32\rtlCoInst.dat
2015-11-15 12:59 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2015-11-15 12:41 - 2015-08-24 17:55 - 00000000 ____D C:\Program Files (x86)\Canon
2015-11-15 12:27 - 2008-09-12 19:40 - 00000000 ____D C:\Users\Lou\Desktop\Maintenance
2015-11-14 21:37 - 2015-09-09 17:38 - 00000000 ____D C:\ProgramData\Package Cache
2015-11-14 21:32 - 2015-09-09 17:39 - 00000000 ____D C:\Users\Lou\AppData\Local\Plex Media Server
2015-11-14 21:06 - 2015-08-08 12:12 - 00000000 ____D C:\temp
2015-11-14 11:15 - 2015-08-16 14:35 - 00002194 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-11-14 10:36 - 2015-08-31 18:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 4
==================== Files in the root of some directories =======
2015-11-30 18:07 - 2015-11-30 18:07 - 0000480 ____H () C:\Users\Lou\AppData\Roaming\½ž’“Ó™œ‰
2015-11-30 22:17 - 2015-11-30 22:17 - 0156399 _____ () C:\Users\Lou\AppData\Local\ars.cache
2015-11-30 22:18 - 2015-11-30 22:18 - 0381396 _____ () C:\Users\Lou\AppData\Local\census.cache
2015-11-30 22:00 - 2015-11-30 22:00 - 0000036 _____ () C:\Users\Lou\AppData\Local\housecall.guid.cache
2015-11-30 18:39 - 2015-12-01 17:33 - 0000000 ____H () C:\ProgramData\@system.temp
2015-11-30 18:07 - 2015-12-01 15:38 - 0000640 ____H () C:\ProgramData\@system3.att
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-12-01 14:39
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:01-12-2015
Ran by Lou (2015-12-01 18:06:47)
Running from C:\Users\Lou\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2015-08-16 21:47:45)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3388803297-3879758489-340360114-500 - Administrator - Disabled)
Guest (S-1-5-21-3388803297-3879758489-340360114-501 - Limited - Enabled)
Lou (S-1-5-21-3388803297-3879758489-340360114-1000 - Administrator - Enabled) => C:\Users\Lou
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Panda Free Antivirus (Enabled - Up to date) {AAF74A68-8713-CDF1-004F-30003398BE9E}
AS: Panda Free Antivirus (Enabled - Up to date) {1196AB8C-A129-C27F-3AFF-0B72481FF423}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Panda Firewall (Disabled) {92CCCB4D-CD7C-CCA9-2B10-9935CD4BF9E5}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
AnswerWorks 5.0 English Runtime (HKLM-x32\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)
ATI AVIVO64 Codecs (Version: 11.6.0.51125 - ATI Technologies Inc.) Hidden
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Canon MG5300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series) (Version: - Canon Inc.)
Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version: - )
Card Icon Program 1.7.0.0 (HKLM-x32\...\Card Icon Program_is1) (Version: - )
ccc-core-static (x32 Version: 2010.1125.2142.38865 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
Folder Size 3.4.0.0 (HKLM-x32\...\{2DFA85ED-588F-4CE3-A175-29E52C3804A8}_is1) (Version: 3.4.0.0 - MindGems, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.3.0.5 - IObit)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.17 - Oracle Corporation)
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.82 - Logitech)
Metzcal 2.5.0 (HKLM-x32\...\Metzcal 2.5.0) (Version: - )
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mp3tag v2.71 (HKLM-x32\...\Mp3tag) (Version: v2.71 - Florian Heidenreich)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Plex Media Server (HKLM-x32\...\{24f6f734-f790-479b-bd0f-38409a456508}) (Version: 0.9.1219 - Plex, Inc.)
Plex Media Server (x32 Version: 0.9.1219 - Plex, Inc.) Hidden
Quicken 2011 (HKLM-x32\...\{5FE545A1-D215-4216-9189-E7B39C9D1CC1}) (Version: 20.1.8.6 - Intuit)
Quicken 2014 (HKLM-x32\...\{0877F595-254F-45F4-991D-3F72E86B17CE}) (Version: 23.1.8.8 - Intuit)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.41.216.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6334 - Realtek Semiconductor Corp.)
Registry Help Free (HKU\S-1-5-21-3388803297-3879758489-340360114-1000\...\Registry Help Free) (Version: - )
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0 - Renesas Electronics Corporation) Hidden
ResScan (HKLM-x32\...\{105A1073-76D9-4FDB-BEE0-7979D8C034EF}) (Version: 5.4.1 - ResMed Ltd)
Smart Defrag 4 (HKLM-x32\...\Smart Defrag 4_is1) (Version: 4.3 - IObit)
Super-Charger (HKLM-x32\...\Super-Charger_is1) (Version: - MSI CO.,LTD.)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.3.1 - Tweaking.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.8.0 - Elaborate Bytes)
WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
22-11-2015 19:00:18 Windows Backup
28-11-2015 16:57:25 Windows Modules Installer
28-11-2015 17:23:47 Windows Modules Installer
28-11-2015 17:36:39 Windows Update
29-11-2015 03:00:22 Windows Update
29-11-2015 19:00:20 Windows Backup
30-11-2015 03:00:25 Windows Update
30-11-2015 17:54:30 Windows Backup
30-11-2015 20:35:07 Windows Backup
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {04029E87-9D4B-45D5-AF0C-09301D4187D8} - System32\Tasks\SmartDefrag4_Startup => C:\Program Files (x86)\IObit\Smart Defrag 4\SmartDefrag.exe [2015-10-27] (IObit)
Task: {0435853C-5A18-4396-8614-3033043D8863} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-16] (Google Inc.)
Task: {16728246-D373-4641-A5A7-00643074F654} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {601E8ED1-53B8-41A0-85B8-EE59B247B654} - System32\Tasks\ASC8_SkipUac_Lou => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe [2015-08-17] (IObit)
Task: {7E0DF8AC-BB74-47B2-8AC8-762AE2A25E68} - System32\Tasks\Uninstaller_SkipUac_Lou => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-05-20] (IObit)
Task: {82EF0E4D-A29A-4AF1-9506-2B9EA45B492E} - System32\Tasks\SmartDefrag4_Update => C:\Program Files (x86)\IObit\Smart Defrag 4\AutoUpdate.exe [2015-08-21] (IObit)
Task: {C8560D2D-10AC-4B0F-8B47-75F375B196E6} - System32\Tasks\ASC8_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe [2015-08-12] (IObit)
Task: {C91B16EB-548E-4DF3-9A3C-D651B5995000} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-05-20] (IObit)
Task: {F504DAFA-C9E9-492F-B072-87DDCC859FCB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-16] (Google Inc.)
Task: {F7AAA285-E563-418A-B73D-FBE181191639} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2015-08-16 21:45 - 2015-08-16 21:45 - 07373824 _____ () C:\Program Files (x86)\CardIcon\iconcs2268301.exe
2015-08-16 14:31 - 2015-08-16 21:45 - 00073728 _____ () C:\Windows\SysWOW64\afasrv64.exe
2015-11-14 10:36 - 2015-10-27 14:05 - 00618784 _____ () C:\Program Files (x86)\IObit\Smart Defrag 4\ProductStatistics.dll
2015-08-31 18:31 - 2013-01-15 18:47 - 00893248 _____ () C:\Program Files (x86)\IObit\Smart Defrag 4\webres.dll
2015-08-20 09:17 - 2013-01-15 17:47 - 00893248 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\webres.dll
2015-08-19 22:09 - 2013-01-15 17:48 - 00348992 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2015-08-19 22:09 - 2013-01-15 17:48 - 00183616 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2015-08-19 22:09 - 2013-01-15 17:48 - 00051008 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:BB5B0476
AlternateDataStreams: C:\Users\Lou\Local Settings:init
AlternateDataStreams: C:\Users\Lou\AppData\Local:init
AlternateDataStreams: C:\Users\Lou\AppData\Local\Application Data:init
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\S-1-5-21-3388803297-3879758489-340360114-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3388803297-3879758489-340360114-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-3388803297-3879758489-340360114-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-3388803297-3879758489-340360114-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3388803297-3879758489-340360114-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3388803297-3879758489-340360114-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3388803297-3879758489-340360114-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3388803297-3879758489-340360114-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3388803297-3879758489-340360114-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3388803297-3879758489-340360114-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3388803297-3879758489-340360114-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3388803297-3879758489-340360114-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3388803297-3879758489-340360114-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-3388803297-3879758489-340360114-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-3388803297-3879758489-340360114-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3388803297-3879758489-340360114-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-3388803297-3879758489-340360114-1000\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-3388803297-3879758489-340360114-1000\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-3388803297-3879758489-340360114-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-3388803297-3879758489-340360114-1000\...\100sexlinks.com -> 100sexlinks.com
There are 4788 more sites.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3388803297-3879758489-340360114-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Lou\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
mpsdrv => Firewall Service is not running.
MpsSvc => Firewall Service is not running.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{3AE90507-F210-4EB1-A75C-E6C380B16BD3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{0F339F85-7794-4C5F-AA63-F2C806B69F96}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
FirewallRules: [{2B17BE19-888F-40A3-8E5E-3A0A9F91BC12}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
FirewallRules: [{54FB2E3D-C329-4A0F-A0F6-1D8494664C3B}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
FirewallRules: [SNMP-In-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-Out-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-In-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-Out-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
==================== Faulty Device Manager Devices =============
Name: AMD Radeon HD 6800 Series
Description: AMD Radeon HD 6800 Series
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: ATI Technologies Inc.
Service: amdkmdap
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Could not list Devices. Check "winmgmt" service or repair WMI.
==================== Event log errors: =========================
Application errors:
==================
Error: (12/01/2015 05:57:04 PM) (Source: MsiInstaller) (EventID: 10005) (User: Lou-PC)
Description: Application: Kaspersky Anti-Virus -- Error 29000. You must close Kaspersky Anti-Virus before proceeding with the installation.
Error: (12/01/2015 05:53:59 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid
Error: (12/01/2015 05:53:59 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid
Error: (12/01/2015 05:48:13 PM) (Source: MsiInstaller) (EventID: 10005) (User: Lou-PC)
Description: Application: Kaspersky Anti-Virus -- Error 29000. You must close Kaspersky Anti-Virus before proceeding with the installation.
Error: (12/01/2015 05:28:18 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The interface is unknown
Error: (12/01/2015 05:28:17 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid
Error: (12/01/2015 07:45:58 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The interface is unknown
Error: (12/01/2015 07:45:57 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid
Error: (11/30/2015 10:22:36 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Error: (11/30/2015 10:22:36 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.
Context: Windows Application
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
System errors:
=============
Error: (12/01/2015 06:00:09 PM) (Source: SNMP) (EventID: 1500) (User: )
Description: The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.
Error: (12/01/2015 05:59:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Kaspersky Security Scan Service service failed to start due to the following error:
%%3
Error: (12/01/2015 05:59:52 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126
Error: (12/01/2015 05:59:32 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!
Error: (12/01/2015 05:55:35 PM) (Source: SNMP) (EventID: 1500) (User: )
Description: The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.
Error: (12/01/2015 05:55:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Kaspersky Security Scan Service service failed to start due to the following error:
%%3
Error: (12/01/2015 05:55:16 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126
Error: (12/01/2015 05:54:54 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!
Error: (12/01/2015 05:37:06 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5
Error: (12/01/2015 05:29:45 PM) (Source: SNMP) (EventID: 1500) (User: )
Description: The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.
CodeIntegrity:
===================================
Date: 2015-12-01 10:17:08.814
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23040_none_b5d708a5e200a8e0\appid.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-12-01 10:17:08.753
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23040_none_b5d708a5e200a8e0\appid.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-12-01 10:17:08.667
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23040_none_b5d708a5e200a8e0\appid.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-12-01 10:17:08.608
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23040_none_b5d708a5e200a8e0\appid.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-12-01 10:17:08.521
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23040_none_b5d708a5e200a8e0\appidapi.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-12-01 10:17:08.460
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23040_none_b5d708a5e200a8e0\appidapi.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-12-01 10:17:08.396
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23040_none_b5d708a5e200a8e0\appidapi.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-12-01 10:17:08.326
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23040_none_b5d708a5e200a8e0\appidapi.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-12-01 10:17:07.911
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23002_none_b60448e9e1de6bca\appid.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-12-01 10:17:07.853
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23002_none_b60448e9e1de6bca\appid.sys because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-3550 CPU @ 3.30GHz
Percentage of memory in use: 55%
Total physical RAM: 8150.38 MB
Available physical RAM: 3611.41 MB
Total Virtual: 16298.96 MB
Available Virtual: 11497.54 MB
==================== Drives ================================
Drive c: (Main Drive ) (Fixed) (Total:931.5 GB) (Free:603.3 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive l: (Backup of Maxtor) (Fixed) (Total:596.16 GB) (Free:427.38 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 661BBF3B)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: EFE7EFE7)
Partition 1: (Not Active) - (Size=596.2 GB) - (Type=OF Extended)
==================== End of Addition.txt ============================