Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please help me figure out what is wrong.


  • This topic is locked This topic is locked
7 replies to this topic

#1 cook2465

cook2465

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:48 AM

Posted 21 April 2016 - 05:02 PM

Per BC Advisor, I am posting this new topic:
 
I'm having a lot of issues. I cannot sign into my user account and after approx 10min it did sign me in but a message popped up in a small window over a completely black screen stating that the tablet driver was not working. Everything I attempted to do took forever because the computer I so incredibly slow and 'laggy'. I switched to my admin account and I'm having the same error message and issues. When I hit ctrl-alt-del to get to task manager a windows 10 screen shows up with the dots that circle around and it says something about preparing security options. It only did it once on both my user account and admin, now it goes straight to task manager. I dont know if this is significant but it is something I have not seen before. I'm typing this on my phone because even typing takes several minutes! I'm concerned. When I go online, Firefox continuously says it is not responding any time I type or click on anything!I'm currently trying to download my documents to my external hard drive just in case. When I signed off my user account and only was logged into my admin. everything sped up.  I am not sure why I'm having these issues with my account, although in my former thread it was stated that my computer was clean, it was he that suggested to move a bit deeper.
 
Here is my former thread with all the requested scans and logs:  http://www.bleepingcomputer.com/forums/t/611104/please-help-i-suspect-that-i-may-be-infected/page-2
 
I also noticed under my user account a couple of files that I have NO idea what they are.
 
.oracle_jre_usage   created (or date modified)  4/20/16
.ghost-ntfs-3g-00000000000000000013   created (or date modified):  6/16/15
NTUSER.DAT    created (or date modified) 4/20/16
 
There may be more lurking somewhere else, but this showed up in my user account list: This PC, Local Disk ©, Users, Mary
 
Since the last post before BC Advisor's last response, I went into my add/remove programs and deleted a bunch of Steam games and other things that took a LOT of space I no longer let my kids use this since I use it for work from my home.  I also was prompted by Avast after some of the programs were removed to Optimize, etc. which it did.  Since then I've followed the instructions that BC Adv, suggested.  Attached below are the two logs from FARBAR recovery scan.  Thank you so much for your further help!  Mary


FRST Log:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-04-2016
Ran by Cook (administrator) on COOK-PC (21-04-2016 17:24:35)
Running from C:\Users\Cook\Downloads
Loaded Profiles: Cook (Available Profiles: Cook & Mary & Kids & DefaultAppPool)
Platform: Windows 10 Pro (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Microsoft Online Services\MSOIDSVC.EXE
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Microsoft Online Services\MSOIDSVCM.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5199984 2011-06-24] (VIA)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7390608 2016-04-15] (AVAST Software)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-11-20] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595480 2016-03-20] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2872030397-1439194393-2635324163-1000\...\Run: [BingSvc] => C:\Users\Cook\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-12-23] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-2872030397-1439194393-2635324163-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2872030397-1439194393-2635324163-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2872030397-1439194393-2635324163-1000\...\Policies\Explorer: [NoInternetOpenWith] 1
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-04-15] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2016-04-17]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk [2015-10-06]
ShortcutTarget: Curse.lnk -> C:\Users\Cook\AppData\Roaming\Curse Client\Bin\Curse.exe (No File)
Startup: C:\Users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk [2015-08-10]
ShortcutTarget: Curse.lnk -> C:\Users\Cook\AppData\Roaming\Curse Client\Bin\Curse.exe (No File)
Startup: C:\Users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2015-06-17]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicyUsers\S-1-5-21-2872030397-1439194393-2635324163-1004\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2872030397-1439194393-2635324163-1003\User: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4ef9a957-96d4-4e9a-a471-bbcc4727bb65}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{c03b95c9-efb3-4b09-802d-3d7e9b7f4bf6}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-2872030397-1439194393-2635324163-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
HKU\S-1-5-21-2872030397-1439194393-2635324163-1000\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/1ewenusDefaultPack/SK2M_FRPage
SearchScopes: HKU\S-1-5-21-2872030397-1439194393-2635324163-1000 -> {75D843BE-2636-401A-9E00-6E33A46BB610} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_77\bin\ssv.dll [2016-04-17] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-04-17] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll [2016-04-17] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-04-17] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Cook\AppData\Roaming\Mozilla\Firefox\Profiles\9v23ehym.default
FF DefaultSearchEngine: Bing
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Bing
FF Homepage: hxxp://www.bing.com/
hxxps://www.registrationconnection.com/user/index.cfm?r123%5Fdomain=grand
hxxps://www.google.com/calendar/render#main_7
FF Keyword.URL: hxxp://www.bing.com/search?FORM=SK2FDF&PC=SK2F&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-07] ()
FF Plugin: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-04-17] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-04-17] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-07] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-04-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-04-17] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-02-26] (Adobe Systems Inc.)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [No File]
FF Extension: WOT - C:\Users\Cook\AppData\Roaming\Mozilla\Firefox\Profiles\9v23ehym.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2016-04-17]
FF Extension: Bing Search - C:\Users\Cook\AppData\Roaming\Mozilla\Firefox\Profiles\9v23ehym.default\Extensions\bingsearch.full@microsoft.com [2016-04-15] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-04-15]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-04-15]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2016-04-15]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-04-15]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-04-15] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [370656 2016-04-15] (AVAST Software)
S2 HFGService; C:\Windows\System32\HFGService.dll [535552 2009-12-21] (CSR, plc) [File not signed]
R2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2079520 2012-05-17] (Microsoft Corp.)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1570520 2016-02-02] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [837848 2016-02-02] (Secunia)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [36504 2015-06-22] (VIA Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-04-15] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-04-15] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-04-15] (AVAST Software)
R1 aswNetSec; C:\Windows\system32\drivers\aswNetSec.sys [536312 2016-04-15] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-04-15] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-04-15] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-04-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-04-15] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-04-15] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287528 2016-04-15] (AVAST Software)
S3 BthAudioHF; C:\Windows\System32\DRIVERS\BthAudioHF.sys [52224 2009-12-21] (CSR, plc) [File not signed]
S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [29184 2009-08-13] (CSR, plc) [File not signed]
S3 csr_a2dp; C:\Windows\System32\drivers\bthav.sys [78848 2009-12-21] (CSR, plc) [File not signed]
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2016-02-02] (Secunia)
S3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [117248 2010-11-20] (Microsoft Corporation) [File not signed]
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
U3 idsvc; no ImagePath
S3 WacHidRouter; \SystemRoot\System32\drivers\wachidrouter.sys [X]
S3 wacomrouterfilter; \SystemRoot\System32\drivers\wacomrouterfilter.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U4 wpcsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-21 17:24 - 2016-04-21 17:25 - 00014319 _____ C:\Users\Cook\Downloads\FRST.txt
2016-04-21 17:15 - 2016-04-21 17:24 - 00000000 ____D C:\FRST
2016-04-21 17:14 - 2016-04-21 17:15 - 02375680 _____ (Farbar) C:\Users\Cook\Downloads\FRST64.exe
2016-04-21 16:29 - 2016-04-21 16:29 - 00000000 ____D C:\Users\Cook\AppData\Roaming\com.ynab.YNAB4.LiveCaptive
2016-04-21 16:26 - 2016-04-21 16:26 - 00016148 _____ C:\WINDOWS\system32\COOK-PC_Cook_HistoryPrediction.bin
2016-04-20 21:28 - 2016-04-21 16:29 - 00004150 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{03A1AFC7-0512-4C94-AEDD-19F3897B64A1}
2016-04-20 20:58 - 2016-04-20 20:58 - 00016148 _____ C:\WINDOWS\system32\COOK-PC_Mary_HistoryPrediction.bin
2016-04-17 01:42 - 2016-04-17 01:43 - 31414688 _____ (TeamSpeak Systems GmbH) C:\Users\Cook\Downloads\TeamSpeak3-Client-win64-3.0.19.exe
2016-04-17 01:24 - 2016-04-20 21:34 - 00000000 ____D C:\Users\Cook\AppData\Roaming\Opera Software
2016-04-17 01:24 - 2016-04-20 21:34 - 00000000 ____D C:\Users\Cook\AppData\Local\Opera Software
2016-04-17 01:23 - 2016-04-20 21:34 - 00000000 ____D C:\Program Files (x86)\Opera
2016-04-17 01:22 - 2016-04-17 01:22 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2016-04-17 01:22 - 2016-04-17 01:22 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2016-04-17 01:21 - 2016-04-17 01:21 - 00000000 ____D C:\Users\Default\AppData\Roaming\Apple Computer
2016-04-17 01:21 - 2016-04-17 01:21 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Apple Computer
2016-04-17 01:21 - 2016-04-17 01:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2016-04-17 01:21 - 2016-04-17 01:21 - 00000000 ____D C:\Program Files (x86)\QuickTime
2016-04-17 01:20 - 2016-04-17 01:20 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2016-04-17 01:20 - 2016-04-17 01:20 - 00000000 ____D C:\Users\Default\AppData\Local\Apple
2016-04-17 01:20 - 2016-04-17 01:20 - 00000000 ____D C:\Users\Default User\AppData\Local\Apple
2016-04-17 01:20 - 2016-04-17 01:20 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-04-17 01:17 - 2016-04-17 01:31 - 00000000 ____D C:\Users\Mary\Desktop\Weekly housekeeping and cleaning tools
2016-04-17 01:14 - 2016-04-17 01:15 - 01610352 _____ (Malwarebytes) C:\Users\Cook\Downloads\JRT.exe
2016-04-17 01:14 - 2016-04-17 01:14 - 00000000 ____D C:\AdwCleaner
2016-04-17 01:13 - 2016-04-17 01:14 - 03677760 _____ C:\Users\Cook\Downloads\adwcleaner_5.111.exe
2016-04-17 01:13 - 2016-04-17 01:14 - 00448512 _____ (OldTimer Tools) C:\Users\Cook\Downloads\TFC.exe
2016-04-17 01:11 - 2016-04-17 01:11 - 04002104 _____ (Secunia) C:\Users\Cook\Downloads\PSISetup.exe
2016-04-17 01:11 - 2016-04-17 01:11 - 00001146 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2016-04-17 01:11 - 2016-04-17 01:11 - 00000000 ____D C:\Program Files (x86)\Secunia
2016-04-17 01:04 - 2016-04-17 01:04 - 00003638 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2016-04-17 01:03 - 2016-04-17 01:04 - 00001150 _____ C:\DelFix.txt
2016-04-17 01:03 - 2016-04-17 01:03 - 00000000 ____D C:\WINDOWS\ERUNT
2016-04-17 01:01 - 2016-04-17 01:22 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-04-17 01:01 - 2016-04-17 01:01 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-04-17 00:59 - 2016-04-17 00:59 - 00110144 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2016-04-17 00:59 - 2016-04-17 00:59 - 00000000 ____D C:\Program Files\Java
2016-04-17 00:54 - 2016-04-17 00:59 - 57594432 _____ (Oracle Corporation) C:\Users\Cook\Downloads\jre-8u77-windows-x64.exe
2016-04-17 00:54 - 2016-04-17 00:55 - 50796608 _____ (Oracle Corporation) C:\Users\Cook\Downloads\jre-8u77-windows-i586.exe
2016-04-15 22:51 - 2016-04-15 22:51 - 00000000 ____D C:\ProgramData\Sophos
2016-04-15 22:49 - 2016-04-15 22:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2016-04-15 22:49 - 2016-04-15 22:49 - 00000000 ____D C:\Program Files (x86)\Sophos
2016-04-15 22:48 - 2016-04-15 22:49 - 147408360 _____ (Sophos Limited) C:\Users\Cook\Downloads\Sophos Virus Removal Tool.exe
2016-04-15 17:06 - 2016-04-15 17:06 - 00000000 ____D C:\Users\Cook\AppData\LocalLow\Adobe
2016-04-15 16:49 - 2016-04-15 16:46 - 00109380 ___RT C:\Users\Cook\Documents\STEE-GPSC-Wood Plant Map
2016-04-15 16:35 - 2016-04-15 16:35 - 00398152 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2016-04-15 16:35 - 2016-04-15 16:35 - 00052184 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2016-04-15 16:25 - 2016-04-15 16:26 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Cook\Downloads\iExplore.exe
2016-04-15 09:26 - 2016-04-15 16:20 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-04-15 09:25 - 2016-04-15 09:25 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Cook\Downloads\mbar-1.09.3.1001.exe
2016-04-15 08:44 - 2016-04-15 09:25 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-04-15 08:44 - 2016-04-15 08:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-15 08:44 - 2016-04-15 08:44 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-15 08:44 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-04-15 08:44 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-04-15 08:43 - 2016-04-15 08:44 - 22851472 _____ (Malwarebytes ) C:\Users\Cook\Downloads\mbam-setup-2.2.1.1043.exe
2016-04-15 08:41 - 2016-04-15 08:41 - 00027385 _____ C:\Users\Cook\Downloads\MTB.txt
2016-04-12 22:22 - 2016-03-29 02:40 - 03587584 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-04-12 22:22 - 2016-03-29 02:40 - 01381376 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-04-12 22:22 - 2016-03-25 03:38 - 24593408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-04-12 22:22 - 2016-03-25 03:25 - 12505600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-04-12 22:22 - 2016-03-25 03:14 - 07525376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-04-12 22:22 - 2016-03-25 03:13 - 19325440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-04-12 22:22 - 2016-03-25 02:55 - 11263488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-04-12 22:22 - 2016-03-25 02:54 - 05457408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-04-12 22:22 - 2016-03-16 00:56 - 03467784 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2016-04-12 22:22 - 2016-03-16 00:56 - 01022664 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-04-12 22:22 - 2016-03-16 00:56 - 00861512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-04-12 22:22 - 2016-03-16 00:55 - 02495768 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-12 22:22 - 2016-03-16 00:55 - 01951872 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-04-12 22:22 - 2016-03-16 00:55 - 01299032 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-04-12 22:22 - 2016-03-16 00:55 - 01127024 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-04-12 22:22 - 2016-03-16 00:55 - 00601344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-04-12 22:22 - 2016-03-16 00:54 - 00595016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2016-04-12 22:22 - 2016-03-16 00:47 - 22610328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-04-12 22:22 - 2016-03-16 00:47 - 03622272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-04-12 22:22 - 2016-03-16 00:47 - 00801632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-04-12 22:22 - 2016-03-16 00:46 - 00658568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2016-04-12 22:22 - 2016-03-16 00:45 - 00140536 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
2016-04-12 22:22 - 2016-03-16 00:41 - 00607416 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-04-12 22:22 - 2016-03-16 00:41 - 00208736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-04-12 22:22 - 2016-03-16 00:39 - 00983904 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-04-12 22:22 - 2016-03-16 00:37 - 01010016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-04-12 22:22 - 2016-03-16 00:21 - 01767000 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-04-12 22:22 - 2016-03-16 00:21 - 01531888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-04-12 22:22 - 2016-03-16 00:11 - 21088728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-04-12 22:22 - 2016-03-16 00:11 - 02879024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-04-12 22:22 - 2016-03-16 00:11 - 00700256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-04-12 22:22 - 2016-03-16 00:08 - 00151552 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-04-12 22:22 - 2016-03-16 00:06 - 00181088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-04-12 22:22 - 2016-03-16 00:05 - 00539728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-04-12 22:22 - 2016-03-16 00:03 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-04-12 22:22 - 2016-03-16 00:03 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-04-12 22:22 - 2016-03-16 00:00 - 21859840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-04-12 22:22 - 2016-03-15 23:56 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
2016-04-12 22:22 - 2016-03-15 23:56 - 00194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModelShim.dll
2016-04-12 22:22 - 2016-03-15 23:55 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2016-04-12 22:22 - 2016-03-15 23:55 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2016-04-12 22:22 - 2016-03-15 23:55 - 00183296 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwbase.dll
2016-04-12 22:22 - 2016-03-15 23:55 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExtrasXmlParser.dll
2016-04-12 22:22 - 2016-03-15 23:51 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-04-12 22:22 - 2016-03-15 23:51 - 00334848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-04-12 22:22 - 2016-03-15 23:49 - 01416192 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-04-12 22:22 - 2016-03-15 23:49 - 00850432 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-04-12 22:22 - 2016-03-15 23:47 - 00856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2016-04-12 22:22 - 2016-03-15 23:47 - 00511488 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2016-04-12 22:22 - 2016-03-15 23:47 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfapigp.dll
2016-04-12 22:22 - 2016-03-15 23:46 - 00196096 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2016-04-12 22:22 - 2016-03-15 23:44 - 01016832 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-04-12 22:22 - 2016-03-15 23:43 - 00573952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.Desktop.dll
2016-04-12 22:22 - 2016-03-15 23:43 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-04-12 22:22 - 2016-03-15 23:42 - 02180608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-04-12 22:22 - 2016-03-15 23:42 - 01290240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-04-12 22:22 - 2016-03-15 23:42 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2016-04-12 22:22 - 2016-03-15 23:41 - 00950272 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-04-12 22:22 - 2016-03-15 23:40 - 00931840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2016-04-12 22:22 - 2016-03-15 23:40 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2016-04-12 22:22 - 2016-03-15 23:40 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2016-04-12 22:22 - 2016-03-15 23:40 - 00280576 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultcli.dll
2016-04-12 22:22 - 2016-03-15 23:40 - 00214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll
2016-04-12 22:22 - 2016-03-15 23:40 - 00158208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSip.dll
2016-04-12 22:22 - 2016-03-15 23:40 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBroker.dll
2016-04-12 22:22 - 2016-03-15 23:40 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2016-04-12 22:22 - 2016-03-15 23:39 - 03363328 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-04-12 22:22 - 2016-03-15 23:39 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-04-12 22:22 - 2016-03-15 23:39 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-04-12 22:22 - 2016-03-15 23:38 - 01423872 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2016-04-12 22:22 - 2016-03-15 23:37 - 01521664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-04-12 22:22 - 2016-03-15 23:37 - 00856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2016-04-12 22:22 - 2016-03-15 23:37 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2016-04-12 22:22 - 2016-03-15 23:37 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2016-04-12 22:22 - 2016-03-15 23:37 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2016-04-12 22:22 - 2016-03-15 23:37 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll
2016-04-12 22:22 - 2016-03-15 23:36 - 01205248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2016-04-12 22:22 - 2016-03-15 23:36 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2016-04-12 22:22 - 2016-03-15 23:36 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExSMime.dll
2016-04-12 22:22 - 2016-03-15 23:36 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2016-04-12 22:22 - 2016-03-15 23:36 - 00244736 _____ (Microsoft Corporation) C:\WINDOWS\system32\cemapi.dll
2016-04-12 22:22 - 2016-03-15 23:36 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2016-04-12 22:22 - 2016-03-15 23:36 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll
2016-04-12 22:22 - 2016-03-15 23:36 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2016-04-12 22:22 - 2016-03-15 23:36 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2016-04-12 22:22 - 2016-03-15 23:36 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\POSyncServices.dll
2016-04-12 22:22 - 2016-03-15 23:36 - 00068608 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenanceClient.dll
2016-04-12 22:22 - 2016-03-15 23:36 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataPlatformHelperUtil.dll
2016-04-12 22:22 - 2016-03-15 23:36 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTypeHelperUtil.dll
2016-04-12 22:22 - 2016-03-15 23:36 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataLanguageUtil.dll
2016-04-12 22:22 - 2016-03-15 23:35 - 01794560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-04-12 22:22 - 2016-03-15 23:35 - 00607744 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxApplicabilityEngine.dll
2016-04-12 22:22 - 2016-03-15 23:35 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2016-04-12 22:22 - 2016-03-15 23:35 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2016-04-12 22:22 - 2016-03-15 23:35 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2016-04-12 22:22 - 2016-03-15 23:34 - 01871872 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2016-04-12 22:22 - 2016-03-15 23:33 - 00670208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-04-12 22:22 - 2016-03-15 23:32 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2016-04-12 22:22 - 2016-03-15 23:31 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2016-04-12 22:22 - 2016-03-15 23:31 - 00172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
2016-04-12 22:22 - 2016-03-15 23:31 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExtrasXmlParser.dll
2016-04-12 22:22 - 2016-03-15 23:28 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwbase.dll
2016-04-12 22:22 - 2016-03-15 23:27 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-04-12 22:22 - 2016-03-15 23:24 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2016-04-12 22:22 - 2016-03-15 23:24 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2016-04-12 22:22 - 2016-03-15 23:24 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfapigp.dll
2016-04-12 22:22 - 2016-03-15 23:21 - 18796544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-04-12 22:22 - 2016-03-15 23:20 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-04-12 22:22 - 2016-03-15 23:18 - 00768000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-04-12 22:22 - 2016-03-15 23:18 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthBroker.dll
2016-04-12 22:22 - 2016-03-15 23:17 - 03680256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-04-12 22:22 - 2016-03-15 23:17 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2016-04-12 22:22 - 2016-03-15 23:17 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vaultcli.dll
2016-04-12 22:22 - 2016-03-15 23:17 - 00168448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll
2016-04-12 22:22 - 2016-03-15 23:17 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxSip.dll
2016-04-12 22:22 - 2016-03-15 23:17 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2016-04-12 22:22 - 2016-03-15 23:16 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-04-12 22:22 - 2016-03-15 23:14 - 00625152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2016-04-12 22:22 - 2016-03-15 23:14 - 00579584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2016-04-12 22:22 - 2016-03-15 23:14 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2016-04-12 22:22 - 2016-03-15 23:13 - 00928256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2016-04-12 22:22 - 2016-03-15 23:13 - 00525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2016-04-12 22:22 - 2016-03-15 23:13 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2016-04-12 22:22 - 2016-03-15 23:13 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2016-04-12 22:22 - 2016-03-15 23:13 - 00201216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cemapi.dll
2016-04-12 22:22 - 2016-03-15 23:13 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
2016-04-12 22:22 - 2016-03-15 23:13 - 00131072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll
2016-04-12 22:22 - 2016-03-15 23:13 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2016-04-12 22:22 - 2016-03-15 23:13 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\POSyncServices.dll
2016-04-12 22:22 - 2016-03-15 23:13 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataPlatformHelperUtil.dll
2016-04-12 22:22 - 2016-03-15 23:13 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PimIndexMaintenanceClient.dll
2016-04-12 22:22 - 2016-03-15 23:13 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTypeHelperUtil.dll
2016-04-12 22:22 - 2016-03-15 23:13 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataLanguageUtil.dll
2016-04-12 22:22 - 2016-03-15 23:12 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2016-04-12 22:22 - 2016-03-15 23:11 - 01594368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2016-04-12 22:22 - 2016-03-15 23:10 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-03-30 17:27 - 2016-03-30 17:27 - 00000000 ____D C:\Users\Cook\AppData\Local\PeerDistRepub
2016-03-30 16:35 - 2016-03-30 16:35 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\69EB23C1.sys
2016-03-23 20:00 - 2016-02-23 10:53 - 01314496 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-03-23 20:00 - 2016-02-23 10:51 - 00633184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2016-03-23 20:00 - 2016-02-23 10:51 - 00146784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2016-03-23 20:00 - 2016-02-23 10:50 - 00630160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-03-23 20:00 - 2016-02-23 10:48 - 08022368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-03-23 20:00 - 2016-02-23 10:43 - 00127840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2016-03-23 20:00 - 2016-02-23 10:41 - 01150816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-03-23 20:00 - 2016-02-23 10:41 - 00299600 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMASF.DLL
2016-03-23 20:00 - 2016-02-23 10:41 - 00078040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkscli.dll
2016-03-23 20:00 - 2016-02-23 10:40 - 00110584 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvcli.dll
2016-03-23 20:00 - 2016-02-23 10:38 - 00272752 _____ (Microsoft Corporation) C:\WINDOWS\system32\sqmapi.dll
2016-03-23 20:00 - 2016-02-23 10:36 - 00080128 _____ (Microsoft Corporation) C:\WINDOWS\system32\netapi32.dll
2016-03-23 20:00 - 2016-02-23 10:11 - 00781984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2016-03-23 20:00 - 2016-02-23 10:11 - 00658784 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-03-23 20:00 - 2016-02-23 10:11 - 00103776 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-03-23 20:00 - 2016-02-23 09:30 - 01643872 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2016-03-23 20:00 - 2016-02-23 09:25 - 01085632 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-03-23 20:00 - 2016-02-23 09:23 - 00952968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-03-23 20:00 - 2016-02-23 09:21 - 00529456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-03-23 20:00 - 2016-02-23 09:21 - 00141152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2016-03-23 20:00 - 2016-02-23 09:11 - 00249976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMASF.DLL
2016-03-23 20:00 - 2016-02-23 09:11 - 00073360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srvcli.dll
2016-03-23 20:00 - 2016-02-23 09:11 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wkscli.dll
2016-03-23 20:00 - 2016-02-23 09:09 - 00229352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sqmapi.dll
2016-03-23 20:00 - 2016-02-23 09:06 - 00069232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netapi32.dll
2016-03-23 20:00 - 2016-02-23 08:50 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-03-23 20:00 - 2016-02-23 08:50 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2016-03-23 20:00 - 2016-02-23 08:42 - 00658536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2016-03-23 20:00 - 2016-02-23 08:42 - 00467296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-03-23 20:00 - 2016-02-23 08:42 - 00078176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-03-23 20:00 - 2016-02-23 08:35 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-03-23 20:00 - 2016-02-23 08:20 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2016-03-23 20:00 - 2016-02-23 08:16 - 02237952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-03-23 20:00 - 2016-02-23 08:15 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2016-03-23 20:00 - 2016-02-23 07:59 - 00319488 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2016-03-23 20:00 - 2016-02-23 07:59 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys
2016-03-23 20:00 - 2016-02-23 07:57 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-03-23 20:00 - 2016-02-23 07:45 - 06788608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-03-23 20:00 - 2016-02-23 07:45 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serial.sys
2016-03-23 20:00 - 2016-02-23 07:42 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-03-23 20:00 - 2016-02-23 07:42 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-03-23 20:00 - 2016-02-23 07:38 - 02663424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-03-23 20:00 - 2016-02-23 07:37 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetCfgNotifyObjectHost.exe
2016-03-23 20:00 - 2016-02-23 07:36 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-03-23 20:00 - 2016-02-23 07:25 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-03-23 20:00 - 2016-02-23 07:18 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll
2016-03-23 20:00 - 2016-02-23 07:17 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
2016-03-23 20:00 - 2016-02-23 07:17 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\browcli.dll
2016-03-23 20:00 - 2016-02-23 07:14 - 00841728 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-03-23 20:00 - 2016-02-23 07:04 - 00225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2016-03-23 20:00 - 2016-02-23 07:03 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2016-03-23 20:00 - 2016-02-23 07:03 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-03-23 20:00 - 2016-02-23 06:55 - 14241792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-03-23 20:00 - 2016-02-23 06:51 - 00915456 _____ (Microsoft Corporation) C:\WINDOWS\system32\configurationclient.dll
2016-03-23 20:00 - 2016-02-23 06:51 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\scapi.dll
2016-03-23 20:00 - 2016-02-23 06:48 - 05157376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-03-23 20:00 - 2016-02-23 06:46 - 00400384 _____ (Microsoft Corporation) C:\WINDOWS\system32\sharemediacpl.dll
2016-03-23 20:00 - 2016-02-23 06:45 - 01844736 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2016-03-23 20:00 - 2016-02-23 06:45 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-03-23 20:00 - 2016-02-23 06:45 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-03-23 20:00 - 2016-02-23 06:45 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-03-23 20:00 - 2016-02-23 06:44 - 01821696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-03-23 20:00 - 2016-02-23 06:29 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\browcli.dll
2016-03-23 20:00 - 2016-02-23 06:17 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2016-03-23 20:00 - 2016-02-23 06:17 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-03-23 20:00 - 2016-02-23 06:11 - 12589056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-03-23 20:00 - 2016-02-23 06:03 - 01495040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2016-03-22 20:55 - 2016-04-15 16:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-21 17:04 - 2015-04-13 21:51 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-04-21 16:39 - 2015-08-21 22:20 - 00000000 ____D C:\Users\Mary
2016-04-21 16:28 - 2015-07-10 07:02 - 00000000 ____D C:\WINDOWS\INF
2016-04-21 16:26 - 2015-08-21 22:20 - 00000000 ____D C:\Users\Cook
2016-04-21 16:25 - 2015-07-10 08:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-21 16:23 - 2015-07-10 05:05 - 09175040 ___SH C:\WINDOWS\system32\config\BBI
2016-04-20 21:32 - 2015-04-16 09:28 - 00000000 ____D C:\Users\Cook\AppData\Local\Google
2016-04-20 21:32 - 2015-04-16 09:28 - 00000000 ____D C:\Program Files (x86)\Google
2016-04-20 21:29 - 2015-04-13 18:38 - 00000000 ____D C:\Users\Cook\AppData\Local\Popcorn Time Offical
2016-04-20 21:28 - 2015-05-16 18:11 - 00000000 ____D C:\ProgramData\Skype
2016-04-20 21:21 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-04-20 21:13 - 2009-07-14 01:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-04-20 20:20 - 2015-07-10 07:04 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-20 20:15 - 2015-05-19 08:44 - 00000000 ____D C:\Users\Cook\AppData\Roaming\Skype
2016-04-20 19:19 - 2015-09-15 08:30 - 00000000 ____D C:\Users\Mary\.oracle_jre_usage
2016-04-20 19:14 - 2015-04-10 16:16 - 00004280 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-04-17 01:22 - 2015-04-17 14:27 - 00000000 ____D C:\ProgramData\Adobe
2016-04-17 01:20 - 2015-04-26 20:12 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-04-17 01:02 - 2015-04-13 21:49 - 00000000 ____D C:\Users\Cook\AppData\Local\Adobe
2016-04-17 01:01 - 2015-04-17 22:18 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-04-17 00:59 - 2015-09-15 08:29 - 00000000 ____D C:\Users\Cook\.oracle_jre_usage
2016-04-17 00:59 - 2015-04-15 16:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-04-17 00:57 - 2015-04-15 16:51 - 00000000 ____D C:\ProgramData\Oracle
2016-04-17 00:57 - 2015-04-15 16:51 - 00000000 ____D C:\Program Files (x86)\Java
2016-04-17 00:56 - 2015-04-15 16:51 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-04-15 17:06 - 2015-04-09 20:35 - 00000000 ____D C:\Users\Cook\AppData\Roaming\Adobe
2016-04-15 16:38 - 2015-12-18 11:02 - 00003162 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1450450969
2016-04-15 16:38 - 2015-12-18 11:02 - 00001082 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-04-15 16:37 - 2015-04-09 17:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-04-15 16:36 - 2015-04-10 16:16 - 00287528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys
2016-04-15 16:35 - 2016-02-20 01:11 - 00536312 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetSec.sys
2016-04-15 16:35 - 2015-04-10 16:16 - 01070904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2016-04-15 16:35 - 2015-04-10 16:16 - 00465792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2016-04-15 16:35 - 2015-04-10 16:16 - 00166432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2016-04-15 16:35 - 2015-04-10 16:16 - 00107792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2016-04-15 16:35 - 2015-04-10 16:16 - 00103064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2016-04-15 16:35 - 2015-04-10 16:16 - 00074544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2016-04-15 16:35 - 2015-04-10 16:16 - 00037656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2016-04-15 16:35 - 2015-04-10 16:16 - 00037144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2016-04-15 16:29 - 2015-09-14 18:56 - 00000000 ____D C:\Users\Cook\AppData\Local\Packages
2016-04-15 10:39 - 2015-08-22 02:07 - 00000000 ___DC C:\WINDOWS\Panther
2016-04-15 10:34 - 2015-10-30 05:42 - 00000000 ___HD C:\$WINDOWS.~BT
2016-04-15 09:26 - 2015-04-13 17:47 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-04-13 19:31 - 2015-11-12 16:37 - 00000000 ____D C:\Users\Cook\AppData\Local\MicrosoftEdge
2016-04-13 19:14 - 2015-08-22 08:51 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-04-13 03:54 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\rescache
2016-04-13 03:31 - 2015-07-10 05:05 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-04-13 00:11 - 2015-04-09 18:57 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-04-12 23:49 - 2015-04-09 18:57 - 135176864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-04-12 23:47 - 2015-07-10 06:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-04-12 23:23 - 2015-08-22 08:50 - 00000000 ____D C:\Users\Mary\AppData\Local\Packages
2016-04-12 03:44 - 2015-08-21 22:19 - 00006812 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-12 03:33 - 2015-09-19 13:52 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-04-12 03:17 - 2015-09-16 18:02 - 00004150 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B0BBAFA2-F485-4955-8057-46F4F7BE27B2}
2016-04-10 22:22 - 2015-08-22 08:55 - 00000000 ___RD C:\Users\Mary\OneDrive
2016-04-06 14:32 - 2015-07-10 07:06 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-04-06 14:32 - 2015-07-10 07:06 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-05 15:36 - 2015-04-10 17:20 - 00091736 _____ C:\Users\Mary\AppData\Local\GDIPFONTCACHEV1.DAT
2016-04-01 07:54 - 2015-07-10 08:20 - 00344544 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-04-01 07:50 - 2015-07-10 07:04 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-04-01 07:50 - 2015-07-10 07:04 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2016-04-01 07:50 - 2015-07-10 07:04 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-04-01 07:50 - 2015-07-10 07:04 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2016-03-30 17:27 - 2015-04-11 12:21 - 00000000 ____D C:\Users\Cook\AppData\Local\ElevatedDiagnostics
2016-03-30 16:37 - 2015-08-11 14:41 - 00000000 ____D C:\Program Files\Nitro
2016-03-30 16:37 - 2015-08-11 14:40 - 00000000 ____D C:\ProgramData\Package Cache
2016-03-30 16:36 - 2015-09-14 18:59 - 00002401 _____ C:\Users\Cook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-03-30 16:36 - 2015-09-14 18:59 - 00000000 ___RD C:\Users\Cook\OneDrive

==================== Files in the root of some directories =======

2015-04-10 15:53 - 2015-04-10 15:53 - 0038425 _____ () C:\Users\Cook\AppData\Roaming\Comma Separated Values (DOS).ADR

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-04-18 17:02

==================== End of FRST.txt ============================

Addition Log:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:18-04-2016
Ran by Cook (2016-04-21 17:25:33)
Running from C:\Users\Cook\Downloads
Windows 10 Pro (X64) (2015-08-22 02:49:16)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2872030397-1439194393-2635324163-500 - Administrator - Disabled)
Cook (S-1-5-21-2872030397-1439194393-2635324163-1000 - Administrator - Enabled) => C:\Users\Cook
DefaultAccount (S-1-5-21-2872030397-1439194393-2635324163-503 - Limited - Disabled)
Guest (S-1-5-21-2872030397-1439194393-2635324163-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2872030397-1439194393-2635324163-1002 - Limited - Enabled)
Kids (S-1-5-21-2872030397-1439194393-2635324163-1004 - Limited - Enabled) => C:\Users\Kids
Mary (S-1-5-21-2872030397-1439194393-2635324163-1003 - Limited - Enabled) => C:\Users\Mary

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 21.0.0.198 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{C5815ACF-FD34-4553-8A22-C7411B7E662B}) (Version: 4.1.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.15.16 - Atheros Communications Inc.)
Avast Internet Security (HKLM-x32\...\Avast) (Version: 11.2.2261 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Crown Money Map™ Financial Software 2007 (HKLM-x32\...\Crown Money Map™ Financial Software 2007) (Version:  - Drake Software)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2867 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java 8 Update 77 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418077F0}) (Version: 8.0.770.3 - Oracle Corporation)
Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{59E4543A-D49D-4489-B445-473D763C79AF}) (Version: 2.0.672.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Online Services Sign-in Assistant (HKLM\...\{46E637E2-AC34-4B45-B5DF-D20903A3DB61}) (Version: 7.250.4303.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 45.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.0.2 (x86 en-US)) (Version: 45.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.2.5941 - Mozilla)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Platform (x32 Version: 1.36 - VIA Technologies, Inc.) Hidden
Quicken 2015 (HKLM-x32\...\{00C2D443-43D9-4550-ABEA-318288E23E57}) (Version: 24.1.8.1 - Intuit)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
SafeZone Stable 1.48.2066.98 (x32 Version: 1.48.2066.98 - Avast Software) Hidden
Secunia PSI (3.0.0.11005) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.11005 - Secunia)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.5 - Sophos Limited)
System Requirements Lab Detection (HKLM-x32\...\{78C39572-24F1-45FF-996A-04E1740CE78F}) (Version: 6.1.6.0 - Husdawg, LLC)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.47484 - TeamViewer)
The Long Dark (HKLM-x32\...\Steam App 305620) (Version:  - Hinterland Studio Inc.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.36 - VIA Technologies, Inc.)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
YNAB 4 version 4.3.729 (HKLM-x32\...\com.ynab.YNAB4.LiveCaptive_is1) (Version: 4.3.729 - YouNeedABudget.com)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2872030397-1439194393-2635324163-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Cook\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1D907FEA-BDBC-49FA-87E7-91D3D4E0F47C} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {2C62A076-70D8-4BEB-A67F-9D131991C8FC} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {3042E2C6-3465-4A65-B8C5-8CCB4998FB6F} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {3C3B470C-D51F-4B98-A161-13449750F698} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {4C56030D-A7E1-489D-8EA3-3F9DBA0A4D3C} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {4CCA41E1-2F4C-4345-80DC-1DD0283B5944} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {50C50289-E515-4C57-BCD1-EDEBF15D5925} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {528E2963-3BAC-41B0-A4E8-AD5682999BE4} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {56408CFD-1C27-44A8-976E-AEE9107CD061} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {5E193111-08BB-44A1-BDC6-ADA3D85AB3B2} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {6523A827-5D84-4908-B671-587ECB4DBFE5} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-04-15] (AVAST Software)
Task: {6646C0AD-9525-445F-96F4-6AAA172B5AC0} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {7134D36C-8C6D-4AC0-A01A-6DA680DEEA39} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {76389662-9FC7-4259-85FE-53E530DF28BF} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {7841C141-0E1E-41B5-A539-CCB49448071B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {7A665F23-FFBC-4FF9-944D-8E7C73CA3FFE} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {852015AD-75E2-4000-9FC2-61B23618C076} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {8520DAFF-D048-4645-98A0-39CAFF731129} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {8655FEE3-A476-4CC9-A3EB-802C540914C4} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {8F4C3A2F-D807-437E-BAA4-10DF9721ED47} - \Microsoft\Windows\File Classification Infrastructure\Property Definition Sync -> No File <==== ATTENTION
Task: {9199850D-60F5-4929-A1E2-4D243334D166} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {98CA7E31-7195-4E1D-A6ED-3B104B71565F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-07] (Adobe Systems Incorporated)
Task: {992B74B4-FA6E-4C4F-9FCC-DABB34709F0B} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {9A372785-8E69-4062-B06A-C1D054CC8E3A} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {9BBE909B-19DF-4FC8-BB29-1EFD85F19264} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {9F276E4A-EEBE-41A6-B12E-F0D8C0F06B22} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {9F791DB4-02F6-4E13-90EB-738105ECC7CA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {9FCC0E62-50AE-4CD6-8BE6-FEEA4E88197C} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {BE83BA34-AFBA-4037-9D0B-15B9B35E9C1D} - System32\Tasks\CreateExplorerShellUnelevatedTask => /NOUACCHECK
Task: {BF012AAE-B6CF-4DEA-8BEF-81F66A142276} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-04-12] (Microsoft Corporation)
Task: {BF03E5FF-F303-4F3C-A58A-53FF93BE5CB6} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {C8B46DFA-F2AD-48F9-9BA2-45B1244DE0CD} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {C9AB971D-3679-41CF-AC40-57743ABEA203} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {CD71C6EF-3B42-485E-BF9C-556F083316E7} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {CE25A0A2-854B-482F-A0B1-A57EA7E731AB} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {CF46B936-5EE2-4BF6-9DED-34F95048DAA1} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {D1CB8F42-2DAB-450E-8605-7ADA7410BBE6} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {D73B0269-B1DD-4D0A-A4E3-BF9493B2E695} - System32\Tasks\SafeZone scheduled Autoupdate 1450450969 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-03-30] (Avast Software)
Task: {DBD5BA47-2C6D-40A5-B07F-B4C9035717EA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {DEFFA7CD-21F8-4B05-8860-72FA09FC2C36} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {E48F9718-D09D-43BA-AAAC-EF5BEDDEE31C} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {E801F6C0-4943-437A-B7AC-09C646506D3A} - \gameo_update -> No File <==== ATTENTION
Task: {F1A8216C-7235-4948-B387-D0CFDCF88662} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {F8EA7753-0FA9-48B8-A094-9091AA54B7A9} - System32\Tasks\Opera scheduled Autoupdate 1442177151 => C:\Users\Kids\AppData\Local\Programs\Opera\launcher.exe [2016-02-22] (Opera Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-08-22 02:02 - 2015-08-22 02:02 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-08-22 11:10 - 2015-08-11 05:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-04-12 22:22 - 2016-03-16 00:55 - 02495768 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-12 22:22 - 2016-03-16 00:55 - 02495768 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-10-01 19:56 - 2015-09-17 01:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-12-10 18:47 - 2015-11-25 00:20 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-12-10 18:47 - 2015-11-25 00:17 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-10 18:47 - 2015-11-25 00:17 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-01 19:57 - 2015-09-17 01:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-10 07:00 - 2015-07-10 09:14 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2016-04-15 16:35 - 2016-04-15 16:35 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-04-15 16:35 - 2016-04-15 16:35 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-04-21 15:30 - 2016-04-21 15:30 - 02890240 _____ () C:\Program Files\AVAST Software\Avast\defs\16042103\algo.dll
2016-04-15 16:35 - 2016-04-15 16:35 - 00478144 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2015-12-17 20:47 - 2015-12-17 20:47 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences [386]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2872030397-1439194393-2635324163-1000\...\sharepoint.com -> hxxps://netorg578689.sharepoint.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2872030397-1439194393-2635324163-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Cook\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "Secunia PSI Tray.lnk"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "GrooveMonitor"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-2872030397-1439194393-2635324163-1000\...\StartupApproved\Run: => "BingSvc"
HKU\S-1-5-21-2872030397-1439194393-2635324163-1000\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2872030397-1439194393-2635324163-1000\...\StartupApproved\Run: => "Skype"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [UDP Query User{935BBC70-845F-4BE2-9BA6-436DD0FD49F5}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Block) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [TCP Query User{9E4FE162-B2A6-48C9-915F-78744B9F9258}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Block) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [{2C966FC1-9862-4DCA-A7C4-EBC6F004B338}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{8EF2A991-553B-4C66-BDBE-5F2F33EA3E76}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{6D3C01C4-5045-4CBB-B0FE-6F4C1B361448}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{CCBC8AEA-38E8-4CA8-83EC-E06970372483}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F6C23897-7950-419E-B2ED-B556157F635A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{FA8145BF-E8DC-4A11-BFBC-A22547E0EFD0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{71B92FBC-9844-4B32-A17F-864B7304C976}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E3703EF0-5D60-416C-96F1-D5E25649BC66}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{944C4342-C98D-4D53-B1A8-C99389C1EF66}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{F8F02A9A-7E8C-47A6-A758-3BF9C9FE977F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{D19B2656-71C6-43F9-88FD-183724E61119}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [UDP Query User{BFB7771D-EBF0-4297-9257-FFF65EC504F8}C:\users\cook\appdata\local\popcorn time offical\node-webkit\popcorn time.exe] => (Allow) C:\users\cook\appdata\local\popcorn time offical\node-webkit\popcorn time.exe
FirewallRules: [TCP Query User{F618CBFD-415D-4DDE-A9AC-A45E877B0BA2}C:\users\cook\appdata\local\popcorn time offical\node-webkit\popcorn time.exe] => (Allow) C:\users\cook\appdata\local\popcorn time offical\node-webkit\popcorn time.exe
FirewallRules: [{064AAB92-94A5-45FA-B61D-FFE9E5026706}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5376FA9E-1DF6-4B7F-AFAF-F0D763DB21D5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6B238EE0-A0C5-4371-8938-CC9375AD79F2}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{C4FAA95F-2DB9-4773-B3F9-5904B54CAEFF}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [TCP Query User{A84724C5-4450-4C51-871F-FE8BBA33740B}C:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon phantoms na\game\ncsa-live\ghostreconphantoms.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon phantoms na\game\ncsa-live\ghostreconphantoms.exe
FirewallRules: [UDP Query User{E160B942-5914-4F81-9E7D-41876C4B809B}C:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon phantoms na\game\ncsa-live\ghostreconphantoms.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon phantoms na\game\ncsa-live\ghostreconphantoms.exe
FirewallRules: [{1E39A5D0-0CE2-4995-8334-5AA3A7373EDE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{352D04AA-6610-4819-A306-6F235837016E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{B7BA2853-60EE-4A17-81C8-4964DA5AF27C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{30B3ED22-7864-4691-8EE9-96DEB3F7F126}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{9BC90C25-6257-47F8-AC22-0FF3EE55D6AA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5DF8AEDF-7782-43A8-8A66-B68491B34C2F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F83C24B4-2802-4D4D-9BAB-A3ED89F99E44}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls II\Game\DarkSoulsII.exe
FirewallRules: [{E9B263C4-ED2B-4AA7-BB2E-B0FDC0C9FFBD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls II\Game\DarkSoulsII.exe
FirewallRules: [{4A10D253-8E46-4F88-A7C5-612EA6DA5011}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magic Duels\MagicDuels.exe
FirewallRules: [{22DBDF1B-362F-4122-83F3-FB66502E84D6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magic Duels\MagicDuels.exe
FirewallRules: [{F6629DED-683F-4C98-885C-7AD8502566ED}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warface\live\nw.exe
FirewallRules: [{3BB3C20C-7C77-4966-B792-E1A9A37656CA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warface\live\nw.exe
FirewallRules: [{0487475D-ED48-4EAF-8BF4-4702085CB41A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TheLongDark\tld.exe
FirewallRules: [{4AD43D58-2214-48E6-A014-DD95B888E3C6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TheLongDark\tld.exe

==================== Restore Points =========================

20-04-2016 22:49:31 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/21/2016 04:31:12 PM) (Source: MsiInstaller) (EventID: 10005) (User: NT AUTHORITY)
Description: Product: Apple Mobile Device Support -- This Apple Mobile Device Support installer is intended for 32-bit versions of Windows. Please download and install the 64-bit Apple Mobile Device Support installer instead.

Error: (04/20/2016 10:49:31 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (04/20/2016 10:49:31 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddCorePnPFiles : Enumerating driver store published INFs failed.

System Error:
The process cannot access the file because it is being used by another process.
.

Error: (04/20/2016 09:40:09 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (04/20/2016 09:38:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SystemSettings.exe, version: 10.0.10240.16384, time stamp: 0x559f39ae
Faulting module name: SettingsHandlers_StorageSense.dll, version: 10.0.10240.16384, time stamp: 0x559f3d87
Exception code: 0xc0000005
Fault offset: 0x00000000000174b9
Faulting process id: 0x1850
Faulting application start time: 0xSystemSettings.exe0
Faulting application path: SystemSettings.exe1
Faulting module path: SystemSettings.exe2
Report Id: SystemSettings.exe3
Faulting package full name: SystemSettings.exe4
Faulting package-relative application ID: SystemSettings.exe5

Error: (04/20/2016 09:33:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SystemSettings.exe, version: 10.0.10240.16384, time stamp: 0x559f39ae
Faulting module name: SettingsHandlers_StorageSense.dll, version: 10.0.10240.16384, time stamp: 0x559f3d87
Exception code: 0xc0000005
Fault offset: 0x00000000000174b9
Faulting process id: 0x1efc
Faulting application start time: 0xSystemSettings.exe0
Faulting application path: SystemSettings.exe1
Faulting module path: SystemSettings.exe2
Report Id: SystemSettings.exe3
Faulting package full name: SystemSettings.exe4
Faulting package-relative application ID: SystemSettings.exe5

Error: (04/20/2016 09:32:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SystemSettings.exe, version: 10.0.10240.16384, time stamp: 0x559f39ae
Faulting module name: SettingsHandlers_StorageSense.dll, version: 10.0.10240.16384, time stamp: 0x559f3d87
Exception code: 0xc0000005
Fault offset: 0x00000000000174b9
Faulting process id: 0x3e4
Faulting application start time: 0xSystemSettings.exe0
Faulting application path: SystemSettings.exe1
Faulting module path: SystemSettings.exe2
Report Id: SystemSettings.exe3
Faulting package full name: SystemSettings.exe4
Faulting package-relative application ID: SystemSettings.exe5

Error: (04/20/2016 09:32:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SystemSettings.exe, version: 10.0.10240.16384, time stamp: 0x559f39ae
Faulting module name: SettingsHandlers_StorageSense.dll, version: 10.0.10240.16384, time stamp: 0x559f3d87
Exception code: 0xc0000005
Fault offset: 0x00000000000174b9
Faulting process id: 0x2344
Faulting application start time: 0xSystemSettings.exe0
Faulting application path: SystemSettings.exe1
Faulting module path: SystemSettings.exe2
Report Id: SystemSettings.exe3
Faulting package full name: SystemSettings.exe4
Faulting package-relative application ID: SystemSettings.exe5

Error: (04/20/2016 09:29:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SystemSettings.exe, version: 10.0.10240.16384, time stamp: 0x559f39ae
Faulting module name: SettingsHandlers_StorageSense.dll, version: 10.0.10240.16384, time stamp: 0x559f3d87
Exception code: 0xc0000005
Fault offset: 0x00000000000174b9
Faulting process id: 0x7b4
Faulting application start time: 0xSystemSettings.exe0
Faulting application path: SystemSettings.exe1
Faulting module path: SystemSettings.exe2
Report Id: SystemSettings.exe3
Faulting package full name: SystemSettings.exe4
Faulting package-relative application ID: SystemSettings.exe5

Error: (04/20/2016 09:19:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SystemSettings.exe, version: 10.0.10240.16384, time stamp: 0x559f39ae
Faulting module name: SettingsHandlers_StorageSense.dll, version: 10.0.10240.16384, time stamp: 0x559f3d87
Exception code: 0xc0000005
Fault offset: 0x00000000000174b9
Faulting process id: 0x1914
Faulting application start time: 0xSystemSettings.exe0
Faulting application path: SystemSettings.exe1
Faulting module path: SystemSettings.exe2
Report Id: SystemSettings.exe3
Faulting package full name: SystemSettings.exe4
Faulting package-relative application ID: SystemSettings.exe5


System errors:
=============
Error: (04/21/2016 04:30:06 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (04/21/2016 04:25:58 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WbioSrvc service.

Error: (04/21/2016 04:25:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Handsfree Headset Service service failed to start due to the following error:
%%1083

Error: (04/21/2016 04:25:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error:
%%1058

Error: (04/21/2016 04:23:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_Session3 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (04/21/2016 04:23:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_Session3 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (04/21/2016 04:23:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_Session3 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (04/21/2016 04:23:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_Session3 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (04/20/2016 10:28:43 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (04/20/2016 10:16:53 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.


CodeIntegrity:
===================================
  Date: 2016-04-13 09:05:14.668
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

  Date: 2016-04-13 09:05:14.621
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

  Date: 2016-04-13 09:05:14.576
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

  Date: 2016-04-13 09:05:14.502
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

  Date: 2016-04-13 09:05:14.462
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

  Date: 2016-04-13 09:05:14.421
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

  Date: 2016-04-13 09:05:13.544
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

  Date: 2016-04-13 09:05:13.304
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

  Date: 2016-04-13 09:00:12.949
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

  Date: 2016-04-13 09:00:12.901
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i5-2500K CPU @ 3.30GHz
Percentage of memory in use: 24%
Total physical RAM: 8103.94 MB
Available physical RAM: 6123.92 MB
Total Virtual: 8615.94 MB
Available Virtual: 6668.18 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.22 GB) (Free:388.09 GB) NTFS
Drive e: (External HD) (Fixed) (Total:931.51 GB) (Free:765.65 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 422B6960)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 000205DD)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
Mod Edit:  Merged posts - Hamluis.

Edited by hamluis, 21 April 2016 - 05:16 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,184 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:48 AM

Posted 22 April 2016 - 08:37 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.


Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKU\S-1-5-21-2872030397-1439194393-2635324163-1000\...\Run: [BingSvc] => C:\Users\Cook\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-12-23] (© 2015 Microsoft Corporation)
ShortcutTarget: Curse.lnk -> C:\Users\Cook\AppData\Roaming\Curse Client\Bin\Curse.exe (No File)
ShortcutTarget: Curse.lnk -> C:\Users\Cook\AppData\Roaming\Curse Client\Bin\Curse.exe (No File)
GroupPolicyUsers\S-1-5-21-2872030397-1439194393-2635324163-1004\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2872030397-1439194393-2635324163-1003\User: Restriction <======= ATTENTION
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [No File]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2016-04-15]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-04-15]
U3 idsvc; no ImagePath
S3 WacHidRouter; \SystemRoot\System32\drivers\wachidrouter.sys [X]
S3 wacomrouterfilter; \SystemRoot\System32\drivers\wacomrouterfilter.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U4 wpcsvc; no ImagePath
Task: {1D907FEA-BDBC-49FA-87E7-91D3D4E0F47C} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {4CCA41E1-2F4C-4345-80DC-1DD0283B5944} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {528E2963-3BAC-41B0-A4E8-AD5682999BE4} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {56408CFD-1C27-44A8-976E-AEE9107CD061} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {5E193111-08BB-44A1-BDC6-ADA3D85AB3B2} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {6646C0AD-9525-445F-96F4-6AAA172B5AC0} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {852015AD-75E2-4000-9FC2-61B23618C076} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {8F4C3A2F-D807-437E-BAA4-10DF9721ED47} - \Microsoft\Windows\File Classification Infrastructure\Property Definition Sync -> No File <==== ATTENTION
Task: {9BBE909B-19DF-4FC8-BB29-1EFD85F19264} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {9F276E4A-EEBE-41A6-B12E-F0D8C0F06B22} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {9F791DB4-02F6-4E13-90EB-738105ECC7CA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {E801F6C0-4943-437A-B7AC-09C646506D3A} - \gameo_update -> No File <==== ATTENTION
Task: {F1A8216C-7235-4948-B387-D0CFDCF88662} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
C:\Users\Cook\AppData\Local\Microsoft\BingSvc\BingSvc.exe

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.

Please let me know what problem persists with this computer.

#3 cook2465

cook2465
  • Topic Starter

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:48 AM

Posted 25 April 2016 - 04:12 PM

Fixlog.txt:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:18-04-2016
Ran by Cook (2016-04-25 16:59:30) Run:1
Running from C:\Users\Cook\Downloads
Loaded Profiles: Cook (Available Profiles: Cook & Mary & Kids & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKU\S-1-5-21-2872030397-1439194393-2635324163-1000\...\Run: [BingSvc] => C:\Users\Cook\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-12-23] (© 2015 Microsoft Corporation)
ShortcutTarget: Curse.lnk -> C:\Users\Cook\AppData\Roaming\Curse Client\Bin\Curse.exe (No File)
ShortcutTarget: Curse.lnk -> C:\Users\Cook\AppData\Roaming\Curse Client\Bin\Curse.exe (No File)
GroupPolicyUsers\S-1-5-21-2872030397-1439194393-2635324163-1004\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2872030397-1439194393-2635324163-1003\User: Restriction <======= ATTENTION
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [No File]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2016-04-15]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-04-15]
U3 idsvc; no ImagePath
S3 WacHidRouter; \SystemRoot\System32\drivers\wachidrouter.sys [X]
S3 wacomrouterfilter; \SystemRoot\System32\drivers\wacomrouterfilter.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U4 wpcsvc; no ImagePath
Task: {1D907FEA-BDBC-49FA-87E7-91D3D4E0F47C} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {4CCA41E1-2F4C-4345-80DC-1DD0283B5944} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {528E2963-3BAC-41B0-A4E8-AD5682999BE4} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {56408CFD-1C27-44A8-976E-AEE9107CD061} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {5E193111-08BB-44A1-BDC6-ADA3D85AB3B2} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {6646C0AD-9525-445F-96F4-6AAA172B5AC0} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {852015AD-75E2-4000-9FC2-61B23618C076} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {8F4C3A2F-D807-437E-BAA4-10DF9721ED47} - \Microsoft\Windows\File Classification Infrastructure\Property Definition Sync -> No File <==== ATTENTION
Task: {9BBE909B-19DF-4FC8-BB29-1EFD85F19264} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {9F276E4A-EEBE-41A6-B12E-F0D8C0F06B22} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {9F791DB4-02F6-4E13-90EB-738105ECC7CA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {E801F6C0-4943-437A-B7AC-09C646506D3A} - \gameo_update -> No File <==== ATTENTION
Task: {F1A8216C-7235-4948-B387-D0CFDCF88662} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
C:\Users\Cook\AppData\Local\Microsoft\BingSvc\BingSvc.exe

End
*****************

Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-2872030397-1439194393-2635324163-1000\Software\Microsoft\Windows\CurrentVersion\Run\\BingSvc => value removed successfully
C:\Users\Cook\AppData\Roaming\Curse Client\Bin\Curse.exe => not found.
C:\Users\Cook\AppData\Roaming\Curse Client\Bin\Curse.exe => not found.
C:\WINDOWS\system32\GroupPolicyUsers\S-1-5-21-2872030397-1439194393-2635324163-1004\User => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\system32\GroupPolicyUsers\S-1-5-21-2872030397-1439194393-2635324163-1003\User => moved successfully
"HKLM\Software\MozillaPlugins\wacom.com/WacomTabletPlugin" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\wacom.com/WacomTabletPlugin" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck" => key removed successfully
Could not move "C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx" => Scheduled to move on reboot.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki" => key removed successfully
Could not move "C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Scheduled to move on reboot.
idsvc => service removed successfully
WacHidRouter => service removed successfully
wacomrouterfilter => service removed successfully
wfpcapture => service removed successfully
wpcsvc => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1D907FEA-BDBC-49FA-87E7-91D3D4E0F47C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1D907FEA-BDBC-49FA-87E7-91D3D4E0F47C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4CCA41E1-2F4C-4345-80DC-1DD0283B5944}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4CCA41E1-2F4C-4345-80DC-1DD0283B5944}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{528E2963-3BAC-41B0-A4E8-AD5682999BE4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{528E2963-3BAC-41B0-A4E8-AD5682999BE4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{56408CFD-1C27-44A8-976E-AEE9107CD061}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{56408CFD-1C27-44A8-976E-AEE9107CD061}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5E193111-08BB-44A1-BDC6-ADA3D85AB3B2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5E193111-08BB-44A1-BDC6-ADA3D85AB3B2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6646C0AD-9525-445F-96F4-6AAA172B5AC0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6646C0AD-9525-445F-96F4-6AAA172B5AC0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{852015AD-75E2-4000-9FC2-61B23618C076}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{852015AD-75E2-4000-9FC2-61B23618C076}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8F4C3A2F-D807-437E-BAA4-10DF9721ED47}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F4C3A2F-D807-437E-BAA4-10DF9721ED47}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\File Classification Infrastructure\Property Definition Sync" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9BBE909B-19DF-4FC8-BB29-1EFD85F19264}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9BBE909B-19DF-4FC8-BB29-1EFD85F19264}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9F276E4A-EEBE-41A6-B12E-F0D8C0F06B22}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9F276E4A-EEBE-41A6-B12E-F0D8C0F06B22}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9F791DB4-02F6-4E13-90EB-738105ECC7CA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9F791DB4-02F6-4E13-90EB-738105ECC7CA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E801F6C0-4943-437A-B7AC-09C646506D3A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E801F6C0-4943-437A-B7AC-09C646506D3A}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\gameo_update => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F1A8216C-7235-4948-B387-D0CFDCF88662}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F1A8216C-7235-4948-B387-D0CFDCF88662}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
C:\Users\Cook\AppData\Local\Microsoft\BingSvc\BingSvc.exe => moved successfully
EmptyTemp: => 906.5 MB temporary data Removed.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-04-25 17:08:04)

"C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx" => Could not move
"C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Could not move

==== End of Fixlog 17:08:11 ====



#4 cook2465

cook2465
  • Topic Starter

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:48 AM

Posted 25 April 2016 - 04:17 PM

Since I just restarted after the fix you kindly posted, the only thing I have had time to see if it works is to attempt to sign into my user account 'Mary"  I still am not able to sign in, it stays stuck loading on the welcome screen after typing in my password.  I am able to log in under my admin account 'Cook'  Thus far the admin account seems ok but the computer seems a bit slow and everyone in my household seems to be having issues with wifi dropping and reconnecting or having to manually re-connect.  These are seemingly un-related issues, but problems we are having that I though you should know about.

 

There are apps I have on my user account that I cannot access on my admin account so working is a bit slower and not as convenient.  It was suggested on the last forum post that it is possible that my user account is corrupt and to delete it and set a new one up.  Is there a way to confirm this before I do so which takes valuable time that I just don't have at the moment?  Thank you so much for your help!!



#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,184 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:48 AM

Posted 26 April 2016 - 09:06 AM

If the user account is corrupted there is not way to fix it.

A new account has to be created.

#6 cook2465

cook2465
  • Topic Starter

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:48 AM

Posted 26 April 2016 - 05:35 PM

ok, would this corrupted account be the cause of the above described problems?  From what you have seen in my logs is my computer clean?  Also when I create a new account will all my information, data, pictures, etc remain on my computer?  Is there any way to determine if the account is truly corrupted or if there is another cause.  Knowing is half the battle for me, thank you!


Edited by cook2465, 26 April 2016 - 05:36 PM.


#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,184 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:48 AM

Posted 27 April 2016 - 06:45 AM


After looking at your Error messages in the Addition.txt box I suggest you try to find out what is causing this problem.

Navigate to this page.
https://support.microsoft.com/en-us/kb/929135

Excecute the instructions under this section of the topic.

More information
How to determine what is causing the problem by performing a clean boot
Windows 10, Windows 8.1, and Windows 8


Read the instructions carefully.
If you can print the instructions to assist you.

Keep me posted.

#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,184 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:48 AM

Posted 03 May 2016 - 07:37 AM

Are you still with me?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users