Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Network infection that has spread to 4 different PCs


  • This topic is locked This topic is locked
3 replies to this topic

#1 Modzilla44

Modzilla44

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:16 AM

Posted 30 August 2016 - 05:43 AM

This PC was recently reformatted using the clean everything reset option..as you can see a lot of weird stuff has happened since 
 
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-08-2016
Ran by Admin (administrator) on SPAGHETTIWAGON (30-08-2016 03:34:00)
Running from C:\Users\Guest\Downloads
Loaded Profiles: Admin & Guest (Available Profiles: Admin & ME & Guest)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7642328 2014-10-06] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3962936 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2818800 2014-06-16] (Synaptics Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3933496 2012-09-20] (Logitech, Inc.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [509192 2014-10-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2779136 2016-06-11] (Dominik Reichl)
HKLM-x32\...\RunOnce: [{3D878E4E-475B-4C6B-BFFB-2AEBDD9F3891}] => cmd.exe /C start /D "C:\Users\Admin\AppData\Local\Temp\{3D878E4E-475B-4C6B-BFFB-2AEBDD9F3891}" /B {8EBEB23B-65E6-4424-B857-468419F63D89}.exe -accepteula -accepteulaksn -activeimages -postboot <===== ATTENTION
HKU\S-1-5-21-3393453916-3269102544-2493383506-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8894680 2016-08-05] (Piriform Ltd)
HKU\S-1-5-21-3393453916-3269102544-2493383506-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [11776 2013-08-22] (Microsoft Corporation)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-08-16]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{780BA673-39E8-44E1-982E-C693E3269FD0}: [NameServer] 78.46.223.24,162.242.211.137
Tcpip\..\Interfaces\{780BA673-39E8-44E1-982E-C693E3269FD0}: [DhcpNameServer] 78.46.223.24 162.242.211.137
Tcpip\..\Interfaces\{9485F112-CA81-459E-B4EB-9E300909617A}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B6718409-5AF4-49AE-AAEE-E6F1FB2B43A5}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-3393453916-3269102544-2493383506-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-3393453916-3269102544-2493383506-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://js.redirect.hp.com/jumpstation?bd=all&c=144&locale=ww_ww&pf=cnnb&s=ieHPtab&tp=iehome
HKU\S-1-5-21-3393453916-3269102544-2493383506-501\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp13.msn.com
HKU\S-1-5-21-3393453916-3269102544-2493383506-501\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp13.msn.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {DA01F2E4-47FD-4618-BA39-19632E5C1D48} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3393453916-3269102544-2493383506-1001 -> {DA01F2E4-47FD-4618-BA39-19632E5C1D48} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3393453916-3269102544-2493383506-501 -> {DA01F2E4-47FD-4618-BA39-19632E5C1D48} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-08-30] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-08-30] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-08-30] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-08-30] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-08-30] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-08-30] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\EA6aXZzG.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-08-17] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-08-17] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-06-19] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-06-19] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-08-30] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-16] (Google Inc.)
FF Extension: (Avira Browser Safety) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\EA6aXZzG.default\Extensions\abs@avira.com [2016-08-16]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://taplika.com/?f=1&a=&cd=&cr=&ir=
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-08-16]
CHR Extension: (Google Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-08-16]
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-16]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-16]
CHR Extension: (uBlock Origin) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-08-16]
CHR Extension: (Google Sheets) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-08-16]
CHR Extension: (Avira Browser Safety) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-08-16]
CHR Extension: (Google Docs Offline) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-16]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-16]
CHR Extension: (Chrome Media Router) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-16]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AviraUpdaterService; C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe [26760 2016-07-14] (Avira Operations GmbH & Co. KG)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2981056 2016-08-11] (Microsoft Corporation)
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [569608 2014-10-09] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-06-25] (Intel Corporation)
R2 ibtsiva.exe; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [121288 2014-08-13] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328296 2014-10-07] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-06-09] ()
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [265936 2014-06-18] ()
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-28] (Softex Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [292568 2014-09-04] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [191728 2014-06-16] (Synaptics Incorporated)
S3 vmicvss; C:\Windows\System32\ICSvc.dll [517120 2013-08-22] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-11-12] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-11-12] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816656 2014-06-18] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [219592 2014-08-13] (Intel Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3488744 2014-07-22] (Intel Corporation)
S3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [506072 2014-06-20] (Realsil Semiconductor Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2014-06-16] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-06-16] (Synaptics Incorporated)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2016-08-17] ()
R1 veracrypt; C:\Windows\System32\drivers\veracrypt.sys [198248 2016-08-16] (IDRIX)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [35856 2014-11-12] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [257880 2014-11-12] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-11-12] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
S3 clwvd; \SystemRoot\system32\DRIVERS\clwvd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-30 03:34 - 2016-08-30 03:34 - 00016520 _____ C:\Users\Guest\Downloads\FRST.txt
2016-08-30 03:33 - 2016-08-30 03:33 - 02397696 _____ (Farbar) C:\Users\Guest\Downloads\FRST64.exe
2016-08-30 02:24 - 2016-08-30 02:24 - 00000000 __SHD C:\Users\Guest\AppData\LocalLow\EmieUserList
2016-08-30 02:21 - 2016-08-30 02:24 - 00000000 __SHD C:\Users\Guest\AppData\LocalLow\EmieSiteList
2016-08-30 02:21 - 2016-08-30 02:21 - 00000000 __SHD C:\Users\Guest\AppData\Local\EmieUserList
2016-08-30 02:21 - 2016-08-30 02:21 - 00000000 __SHD C:\Users\Guest\AppData\Local\EmieSiteList
2016-08-29 18:16 - 2016-08-29 18:16 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2016-08-18 10:10 - 2016-08-30 02:15 - 00000136 _____ C:\IFRToolLog.txt
2016-08-18 10:02 - 2016-08-18 10:03 - 00490856 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-08-18 02:30 - 2016-08-18 02:30 - 01117411 _____ C:\Users\ME\Desktop\New folder.7z
2016-08-18 02:29 - 2016-08-18 02:30 - 00000000 ____D C:\Users\ME\Desktop\New folder
2016-08-18 02:09 - 2016-08-18 02:09 - 00000000 ____D C:\Program Files (x86)\ESET
2016-08-18 02:06 - 2016-08-18 02:06 - 02870984 _____ (ESET) C:\Users\ME\Downloads\esetsmartinstaller_enu.exe
2016-08-18 02:01 - 2016-08-18 02:04 - 00020216 _____ C:\Users\ME\Desktop\Addition.txt
2016-08-18 02:00 - 2016-08-30 03:34 - 00000000 ____D C:\FRST
2016-08-18 02:00 - 2016-08-18 02:04 - 00045496 _____ C:\Users\ME\Desktop\FRST.txt
2016-08-18 02:00 - 2016-08-18 02:00 - 02394624 _____ (Farbar) C:\Users\ME\Downloads\FRST64 (2).exe
2016-08-18 02:00 - 2016-08-18 02:00 - 02394624 _____ (Farbar) C:\Users\ME\Desktop\FRST64 (1).exe
2016-08-17 22:10 - 2016-08-17 22:13 - 00021486 _____ C:\Users\ME\Downloads\MTB.txt
2016-08-17 22:10 - 2016-08-17 22:10 - 00892416 _____ (Farbar) C:\Users\ME\Downloads\MiniToolBox.exe
2016-08-17 22:01 - 2016-08-17 22:01 - 00688992 _____ (Swearware) C:\Users\ME\Downloads\dds.com
2016-08-17 21:24 - 2016-08-17 21:25 - 00007084 _____ C:\TDSSKiller.3.1.0.11_17.08.2016_21.24.56_log.txt
2016-08-17 20:20 - 2016-08-17 20:20 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-08-17 20:20 - 2016-08-17 20:20 - 00000000 ____D C:\Program Files\7-Zip
2016-08-17 19:40 - 2016-08-17 19:41 - 00000000 ____D C:\ProgramData\Sophos
2016-08-17 19:38 - 2016-08-17 21:11 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-08-17 19:38 - 2016-08-17 19:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-08-17 19:38 - 2016-08-17 19:38 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-08-17 19:38 - 2016-08-17 19:38 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-08-17 19:38 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-08-17 19:38 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-08-17 19:38 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-08-17 19:32 - 2016-08-17 19:32 - 00000000 ____D C:\Users\Admin\AppData\LocalLow\Intel
2016-08-17 19:19 - 2016-07-14 00:14 - 00171664 _____ (Ray Hinchliffe) C:\WINDOWS\system32\Drivers\SIVX64.sys
2016-08-17 19:15 - 2016-08-12 10:13 - 00000000 ____D C:\Users\ME\Desktop\integrity_verification
2016-08-17 19:15 - 2016-08-12 09:41 - 00000000 ____D C:\Users\ME\Desktop\tron
2016-08-17 19:11 - 2016-08-17 19:11 - 00000000 ____D C:\WINDOWS\pss
2016-08-17 19:06 - 2016-08-17 19:08 - 672326162 _____ (Igor Pavlov) C:\Users\ME\Desktop\Tron v9.2.0 (2016-08-12).exe
2016-08-17 12:32 - 2016-08-17 12:32 - 00000000 ____D C:\Users\Guest\AppData\Local\DropboxOEM
2016-08-17 10:11 - 2016-08-17 10:11 - 00000000 ____D C:\WINDOWS\System32\Tasks\Event Viewer Tasks
2016-08-17 10:10 - 2016-08-17 10:10 - 00000700 _____ C:\Users\Admin\Libraries - Shortcut.lnk
2016-08-17 09:08 - 2016-08-17 09:08 - 00000000 ____D C:\Users\Guest\AppData\Local\Hewlett-Packard
2016-08-17 09:07 - 2016-08-30 03:19 - 00000000 ___RD C:\Users\Guest\Documents\hp.applications.package.appdata
2016-08-17 09:07 - 2016-08-17 11:21 - 00000000 __SHD C:\Users\Guest\IntelGraphicsProfiles
2016-08-17 09:07 - 2016-08-17 09:07 - 00001449 _____ C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-08-17 09:07 - 2016-08-17 09:07 - 00000020 ___SH C:\Users\Guest\ntuser.ini
2016-08-17 09:07 - 2016-08-17 09:07 - 00000000 _SHDL C:\Users\Guest\My Documents
2016-08-17 09:07 - 2016-08-17 09:07 - 00000000 _SHDL C:\Users\Guest\Documents\My Videos
2016-08-17 09:07 - 2016-08-17 09:07 - 00000000 _SHDL C:\Users\Guest\Documents\My Pictures
2016-08-17 09:07 - 2016-08-17 09:07 - 00000000 _SHDL C:\Users\Guest\Documents\My Music
2016-08-17 09:07 - 2016-08-17 09:07 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Synaptics
2016-08-17 09:07 - 2016-08-17 09:07 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Intel
2016-08-17 09:07 - 2016-08-17 09:07 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Adobe
2016-08-17 09:07 - 2016-08-17 09:07 - 00000000 ____D C:\Users\Guest\AppData\Local\VirtualStore
2016-08-17 09:07 - 2016-08-17 09:07 - 00000000 ____D C:\Users\Guest\AppData\Local\Packages
2016-08-17 09:07 - 2016-08-17 09:07 - 00000000 ____D C:\Users\Guest\AppData\Local\Google
2016-08-17 09:07 - 2016-08-17 09:07 - 00000000 ____D C:\Users\Guest
2016-08-17 09:07 - 2014-11-12 01:05 - 00000000 ____D C:\Users\Guest\Documents\hp.system.package.metadata
2016-08-17 09:07 - 2014-03-18 02:54 - 00000369 _____ C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2016-08-17 09:07 - 2014-03-18 02:54 - 00000369 _____ C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2016-08-17 01:04 - 2016-08-17 01:04 - 00000000 ____D C:\TDSSKiller_Quarantine
2016-08-17 00:30 - 2016-08-17 00:30 - 00000000 ____D C:\Users\ME\Downloads\gmer
2016-08-17 00:28 - 2016-08-17 13:00 - 00742619 _____ C:\Users\ME\Downloads\gmer.zip
2016-08-17 00:24 - 2016-08-17 00:24 - 04656735 _____ C:\Users\ME\Downloads\tdsskiller.zip
2016-08-17 00:16 - 2016-08-17 00:16 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2016-08-17 00:16 - 2016-08-17 00:16 - 00000000 ____D C:\ProgramData\RogueKiller
2016-08-17 00:12 - 2016-08-17 00:13 - 25364552 _____ C:\Users\ME\Downloads\RogueKillerX64.exe
2016-08-17 00:11 - 2016-08-17 00:11 - 02394624 _____ (Farbar) C:\Users\ME\Downloads\FRST64.exe
2016-08-17 00:10 - 2016-08-17 00:10 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\ME\Downloads\iExplore (1).exe
2016-08-16 23:56 - 2016-08-16 23:56 - 00001747 _____ C:\Users\Admin\Documents\aswMBR.txt
2016-08-16 23:52 - 2016-08-17 00:15 - 00002534 _____ C:\Users\Admin\Desktop\Rkill.txt
2016-08-16 23:50 - 2016-08-16 23:50 - 03784256 _____ C:\Users\ME\Downloads\AdwCleaner.exe
2016-08-16 23:44 - 2016-08-16 23:44 - 05198336 _____ (AVAST Software) C:\Users\ME\Desktop\aswMBR.exe
2016-08-16 23:36 - 2016-08-16 23:36 - 00000000 __SHD C:\Users\ME\AppData\LocalLow\EmieUserList
2016-08-16 23:28 - 2016-08-16 23:36 - 00000000 __SHD C:\Users\ME\AppData\LocalLow\EmieSiteList
2016-08-16 23:28 - 2016-08-16 23:28 - 00000000 __SHD C:\Users\ME\AppData\Local\EmieUserList
2016-08-16 23:28 - 2016-08-16 23:28 - 00000000 __SHD C:\Users\ME\AppData\Local\EmieSiteList
2016-08-16 23:28 - 2016-08-16 23:28 - 00000000 ____D C:\Users\ME\AppData\Roaming\Macromedia
2016-08-16 23:28 - 2016-08-16 23:28 - 00000000 ____D C:\Users\ME\AppData\Roaming\DropboxOEM
2016-08-16 23:15 - 2016-08-16 23:15 - 08227032 _____ (Piriform Ltd) C:\Users\ME\Downloads\ccsetup521.exe
2016-08-16 23:15 - 2016-08-16 23:15 - 00002802 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2016-08-16 23:15 - 2016-08-16 23:15 - 00000841 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-08-16 23:15 - 2016-08-16 23:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-08-16 23:15 - 2016-08-16 23:15 - 00000000 ____D C:\Program Files\CCleaner
2016-08-16 22:34 - 2016-08-18 10:25 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3393453916-3269102544-2493383506-1004
2016-08-16 22:30 - 2016-08-16 22:30 - 00000000 ____D C:\Users\ME\AppData\Local\DropboxOEM
2016-08-16 22:29 - 2016-08-20 19:22 - 00000000 ____D C:\Users\ME
2016-08-16 22:29 - 2016-08-18 00:41 - 00000000 ____D C:\Users\ME\AppData\Local\Google
2016-08-16 22:29 - 2016-08-16 22:51 - 00000000 __SHD C:\Users\ME\IntelGraphicsProfiles
2016-08-16 22:29 - 2016-08-16 22:37 - 00000000 ____D C:\Users\ME\AppData\Local\Packages
2016-08-16 22:29 - 2016-08-16 22:29 - 00001453 _____ C:\Users\ME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-08-16 22:29 - 2016-08-16 22:29 - 00000020 ___SH C:\Users\ME\ntuser.ini
2016-08-16 22:29 - 2016-08-16 22:29 - 00000000 _SHDL C:\Users\ME\My Documents
2016-08-16 22:29 - 2016-08-16 22:29 - 00000000 _SHDL C:\Users\ME\Documents\My Videos
2016-08-16 22:29 - 2016-08-16 22:29 - 00000000 _SHDL C:\Users\ME\Documents\My Pictures
2016-08-16 22:29 - 2016-08-16 22:29 - 00000000 _SHDL C:\Users\ME\Documents\My Music
2016-08-16 22:29 - 2016-08-16 22:29 - 00000000 ____D C:\Users\ME\AppData\Roaming\Synaptics
2016-08-16 22:29 - 2016-08-16 22:29 - 00000000 ____D C:\Users\ME\AppData\Roaming\Intel
2016-08-16 22:29 - 2016-08-16 22:29 - 00000000 ____D C:\Users\ME\AppData\Roaming\Adobe
2016-08-16 22:29 - 2016-08-16 22:29 - 00000000 ____D C:\Users\ME\AppData\Local\VirtualStore
2016-08-16 22:29 - 2016-08-16 22:29 - 00000000 ____D C:\Users\ME\AppData\Local\Hewlett-Packard
2016-08-16 22:29 - 2014-11-12 01:05 - 00000000 ___HD C:\Users\ME\Documents\hp.system.package.metadata
2016-08-16 22:29 - 2014-11-12 01:05 - 00000000 ___HD C:\Users\ME\Documents\hp.applications.package.appdata
2016-08-16 22:29 - 2014-03-18 02:54 - 00000369 _____ C:\Users\ME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2016-08-16 22:29 - 2014-03-18 02:54 - 00000369 _____ C:\Users\ME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2016-08-16 17:07 - 2016-08-16 17:07 - 00000000 ___RD C:\Users\Admin\Documents\Notes
2016-08-16 15:54 - 2016-08-16 16:00 - 00000000 ____D C:\Users\Admin\Documents\New folder - Copy
2016-08-16 15:33 - 2016-08-16 15:33 - 00040664 _____ (The OpenVPN Project) C:\WINDOWS\system32\Drivers\tap0901.sys
2016-08-16 15:33 - 2016-08-16 15:33 - 00001036 _____ C:\Users\Public\Desktop\NordVPN.lnk
2016-08-16 15:33 - 2016-08-16 15:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\NordVPN
2016-08-16 15:33 - 2016-08-16 15:33 - 00000000 ____D C:\Program Files\NordVPN
2016-08-16 15:31 - 2016-08-16 15:32 - 18411256 _____ (NordVPN Inc.) C:\Users\Admin\Downloads\NordVPN Client.exe
2016-08-16 15:17 - 2016-08-16 15:17 - 00002110 _____ C:\Users\Admin\Documents\NewDatabase.kdbx
2016-08-16 14:40 - 2016-08-17 19:23 - 00000000 ____D C:\Users\Admin\AppData\Roaming\DropboxOEM
2016-08-16 14:03 - 2016-08-16 14:04 - 14567880 _____ C:\Users\Admin\Downloads\ForzaMotorsport4.themepack
2016-08-16 13:04 - 2016-08-16 10:40 - 2147483648 _____ C:\Users\Admin\Documents\veracryptcontainer
2016-08-16 12:17 - 2016-08-16 16:06 - 00000000 ___RD C:\Users\Admin\Documents\New folder
2016-08-16 11:59 - 2016-08-16 14:37 - 00000000 ___RD C:\Users\Admin\Downloads\New folder
2016-08-16 11:15 - 2016-08-16 11:15 - 00000000 ____D C:\Users\Admin\AppData\Local\CEF
2016-08-16 11:08 - 2016-08-16 11:08 - 00003108 _____ C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3393453916-3269102544-2493383506-1001
2016-08-16 11:08 - 2016-08-16 11:08 - 00000000 ___RD C:\Users\Admin\OneDrive
2016-08-16 11:08 - 2016-08-16 11:08 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2016-08-16 11:07 - 2015-07-17 06:51 - 00984448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2016-08-16 11:07 - 2015-07-17 06:51 - 00063840 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-private-l1-1-0.dll
2016-08-16 11:07 - 2015-07-17 06:51 - 00020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-math-l1-1-0.dll
2016-08-16 11:07 - 2015-07-17 06:51 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-08-16 11:07 - 2015-07-17 06:51 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-string-l1-1-0.dll
2016-08-16 11:07 - 2015-07-17 06:51 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-08-16 11:07 - 2015-07-17 06:51 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-08-16 11:07 - 2015-07-17 06:51 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-08-16 11:07 - 2015-07-17 06:51 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-time-l1-1-0.dll
2016-08-16 11:07 - 2015-07-17 06:51 - 00013664 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-08-16 11:07 - 2015-07-17 06:51 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-process-l1-1-0.dll
2016-08-16 11:07 - 2015-07-17 06:51 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-08-16 11:07 - 2015-07-17 06:51 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-08-16 11:07 - 2015-07-17 06:51 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-08-16 11:07 - 2015-07-17 06:51 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-08-16 11:07 - 2015-07-17 06:51 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-08-16 11:07 - 2015-07-17 06:47 - 00901264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2016-08-16 11:07 - 2015-07-17 06:47 - 00066400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-08-16 11:07 - 2015-07-17 06:47 - 00022368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-08-16 11:07 - 2015-07-17 06:47 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-08-16 11:07 - 2015-07-17 06:47 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-08-16 11:07 - 2015-07-17 06:47 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-08-16 11:07 - 2015-07-17 06:47 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-08-16 11:07 - 2015-07-17 06:47 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-08-16 11:07 - 2015-07-17 06:47 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-08-16 11:07 - 2015-07-17 06:47 - 00013664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-08-16 11:07 - 2015-07-17 06:47 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-08-16 11:07 - 2015-07-17 06:47 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-08-16 11:07 - 2015-07-17 06:47 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-08-16 11:07 - 2015-07-17 06:47 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-08-16 11:07 - 2015-07-17 06:47 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-08-16 11:07 - 2015-07-17 06:47 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-08-16 11:03 - 2016-08-16 11:03 - 00002403 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2016-08-16 11:03 - 2016-08-16 11:03 - 00002402 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2016-08-16 11:03 - 2016-08-16 11:03 - 00002366 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2016-08-16 11:03 - 2016-08-16 11:03 - 00002365 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2016-08-16 11:03 - 2016-08-16 11:03 - 00002359 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2016-08-16 11:03 - 2016-08-16 11:03 - 00002353 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2016-08-16 11:03 - 2016-08-16 11:03 - 00002345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2016-08-16 11:03 - 2016-08-16 11:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2016-08-16 10:59 - 2016-08-16 10:59 - 03518664 _____ (Microsoft Corporation) C:\Users\Admin\Downloads\Setup.X86.en-US_O365HomePremRetail_0cf6290d-1139-4d2f-a131-27e34762698c_TX_PR_.exe
2016-08-16 10:59 - 2016-08-16 10:59 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-08-16 10:25 - 2016-08-16 21:29 - 00000000 ____D C:\Users\Admin\AppData\Roaming\KeePass
2016-08-16 10:00 - 2016-08-16 10:00 - 00002061 _____ C:\Users\Public\Desktop\Avira Software Updater.lnk
2016-08-16 09:56 - 2016-08-16 09:56 - 00001100 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
2016-08-16 09:56 - 2016-08-16 09:56 - 00001088 _____ C:\Users\Admin\Desktop\KeePass 2.lnk
2016-08-16 09:56 - 2016-08-16 09:56 - 00000000 ____D C:\Program Files (x86)\KeePass Password Safe 2
2016-08-16 09:53 - 2016-08-16 09:54 - 03078328 _____ (Dominik Reichl ) C:\Users\Admin\Downloads\KeePass-2.34-Setup.exe
2016-08-16 09:44 - 2016-08-16 09:44 - 00000000 ____D C:\Users\Admin\AppData\Local\DropboxOEM
2016-08-16 09:33 - 2016-08-16 09:33 - 00000000 ____D C:\Users\Admin\AppData\Roaming\VeraCrypt
2016-08-16 09:29 - 2016-08-16 09:29 - 00198248 _____ (IDRIX) C:\WINDOWS\system32\Drivers\veracrypt.sys
2016-08-16 09:29 - 2016-08-16 09:29 - 00000866 _____ C:\Users\Public\Desktop\VeraCrypt.lnk
2016-08-16 09:29 - 2016-08-16 09:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VeraCrypt
2016-08-16 09:29 - 2016-08-16 09:29 - 00000000 ____D C:\Program Files\VeraCrypt
2016-08-16 09:28 - 2016-08-16 09:28 - 13954552 _____ C:\Users\Admin\Downloads\VeraCrypt Setup 1.17.exe
2016-08-16 08:43 - 2016-08-16 08:43 - 00000000 ____D C:\Users\Admin\AppData\Roaming\WildTangent
2016-08-16 08:40 - 2014-04-15 16:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2016-08-16 08:40 - 2014-04-15 16:34 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2016-08-16 08:37 - 2016-08-16 08:37 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Mozilla
2016-08-16 08:33 - 2016-08-18 02:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-08-16 08:33 - 2016-08-18 02:10 - 00000000 ____D C:\ProgramData\Avira
2016-08-16 08:33 - 2016-08-18 02:10 - 00000000 ____D C:\Program Files (x86)\Avira
2016-08-16 08:33 - 2016-08-17 19:23 - 00000000 ____D C:\Users\Admin\AppData\Roaming\hpqlog
2016-08-16 08:32 - 2016-08-16 08:33 - 04831216 _____ (Avira Operations GmbH & Co. KG) C:\Users\Admin\Downloads\avira_en_av_57b331deb4877__ws.exe
2016-08-16 07:38 - 2016-08-16 07:38 - 00002298 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-16 07:38 - 2016-08-16 07:38 - 00002286 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-08-16 07:37 - 2016-08-30 02:48 - 00000938 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-16 07:37 - 2016-08-30 02:11 - 00000934 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-16 07:37 - 2016-08-16 09:09 - 00000000 ____D C:\Users\Admin\AppData\Local\Google
2016-08-16 07:37 - 2016-08-16 07:43 - 00003910 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-08-16 07:37 - 2016-08-16 07:43 - 00003674 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-08-16 07:37 - 2016-08-16 07:38 - 00000000 ____D C:\Program Files (x86)\Google
2016-08-16 07:36 - 2016-08-16 07:37 - 00000000 ____D C:\Users\Admin\AppData\Local\Deployment
2016-08-16 07:36 - 2016-08-16 07:36 - 00000000 ____D C:\Users\Admin\AppData\Local\Apps\2.0
2016-08-16 07:34 - 2016-08-16 07:34 - 00000000 __SHD C:\Users\Admin\AppData\LocalLow\EmieUserList
2016-08-16 07:34 - 2016-08-16 07:34 - 00000000 __SHD C:\Users\Admin\AppData\LocalLow\EmieSiteList
2016-08-16 07:34 - 2016-08-16 07:34 - 00000000 __SHD C:\Users\Admin\AppData\Local\EmieUserList
2016-08-16 07:34 - 2016-08-16 07:34 - 00000000 __SHD C:\Users\Admin\AppData\Local\EmieSiteList
2016-08-16 07:21 - 2015-06-04 21:20 - 00003374 _____ C:\OA3.Trace.xml
2016-08-16 07:10 - 2016-08-16 07:10 - 00004036 _____ C:\WINDOWS\System32\Tasks\HPGenoobeReminder
2016-08-16 07:03 - 2016-08-16 23:58 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3393453916-3269102544-2493383506-1001
2016-08-16 07:02 - 2016-08-16 07:02 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Macromedia
2016-08-16 07:01 - 2016-08-17 19:26 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Hewlett-Packard
2016-08-16 06:59 - 2016-08-16 10:32 - 00000000 ____D C:\Users\Admin\Documents\Youcam
2016-08-16 06:59 - 2016-08-16 06:59 - 00000000 ____D C:\Users\Admin\AppData\Local\CyberLink
2016-08-16 06:58 - 2016-08-16 08:33 - 00000000 ____D C:\Users\Admin\AppData\Local\Hewlett-Packard
2016-08-16 06:57 - 2016-08-30 03:25 - 00000000 ____D C:\Users\Admin
2016-08-16 06:57 - 2016-08-17 19:38 - 00000000 ____D C:\Users\Admin\AppData\Local\Packages
2016-08-16 06:57 - 2016-08-16 07:07 - 00000000 __SHD C:\Users\Admin\IntelGraphicsProfiles
2016-08-16 06:57 - 2016-08-16 06:57 - 00001453 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-08-16 06:57 - 2016-08-16 06:57 - 00000184 _____ C:\WINDOWS\insFileSpec
2016-08-16 06:57 - 2016-08-16 06:57 - 00000118 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-08-16 06:57 - 2016-08-16 06:57 - 00000020 ___SH C:\Users\Admin\ntuser.ini
2016-08-16 06:57 - 2016-08-16 06:57 - 00000000 _SHDL C:\Users\Admin\My Documents
2016-08-16 06:57 - 2016-08-16 06:57 - 00000000 _SHDL C:\Users\Admin\Documents\My Videos
2016-08-16 06:57 - 2016-08-16 06:57 - 00000000 _SHDL C:\Users\Admin\Documents\My Pictures
2016-08-16 06:57 - 2016-08-16 06:57 - 00000000 _SHDL C:\Users\Admin\Documents\My Music
2016-08-16 06:57 - 2016-08-16 06:57 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Synaptics
2016-08-16 06:57 - 2016-08-16 06:57 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Intel
2016-08-16 06:57 - 2016-08-16 06:57 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Adobe
2016-08-16 06:57 - 2016-08-16 06:57 - 00000000 ____D C:\Users\Admin\AppData\Local\VirtualStore
2016-08-16 06:57 - 2014-03-18 02:54 - 00000369 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2016-08-16 06:57 - 2014-03-18 02:54 - 00000369 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2016-08-16 06:40 - 2016-08-16 06:40 - 00000000 ___RD C:\Users\Public\AccountPictures
2016-08-16 06:22 - 2016-08-16 06:22 - 00002324 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3393453916-3269102544-2493383506-500
2016-08-05 12:14 - 2016-08-05 12:14 - 04747704 _____ (AO Kaspersky Lab) C:\Users\ME\Desktop\TDSSKiller.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-30 02:39 - 2014-11-12 01:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-08-30 02:39 - 2013-08-22 08:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-08-30 02:11 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-08-30 02:10 - 2013-08-22 07:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-08-29 18:18 - 2014-03-18 02:53 - 00958292 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-08-29 18:18 - 2013-08-22 06:36 - 00000000 ____D C:\WINDOWS\Inf
2016-08-18 02:54 - 2013-08-22 08:20 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-08-18 02:10 - 2014-11-12 01:13 - 00000000 ____D C:\ProgramData\Package Cache
2016-08-17 20:20 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-08-17 20:20 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-08-17 19:32 - 2015-06-04 20:03 - 00000000 ____D C:\Program Files (x86)\Intel
2016-08-17 19:32 - 2015-06-04 20:01 - 00000000 ____D C:\Program Files\Intel
2016-08-17 19:31 - 2014-11-12 01:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2016-08-17 19:31 - 2014-11-12 01:14 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2016-08-17 19:31 - 2014-11-12 01:05 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2016-08-17 19:26 - 2015-06-04 20:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2016-08-17 19:26 - 2015-06-04 20:04 - 00000000 ____D C:\ProgramData\Intel® Update Manager
2016-08-17 19:24 - 2015-06-04 20:14 - 00000000 ____D C:\WINDOWS\Hewlett-Packard
2016-08-17 19:23 - 2014-11-12 01:05 - 00000000 ____D C:\Program Files\Hewlett-Packard
2016-08-17 19:22 - 2015-06-04 20:28 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-08-17 19:22 - 2015-06-04 20:03 - 00000000 ____D C:\ProgramData\Intel
2016-08-17 19:22 - 2014-11-12 01:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2016-08-17 19:22 - 2014-04-02 16:51 - 00000000 ____D C:\WINDOWS\Panther
2016-08-17 00:57 - 2013-08-22 06:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-08-16 22:29 - 2013-08-22 08:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-08-16 18:45 - 2014-11-12 01:13 - 00000000 ___RD C:\Program Files (x86)\Online Services
2016-08-16 18:44 - 2015-06-04 20:28 - 00000000 ____D C:\Program Files (x86)\WildTangent Games
2016-08-16 18:07 - 2014-04-04 16:55 - 00000000 ____D C:\SWSetup
2016-08-16 11:01 - 2015-06-04 20:19 - 00000000 ___RD C:\Program Files\Online Services
2016-08-16 10:59 - 2013-08-22 08:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-08-16 10:02 - 2015-06-04 20:05 - 00003718 _____ C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2016-08-16 08:48 - 2014-11-12 01:07 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2016-08-16 08:45 - 2015-06-04 20:28 - 00000000 ____D C:\ProgramData\WildTangent
2016-08-16 08:26 - 2015-06-04 20:37 - 00000000 ____D C:\ProgramData\McAfee
2016-08-16 08:20 - 2013-08-22 08:36 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-08-16 08:20 - 2013-08-22 06:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2016-08-16 08:01 - 2015-06-04 20:06 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
2016-08-16 07:59 - 2014-11-12 01:08 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-08-16 07:55 - 2015-06-04 20:35 - 00000000 ____D C:\Users\Public\CyberLink
2016-08-16 07:55 - 2015-06-04 20:26 - 00000000 ____D C:\ProgramData\CyberLink
2016-08-16 07:47 - 2015-06-04 20:27 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2016-08-16 07:21 - 2013-08-22 08:36 - 00262144 _____ C:\WINDOWS\system32\config\BCD-Template
2016-08-16 06:57 - 2014-04-04 16:45 - 00000000 ___HD C:\SYSTEM.SAV
2016-08-16 06:48 - 2013-08-22 06:36 - 00000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2016-08-16 06:28 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\rescache
 
Some files in TEMP:
====================
C:\Users\Guest\AppData\Local\Temp\avgnt.exe
C:\Users\ME\AppData\Local\Temp\avgnt.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-04-02 15:59
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-08-2016
Ran by Admin (30-08-2016 03:35:06)
Running from C:\Users\Guest\Downloads
Windows 8.1 (Update) (X64) (2016-08-16 13:57:11)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Admin (S-1-5-21-3393453916-3269102544-2493383506-1001 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-3393453916-3269102544-2493383506-500 - Administrator - Disabled)
Guest (S-1-5-21-3393453916-3269102544-2493383506-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-3393453916-3269102544-2493383506-1003 - Limited - Enabled)
ME (S-1-5-21-3393453916-3269102544-2493383506-1004 - Limited - Enabled) => C:\Users\ME
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 16.02 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1602-000001000000}) (Version: 16.02.00.0 - Igor Pavlov)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\{80C20E2F-B4EF-44E8-BF4A-6A625A9AF168}) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 22 PPAPI (HKLM-x32\...\{39BF25A5-AFEC-49C2-9991-24D9B38F3EDF}) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Avira Software Updater (HKLM-x32\...\{FD37E2C5-1B70-4392-ABCF-73A869B6B5C8}) (Version: 1.2.2.37050 - Avira Operations GmbH & Co. KG)
CCleaner (HKLM\...\CCleaner) (Version: 5.21 - Piriform)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Foxit PhantomPDF (HKLM-x32\...\{89BF1D4D-1D62-451E-9496-B971BDE82720}) (Version: 6.0.33.715 - Foxit Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.11 - Hewlett-Packard)
HP System Event Utility (HKLM-x32\...\{C39A7F0F-89A6-44BB-B1BF-5F96569B5345}) (Version: 1.2.9 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Inst5675 (Version: 8.01.11 - Softex Inc.) Hidden
Inst5676 (Version: 8.01.11 - Softex Inc.) Hidden
Intel WiDi Media Share (HKLM-x32\...\{275CD120-A23B-47C7-944A-9B6D9CDA583F}) (Version: 1.2.0.0 - Intel Corporation)
Intel® Chipset Device Software (x32 Version: 10.0.21 - Intel® Corporation) Hidden
Intel® PRO/Wireless Driver (HKLM\...\{ac7ad2d7-04b3-460c-b370-07e3d3e3aa4e}) (Version: 17.01.0000.1697 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3960 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.2.0.1016 - Intel Corporation)
Intel® Update Manager (HKLM-x32\...\{43FA4AC8-46F8-423F-96FD-9A7D67048F1C}) (Version: 2.5.1634 - Intel Corporation)
Intel® WiDi (HKLM\...\{5BBC7722-E4D9-4406-A8B9-1E11A23B9EAF}) (Version: 5.0.32.0 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{06A5031E-3B1E-4FB9-AC4C-BA0FE2706152}) (Version: 17.1.1433.02 - Intel Corporation)
KeePass Password Safe 2.34 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.34 - Dominik Reichl)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.7167.2040 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3393453916-3269102544-2493383506-1001\...\OneDriveSetup.exe) (Version: 17.3.6281.1202 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7167.2040 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7167.2040 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7167.2040 - Microsoft Corporation) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.273.55 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.32.508.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7358 - Realtek Semiconductor Corp.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.7.16 - Synaptics Incorporated)
VeraCrypt (HKLM-x32\...\VeraCrypt) (Version: 1.17 - IDRIX)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {00BEEC49-855F-4FC8-82D2-C3B48551F650} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-08-05] (Piriform Ltd)
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {1BB62D9A-B9C3-4F4E-AB62-BAF9430EB259} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {2F18613A-C45F-440B-A7E7-A9E2B7F68992} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-06-09] ()
Task: {4252ABCB-9366-4553-92C9-2084B4807F12} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-08-11] (Microsoft Corporation)
Task: {51DC8AB9-AD4B-477F-A587-9A92D75268D3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPW10UpgradeReminder => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPW10UpgradeReminder.exe
Task: {5F3AA58E-09EE-4325-8AE3-CD6406E72591} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
Task: {60E0288E-70EF-490B-BED6-4F08178E804C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-16] (Google Inc.)
Task: {912A2F26-09BE-47A5-8668-8F9920338F69} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFReport.exe
Task: {A31522FA-C9A9-45BA-AB16-A4ACEFC3A0CE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {A3859088-CBD3-4015-88BE-86214CE44088} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-06-09] ()
Task: {B293483E-8256-4820-9BDD-69595C7DAB12} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3393453916-3269102544-2493383506-1001 => C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2016-08-16] (Microsoft Corporation)
Task: {D9B5C63E-6D2A-4F4F-ACAE-B53B891D0A5C} - System32\Tasks\HPGenoobeReminder => C:\Program Files (x86)\Hewlett-Packard\HP Registration Service\HP GenOOBE\HPGenOOBE.exe
Task: {DA618A14-D13D-4F4D-B7C1-B9B03B9D2B9C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-08-11] (Microsoft Corporation)
Task: {E8C8FC70-4613-425D-92DF-F711D21286E7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-16] (Google Inc.)
Task: {EC4AB690-E83E-4F58-A71F-FC48D9696939} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-08-30] (Microsoft Corporation)
Task: {F3517D1E-3F46-4853-9BEC-19A21EAEEA2C} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_209_pepper.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-03-28 14:31 - 2014-03-28 14:31 - 02110464 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2014-03-28 14:27 - 2014-03-28 14:27 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2014-03-28 14:27 - 2014-03-28 14:27 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2014-03-28 14:27 - 2014-03-28 14:27 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2014-03-28 14:48 - 2014-03-28 14:48 - 00367504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2014-03-28 14:48 - 2014-03-28 14:48 - 00712080 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2016-08-16 11:03 - 2016-08-30 02:33 - 08921800 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2014-03-28 14:36 - 2014-03-28 14:36 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2016-08-16 07:38 - 2016-08-02 16:41 - 02366280 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libglesv2.dll
2016-08-16 07:38 - 2016-08-02 16:40 - 00107848 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libegl.dll
2014-10-07 09:56 - 2014-10-07 09:56 - 17284400 _____ () C:\WINDOWS\SYSTEM32\igd11dxva64.dll
2016-08-16 07:38 - 2016-08-02 16:04 - 31541952 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\PepperFlash\pepflashplayer.dll
2016-08-16 11:00 - 2016-08-30 02:31 - 03598536 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\gfx.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\10069460.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\10069460.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSVC => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VSS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\w32time => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WUAUSERV => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 06:25 - 2016-08-17 00:04 - 00000832 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3393453916-3269102544-2493383506-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-3393453916-3269102544-2493383506-501\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Hewlett-Packard Backgrounds\backgroundDefault.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{0A9CF304-697F-4827-A051-83F2832D18B8}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{1D35EAD1-70C6-42F3-BA10-C68D527E27CC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2555E178-B875-4591-8015-1D99F7A0B705}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4354A415-4455-4DA2-BAD5-67390F287589}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B1683096-7BC9-4F9B-8FD6-36331B40B0C8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B748CAB8-9355-4B88-AE07-B4C2C473594E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{4CDD83CE-3C9C-43C3-991F-48C44684D676}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{705C8496-7993-43DA-8B84-204FF1C0C3CF}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{CAEEE6A1-8CE1-4EFE-B3AA-A35F8939B7C3}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{0502DECD-0EDA-4486-A4F2-D883B050C745}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{B66F5716-6BF3-49B8-9DA1-35DAE2643E30}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{2145E771-DD65-425C-B307-D373C7AF9CFE}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{6BF86BE2-3B53-48AE-8436-FEBC7D2B310A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{71EF584E-4816-42FB-A409-ACC196BE8AA8}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
 
==================== Restore Points =========================
 
18-08-2016 10:16:35 Removed Intel WiDi Media Share
 
==================== Faulty Device Manager Devices =============
 
Name: Intel® Wireless Bluetooth®
Description: Intel® Wireless Bluetooth®
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Intel Corporation
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/30/2016 02:51:56 AM) (Source: MsiInstaller) (EventID: 10005) (User: NT AUTHORITY)
Description: Product: Avira Software Updater -- Please install Avira Launcher then run this installer again.
 
Error: (08/29/2016 06:18:49 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: spaghettiwagon)
Description: Activation of app windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/29/2016 06:17:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: spaghettiwagon)
Description: Activation of app windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/29/2016 06:17:57 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: spaghettiwagon)
Description: Activation of app windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/29/2016 06:17:53 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: spaghettiwagon)
Description: Activation of app windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/29/2016 06:17:50 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: spaghettiwagon)
Description: Activation of app windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/29/2016 06:17:49 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: spaghettiwagon)
Description: Activation of app windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/29/2016 06:17:45 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: spaghettiwagon)
Description: Activation of app windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/29/2016 06:16:13 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: spaghettiwagon)
Description: Activation of app windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/18/2016 10:07:15 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\ME\Downloads\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
 
 
System errors:
=============
Error: (08/29/2016 06:18:49 PM) (Source: DCOM) (EventID: 10010) (User: spaghettiwagon)
Description: The server microsoft.windows.immersivecontrolpanel did not register with DCOM within the required timeout.
 
Error: (08/29/2016 06:17:58 PM) (Source: DCOM) (EventID: 10010) (User: spaghettiwagon)
Description: The server microsoft.windows.immersivecontrolpanel did not register with DCOM within the required timeout.
 
Error: (08/29/2016 06:17:57 PM) (Source: DCOM) (EventID: 10010) (User: spaghettiwagon)
Description: The server microsoft.windows.immersivecontrolpanel did not register with DCOM within the required timeout.
 
Error: (08/29/2016 06:17:53 PM) (Source: DCOM) (EventID: 10010) (User: spaghettiwagon)
Description: The server microsoft.windows.immersivecontrolpanel did not register with DCOM within the required timeout.
 
Error: (08/29/2016 06:17:50 PM) (Source: DCOM) (EventID: 10010) (User: spaghettiwagon)
Description: The server microsoft.windows.immersivecontrolpanel did not register with DCOM within the required timeout.
 
Error: (08/29/2016 06:17:49 PM) (Source: DCOM) (EventID: 10010) (User: spaghettiwagon)
Description: The server microsoft.windows.immersivecontrolpanel did not register with DCOM within the required timeout.
 
Error: (08/29/2016 06:17:45 PM) (Source: DCOM) (EventID: 10010) (User: spaghettiwagon)
Description: The server microsoft.windows.immersivecontrolpanel did not register with DCOM within the required timeout.
 
Error: (08/29/2016 06:16:13 PM) (Source: DCOM) (EventID: 10010) (User: spaghettiwagon)
Description: The server microsoft.windows.immersivecontrolpanel did not register with DCOM within the required timeout.
 
Error: (08/29/2016 05:52:04 PM) (Source: DCOM) (EventID: 10010) (User: spaghettiwagon)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
 
Error: (08/29/2016 05:52:04 PM) (Source: DCOM) (EventID: 10010) (User: spaghettiwagon)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-5200U CPU @ 2.20GHz
Percentage of memory in use: 17%
Total physical RAM: 12210.27 MB
Available physical RAM: 10111.4 MB
Total Virtual: 25010.27 MB
Available Virtual: 22933.68 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:903.68 GB) (Free:818.6 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:25.92 GB) (Free:2.85 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: CA7CF442)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

Edited by Modzilla44, 30 August 2016 - 05:48 AM.


BC AdBot (Login to Remove)

 


#2 Modzilla44

Modzilla44
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:16 AM

Posted 30 August 2016 - 10:39 AM

also heres a MTB log

 

MiniToolBox by Farbar  Version: 17-06-2016
Ran by Admin (administrator) on 30-08-2016 at 08:36:51
Running from "F:\"
Microsoft Windows 8.1  (X64)
Model: HP Pavilion 17 Notebook PC Manufacturer: Hewlett-Packard
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ==============================  
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ==============================  
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
========================= IP Configuration: ================================
 
Realtek PCIe FE Family Controller = Ethernet (Media disconnected)
Intel® Dual Band Wireless-AC 3160 = Wi-Fi (Media disconnected)
TAP-Windows Adapter V9 = Local Area Connection (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Bluetooth Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="other_1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 13" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : spaghettiwagon
   Primary Dns Suffix  . . . . . . . :  
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :  
   Description . . . . . . . . . . . : TAP-Windows Adapter V9
   Physical Address. . . . . . . . . : 00-FF-78-0B-A6-73
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wi-Fi:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :  
   Description . . . . . . . . . . . : Intel® Dual Band Wireless-AC 3160
   Physical Address. . . . . . . . . : 34-E6-AD-B9-E2-45
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Ethernet:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :  
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physical Address. . . . . . . . . : 3C-A8-2A-A8-C4-4B
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  127.0.0.1
 
Ping request could not find host google.com. Please check the name and try again.
Server:  UnKnown
Address:  127.0.0.1
 
Ping request could not find host yahoo.com. Please check the name and try again.
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 10...00 ff 78 0b a6 73 ......TAP-Windows Adapter V9
  6...34 e6 ad b9 e2 45 ......Intel® Dual Band Wireless-AC 3160
  3...3c a8 2a a8 c4 4b ......Realtek PCIe FE Family Controller
  1...........................Software Loopback Interface 1
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
  1    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [53760] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [68096] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [68096] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [64000] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [21504] (Microsoft Corporation)
Catalog5 07 C:\WINDOWS\SysWOW64\wshbth.dll [51200] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [67584] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [84480] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [30208] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [63488] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (08/30/2016 02:51:56 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Avira Software Updater -- Please install Avira Launcher then run this installer again.
 
Error: (08/29/2016 06:18:49 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: spaghettiwagon)
Description: Activation of app windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/29/2016 06:17:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: spaghettiwagon)
Description: Activation of app windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/29/2016 06:17:57 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: spaghettiwagon)
Description: Activation of app windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/29/2016 06:17:53 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: spaghettiwagon)
Description: Activation of app windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/29/2016 06:17:50 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: spaghettiwagon)
Description: Activation of app windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/29/2016 06:17:49 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: spaghettiwagon)
Description: Activation of app windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/29/2016 06:17:45 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: spaghettiwagon)
Description: Activation of app windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/29/2016 06:16:13 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: spaghettiwagon)
Description: Activation of app windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/18/2016 10:07:15 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
 
 
System errors:
=============
Error: (08/30/2016 08:34:03 AM) (Source: Service Control Manager) (User: )
Description: The WLAN AutoConfig service depends on the Windows Connection Manager service which failed to start because of the following error:  
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
 
Error: (08/30/2016 07:07:53 AM) (Source: Service Control Manager) (User: )
Description: The Intel® Rapid Storage Technology service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (08/30/2016 07:04:28 AM) (Source: Service Control Manager) (User: )
Description: The Microsoft Office Click-to-Run Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (08/30/2016 06:55:20 AM) (Source: Service Control Manager) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
Error: (08/29/2016 06:18:49 PM) (Source: DCOM) (User: spaghettiwagon)
Description: microsoft.windows.immersivecontrolpanel
 
Error: (08/29/2016 06:17:58 PM) (Source: DCOM) (User: spaghettiwagon)
Description: microsoft.windows.immersivecontrolpanel
 
Error: (08/29/2016 06:17:57 PM) (Source: DCOM) (User: spaghettiwagon)
Description: microsoft.windows.immersivecontrolpanel
 
Error: (08/29/2016 06:17:53 PM) (Source: DCOM) (User: spaghettiwagon)
Description: microsoft.windows.immersivecontrolpanel
 
Error: (08/29/2016 06:17:50 PM) (Source: DCOM) (User: spaghettiwagon)
Description: microsoft.windows.immersivecontrolpanel
 
Error: (08/29/2016 06:17:49 PM) (Source: DCOM) (User: spaghettiwagon)
Description: microsoft.windows.immersivecontrolpanel
 
 
Microsoft Office Sessions:
=========================
Error: (08/30/2016 02:51:56 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Avira Software Updater -- Please install Avira Launcher then run this installer again.(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (08/29/2016 06:18:49 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: spaghettiwagon)
Description: windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel-2144927141
 
Error: (08/29/2016 06:17:58 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: spaghettiwagon)
Description: windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel-2144927141
 
Error: (08/29/2016 06:17:57 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: spaghettiwagon)
Description: windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel-2144927141
 
Error: (08/29/2016 06:17:53 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: spaghettiwagon)
Description: windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel-2144927141
 
Error: (08/29/2016 06:17:50 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: spaghettiwagon)
Description: windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel-2144927141
 
Error: (08/29/2016 06:17:49 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: spaghettiwagon)
Description: windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel-2144927141
 
Error: (08/29/2016 06:17:45 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: spaghettiwagon)
Description: windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel-2144927141
 
Error: (08/29/2016 06:16:13 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: spaghettiwagon)
Description: windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel-2144927141
 
Error: (08/18/2016 10:07:15 AM) (Source: SideBySide)(User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\ME\Downloads\esetsmartinstaller_enu.exe
 
 
=========================== Installed Programs ============================
 
7-Zip 16.02 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1602-000001000000}) (Version: 16.02.00.0 - Igor Pavlov)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\{80C20E2F-B4EF-44E8-BF4A-6A625A9AF168}) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 22 PPAPI (HKLM-x32\...\{39BF25A5-AFEC-49C2-9991-24D9B38F3EDF}) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Avira Software Updater (HKLM-x32\...\{FD37E2C5-1B70-4392-ABCF-73A869B6B5C8}) (Version: 1.2.2.37050 - Avira Operations GmbH & Co. KG)
CCleaner (HKLM\...\CCleaner) (Version: 5.21 - Piriform)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Foxit PhantomPDF (HKLM-x32\...\{89BF1D4D-1D62-451E-9496-B971BDE82720}) (Version: 6.0.33.715 - Foxit Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.11 - Hewlett-Packard)
HP System Event Utility (HKLM-x32\...\{C39A7F0F-89A6-44BB-B1BF-5F96569B5345}) (Version: 1.2.9 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Inst5675 (HKLM\...\{2DE6247C-7077-451B-8BA7-FFD1A2ABBB47}) (Version: 8.01.11 - Softex Inc.) Hidden
Inst5676 (HKLM\...\{878F6913-7421-4713-97F7-0A736EE2A188}) (Version: 8.01.11 - Softex Inc.) Hidden
Intel WiDi Media Share (HKLM-x32\...\{275CD120-A23B-47C7-944A-9B6D9CDA583F}) (Version: 1.2.0.0 - Intel Corporation)
Intel® Chipset Device Software (HKLM-x32\...\{e0008118-71df-4125-bda8-1e59dd9dca41}) (Version: 10.0.21 - Intel® Corporation) Hidden
Intel® PRO/Wireless Driver (HKLM\...\{ac7ad2d7-04b3-460c-b370-07e3d3e3aa4e}) (Version: 17.01.0000.1697 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3960 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.2.0.1016 - Intel Corporation)
Intel® Update Manager (HKLM-x32\...\{43FA4AC8-46F8-423F-96FD-9A7D67048F1C}) (Version: 2.5.1634 - Intel Corporation)
Intel® WiDi (HKLM\...\{5BBC7722-E4D9-4406-A8B9-1E11A23B9EAF}) (Version: 5.0.32.0 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{06A5031E-3B1E-4FB9-AC4C-BA0FE2706152}) (Version: 17.1.1433.02 - Intel Corporation)
KeePass Password Safe 2.34 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.34 - Dominik Reichl)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.7167.2040 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.6281.1202 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.7167.2040 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.7167.2040 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.7167.2040 - Microsoft Corporation) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.273.55 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.32.508.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7358 - Realtek Semiconductor Corp.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.7.16 - Synaptics Incorporated)
VeraCrypt (HKLM-x32\...\VeraCrypt) (Version: 1.17 - IDRIX)
 
========================= Devices: ================================
 
Name: Intel® Wireless Bluetooth®
Description: Intel® Wireless Bluetooth®
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Intel Corporation
Service: BTHUSB
Device ID: USB\VID_8087&PID_07DC\5&22865304&0&7
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 17%
Total physical RAM: 12210.27 MB
Available physical RAM: 10070.19 MB
Total Virtual: 25010.27 MB
Available Virtual: 22616.43 MB
 
========================= Partitions: =====================================
 
1 Drive c: (Windows) (Fixed) (Total:903.68 GB) (Free:818.46 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:25.92 GB) (Free:2.85 GB) NTFS
4 Drive f: () (Removable) (Total:14.54 GB) (Free:14.54 GB) FAT32
 
========================= Users: ========================================
 
User accounts for \\
 
Admin                    Administrator            Guest                     
ME                        
 
========================= Minidump Files ==================================
 
No minidump file found
 
========================= Restore Points ==================================
 
18-08-2016 17:16:35 Removed Intel WiDi Media Share
 
**** End of log ****



#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:16 AM

Posted 04 September 2016 - 05:45 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/625230 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:16 AM

Posted 09 September 2016 - 05:50 AM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users