Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

SFC Corrupt Ownership Permission Issues [Closed]

Started by tink0303 , Mar 21 2015 02:24 PM
permissions corrupt slow running computer

  • This topic is locked This topic is locked

#1
tink0303
Posted 21 March 2015 - 02:24 PM

tink0303

    Member

  • Member
  • PipPip
  • 20 posts

I am using Windows7 64-Bit. About a year ago, I took it to a small shop for repair and the man who was fixing it didn't know what he was doing (turns out he had brain cancer, which is very sad). Since I got it back, I've had one problem after another. The biggest problem I'm having is that no matter how many times I take ownership of a file or folder, and change the permissions on it, the computer changes the permissions. I always have myself as owner with full permissions, administrator and system also get full permission, and users get read and execute permissions. Within an hour or so, the permissions will be totally changed. Sometimes it changes the owner to administrator, Kelly (owner) gets special permissions, and system gets changed to read and execute. It changes though. Sometimes I find CREATOR OWNER or Trusted Installer have the ownership status. I have also struggled back and forth with iexplore.exe running with a very high CPU and Memory. A few days ago, the computer slowed way down and then crashed. I ran sfc \scannow and the CBS log showed a lot of corrupt files. The message I got was: Resource Protection found corrupt files but was unable to fix some of them. My computer takes over just about everything, no matter how many times I change permissions. I have downloaded and run just about every antivirus and malware program you can think of, but my computer particularly hates those programs and tends to change the permissions on those immediately. My D drive is full and I can't do anything with it. I also noticed a few days ago that when I try and download something, nothing would happen. Pictures, Music, and Videos are never safe. A few weeks ago, I clicked on Network, KELLY-PC, and couldn't believe how many shared folders I had! 245 and counting! What I found was that a lot of times, when I change permissions on a folder or file and take ownership, the computer makes another folder and assigns it a number (ex: Windows 2, Windows 3, Kodak, Microsoft, EN-US 3, 4, 5,etc...). I am at a loss! I imagine a lot of the problems stem from registry changes, but that is something I don't know much about, so I didn't want to chance messing things up even more. Here are the FRST logs. Take your time. I have to go out and won't be able to check my computer until late tonight. Thanks in advance for helping!

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Kelly (administrator) on KELLY-PC on 21-03-2015 15:55:57
Running from C:\Users\Kelly\Desktop
Loaded Profiles: Kelly (Available profiles: Kelly)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> csrss.exe
Failed to access process -> csrss.exe
(Microsoft Corporation) C:\Windows\System32\Locator.exe
(Acer) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
(Eastman Kodak Company) C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
Failed to access process -> WUDFHost.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [EKIJ5000StatusMonitor] => C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [3182080 2012-10-08] (Eastman Kodak Company)
HKLM-x32\...\Run: [EKIJ5000StatusMonitor] => C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1519497777-177528772-3543348537-1001\Control Panel\Desktop\\SCRNSAVE.EXE ->
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop(17624).ini ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1519497777-177528772-3543348537-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...vast&type=iedef
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo...&p={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1519497777-177528772-3543348537-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/
HKU\S-1-5-21-1519497777-177528772-3543348537-1001\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo...&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...&p={searchTerms}
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...ng}&rlz=1I7ACGW
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1519497777-177528772-3543348537-1001 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1519497777-177528772-3543348537-1001 -> {CB58EFCC-020E-4273-9EB9-4C8696A4541E} URL = https://search.yahoo...rtPage?}&fr=ie8
BHO: Partner BHO Class -> {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} -> C:\ProgramData\Partner\Partner64.dll [2009-08-28] (Google Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll No File
BHO-x32: Partner BHO Class -> {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} -> C:\ProgramData\Partner\Partner.dll [2009-08-28] (Google Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKU\S-1-5-21-1519497777-177528772-3543348537-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} https://lowes.2020.n...X_WEB_Win32.cab
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicr...osoft/wrc32.ocx
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\syswow64\urlmon.dll [2014-11-21] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe [713568 2014-12-18] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\gzflt.sys [150256 2014-07-10] (BitDefender LLC)
U2 p2psvc; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
U2 p2psvc; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-07-10] (BitDefender S.R.L.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-21 15:55 - 2015-03-21 15:55 - 00000000 ____D () C:\Users\Kelly\Desktop\FRST-OlderVersion
2015-03-21 15:31 - 2015-03-21 15:31 - 00009216 _____ () C:\Users\Kelly\Documents\geeks to go malware registration.wps
2015-03-20 18:04 - 2015-03-20 18:04 - 00940441 _____ () C:\Users\Kelly\Documents\CBS.log
2015-03-18 18:51 - 2015-03-18 16:11 - 00005911 _____ () C:\Windows\brndlog.bak
2015-03-18 15:18 - 2015-03-18 15:18 - 00079608 _____ () C:\Users\Kelly\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-18 12:14 - 2015-03-21 15:31 - 00000334 _____ () C:\Users\Kelly\AppData\Roaming\wklnhst.dat
2015-03-18 12:14 - 2015-03-18 12:14 - 00000000 ____D () C:\Users\Kelly\AppData\Roaming\Template
2015-03-18 10:40 - 2015-03-20 18:29 - 00000000 ____D () C:\Users\Kelly\Downloads\folder_fix_w7
2015-03-18 10:39 - 2015-03-18 10:39 - 00001547 _____ () C:\Users\Kelly\Downloads\folder_fix_w7.zip
2015-03-18 10:35 - 2015-03-20 18:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Convert VOB to AVI
2015-03-18 10:35 - 2015-03-20 18:25 - 00000000 ____D () C:\Program Files (x86)\Convert VOB to AVI
2015-03-18 10:35 - 2015-03-18 10:35 - 00001086 _____ () C:\Users\Public\Desktop\Convert VOB to AVI.lnk
2015-03-18 10:35 - 2015-03-18 10:35 - 00001086 _____ () C:\ProgramData\Desktop\Convert VOB to AVI.lnk
2015-03-18 10:34 - 2015-03-18 10:34 - 04890470 _____ (www.convertvobtoavi.com ) C:\Users\Kelly\Downloads\convertvobtoavi_setup.exe
2015-03-17 18:13 - 2015-03-17 18:13 - 00001227 _____ () C:\Users\Kelly\Desktop\KodakESP5200+3388 (KELLY-PC) - Shortcut.lnk
2015-03-17 09:22 - 2015-03-20 18:29 - 00000000 ____D () C:\Users\Kelly\AppData\Roaming\Convert Audio Free
2015-03-16 17:46 - 2015-03-20 16:42 - 00000000 ____D () C:\Program Files (x86)\AnvSoft
2015-03-16 17:46 - 2015-03-16 17:46 - 00001257 _____ () C:\Users\Kelly\Desktop\Any Video Converter.lnk
2015-03-16 16:34 - 2015-03-21 11:35 - 00000448 _____ () C:\Windows\setupact.log
2015-03-16 16:34 - 2015-03-16 16:34 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-16 16:31 - 2015-03-16 16:31 - 34592048 _____ (Any-Video-Converter.com ) C:\Program Files (x86)\avc-free.exe
2015-03-15 16:24 - 2015-03-18 10:25 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2015-03-15 16:20 - 2015-03-20 18:31 - 00000000 ____D () C:\Windows\System32\Tasks\TweakBit
2015-03-15 16:20 - 2015-03-15 18:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TweakBit
2015-03-15 16:20 - 2015-03-15 18:58 - 00000000 ____D () C:\Program Files (x86)\TweakBit
2015-03-15 13:01 - 2015-03-15 13:01 - 00000000 _____ () C:\Windows\system32\netsh
2015-03-13 21:19 - 2015-03-13 21:19 - 00000000 ____D () C:\Users\Kelly\AppData\Local\VirtualStore
2015-03-11 17:36 - 2015-03-11 18:08 - 00139264 _____ () C:\Users\Kelly\Documents\graph boxes.wps
2015-03-10 13:59 - 2015-03-10 13:59 - 00009216 _____ () C:\Users\Kelly\Documents\Ruzzle info.wps
2015-03-05 17:38 - 2015-03-09 22:34 - 00000000 ____D () C:\Program Files (x86)\TakeOwnershipPro
2015-03-05 10:44 - 2015-03-05 10:44 - 00000000 ____D () C:\Users\Kelly\AppData\Local\gegl-0.2
2015-03-02 21:48 - 2015-03-02 21:48 - 01160384 _____ () C:\Users\Kelly\Documents\ownership_120.zip
2015-03-02 18:41 - 2015-03-02 18:41 - 00000000 ____D () C:\Users\Kelly\Documents\ownership_120
2015-03-02 10:12 - 2015-03-02 10:12 - 03387904 _____ () C:\Users\Kelly\Documents\Untitled Document.wps
2015-03-01 23:44 - 2015-03-02 00:33 - 03388416 _____ () C:\Users\Kelly\Documents\opera.wps
2015-03-01 19:49 - 2015-03-01 23:49 - 11303936 _____ () C:\Users\Kelly\Documents\french brocheure.wps
2015-02-28 22:21 - 2015-02-28 22:21 - 01188194 _____ () C:\Users\Kelly\Downloads\ProcessExplorer.zip
2015-02-27 16:40 - 2015-02-27 16:40 - 00602675 _____ () C:\Users\Kelly\Documents\ford 500 receipts.zip

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-21 15:56 - 2015-01-23 09:11 - 00008444 _____ () C:\Users\Kelly\Desktop\FRST.txt
2015-03-21 15:55 - 2015-01-27 23:43 - 02095616 _____ (Farbar) C:\Users\Kelly\Desktop\FRST64.exe
2015-03-21 15:55 - 2015-01-23 09:11 - 00000000 ____D () C:\FRST
2015-03-21 15:30 - 2014-06-19 13:15 - 00009216 _____ () C:\Users\Kelly\Documents\facebook happy birthday.wps
2015-03-21 15:10 - 2014-05-26 01:08 - 01431937 _____ () C:\Windows\WindowsUpdate.log
2015-03-21 15:09 - 2014-05-26 09:41 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-21 11:41 - 2014-12-20 19:54 - 00006192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-21 11:41 - 2014-12-20 19:54 - 00006192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-21 11:35 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-21 11:33 - 2009-07-14 00:45 - 00024576 _____ () C:\Windows\system32\umstartup.etl
2015-03-20 22:59 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-03-20 20:16 - 2014-06-11 17:44 - 00000000 ____D () C:\Users\Kelly\AppData\Local\Adobe
2015-03-20 20:14 - 2014-05-26 09:41 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-20 20:14 - 2014-05-26 09:41 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-20 20:14 - 2014-05-26 09:41 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-03-20 18:39 - 2009-08-28 07:04 - 00000000 ____D () C:\ProgramData\Partner
2015-03-20 18:39 - 2009-08-28 06:48 - 00000000 ____D () C:\Program Files (x86)\Microsoft Works
2015-03-20 18:39 - 2009-08-28 06:41 - 00000000 ____D () C:\Windows\OOBEOffer
2015-03-20 18:39 - 2009-08-28 06:40 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2015-03-20 18:39 - 2009-08-28 06:39 - 00000000 ____D () C:\Program Files (x86)\Launch Manager
2015-03-20 18:39 - 2009-07-14 01:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-03-20 18:39 - 2009-07-14 01:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2015-03-20 18:39 - 2009-07-14 01:32 - 00000000 ____D () C:\Program Files\DVD Maker
2015-03-20 18:39 - 2009-07-14 01:32 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar
2015-03-20 18:39 - 2009-07-13 23:20 - 00000000 __RSD () C:\Windows\Media
2015-03-20 18:39 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Public\Libraries
2015-03-20 18:39 - 2009-07-13 23:20 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-03-20 18:39 - 2009-07-13 23:20 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-20 18:39 - 2009-07-13 23:20 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-03-20 18:39 - 2009-07-13 23:20 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-20 18:39 - 2009-07-13 23:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-20 18:39 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\uk-UA
2015-03-20 18:39 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR
2015-03-20 18:39 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\th-TH
2015-03-20 18:39 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\sr-Latn-CS
2015-03-20 18:39 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\sppui
2015-03-20 18:39 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\sl-SI
2015-03-20 18:39 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\sk-SK
2015-03-20 18:39 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Setup
2015-03-20 18:39 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\ro-RO
2015-03-20 18:39 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\ras
2015-03-20 18:39 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\migwiz
2015-03-20 18:39 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\lv-LV
2015-03-20 18:39 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\lt-LT
2015-03-20 18:39 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\InstallShield
2015-03-20 18:39 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\icsxml
2015-03-20 18:39 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\hr-HR
2015-03-20 18:39 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\he-IL
2015-03-20 18:39 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\et-EE
2015-03-20 18:39 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\com
2015-03-20 18:39 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\bg-BG
2015-03-20 18:39 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\ar-SA
2015-03-20 18:39 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\uk-UA
2015-03-20 18:39 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\tr-TR
2015-03-20 18:39 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\th-TH
2015-03-20 18:39 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS
2015-03-20 18:39 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\sppui
2015-03-20 18:39 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\sl-SI
2015-03-20 18:39 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\sk-SK
2015-03-20 18:39 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Setup
2015-03-20 18:39 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\ro-RO
2015-03-20 18:39 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\ras
2015-03-20 18:39 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\oobe
2015-03-20 18:39 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Msdtc
2015-03-20 18:39 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\migwiz
2015-03-20 18:39 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\lv-LV
2015-03-20 18:39 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\lt-LT
2015-03-20 18:39 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\icsxml
2015-03-20 18:39 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\hr-HR
2015-03-20 18:39 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\he-IL
2015-03-20 18:39 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\et-EE
2015-03-20 18:39 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\com
2015-03-20 18:39 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\bg-BG
2015-03-20 18:39 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\ar-SA
2015-03-20 18:39 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-03-20 18:39 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\servicing
2015-03-20 18:39 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\L2Schemas
2015-03-20 18:39 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Cursors
2015-03-20 18:39 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\System
2015-03-20 18:38 - 2014-12-12 17:39 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-20 18:38 - 2014-06-09 03:33 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-20 18:38 - 2009-08-28 06:52 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office Suite Activation Assistant
2015-03-20 18:38 - 2009-08-28 06:49 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-03-20 18:38 - 2009-08-28 06:41 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gateway
2015-03-20 18:38 - 2009-08-28 06:41 - 00000000 ____D () C:\ProgramData\WildTangent
2015-03-20 18:38 - 2009-07-14 03:45 - 00000000 ____D () C:\Program Files\Windows Journal
2015-03-20 18:38 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\system32\WinBioPlugIns
2015-03-20 18:38 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\Offline Web Pages
2015-03-20 18:38 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\addins
2015-03-20 18:38 - 2009-07-14 01:32 - 00000000 ____D () C:\Program Files\Windows Portable Devices
2015-03-20 18:38 - 2009-07-14 01:32 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2015-03-20 18:38 - 2009-07-14 01:32 - 00000000 ____D () C:\Program Files\Windows Defender
2015-03-20 18:38 - 2009-07-14 01:32 - 00000000 ____D () C:\Program Files (x86)\Windows Portable Devices
2015-03-20 18:38 - 2009-07-14 01:32 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2015-03-20 18:38 - 2009-07-14 01:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-03-20 18:38 - 2009-07-13 23:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-03-20 18:38 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\TAPI
2015-03-20 18:38 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\zh-HK
2015-03-20 18:38 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Recovery
2015-03-20 18:38 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\oobe
2015-03-20 18:38 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\manifeststore
2015-03-20 18:38 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-20 18:38 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\AdvancedInstallers
2015-03-20 18:38 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\zh-HK
2015-03-20 18:38 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\sysprep
2015-03-20 18:38 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\manifeststore
2015-03-20 18:38 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\ias
2015-03-20 18:38 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-20 18:38 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2015-03-20 18:38 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-03-20 18:38 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\IME
2015-03-20 18:38 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\Services
2015-03-20 18:31 - 2014-12-14 20:54 - 00000000 ____D () C:\Windows\SysWOW64\1033
2015-03-20 18:31 - 2014-06-09 16:02 - 00000000 ____D () C:\Windows\system32\kodak
2015-03-20 18:31 - 2014-06-06 19:36 - 00000000 ____D () C:\Windows\SysWOW64\kodak
2015-03-20 18:31 - 2014-05-30 12:13 - 00000000 ____D () C:\Windows\system32\SPReview
2015-03-20 18:31 - 2014-05-29 07:16 - 00000000 ____D () C:\Windows\system32\EventProviders
2015-03-20 18:31 - 2014-05-26 09:41 - 00000000 ____D () C:\Windows\system32\Macromed
2015-03-20 18:31 - 2014-05-26 01:07 - 00000000 ____D () C:\Windows\SysWOW64\x64
2015-03-20 18:31 - 2014-05-26 01:07 - 00000000 ____D () C:\Windows\SysWOW64\Lang
2015-03-20 18:31 - 2009-08-28 07:03 - 00000000 ____D () C:\Windows\System32\Tasks\Recovery Management
2015-03-20 18:31 - 2009-08-28 06:59 - 00000000 ____D () C:\Windows\SysWOW64\Drivers\nti
2015-03-20 18:31 - 2009-07-14 01:37 - 00000000 ____D () C:\Windows\SysWOW64\winrm
2015-03-20 18:31 - 2009-07-14 01:37 - 00000000 ____D () C:\Windows\SysWOW64\WCN
2015-03-20 18:31 - 2009-07-14 01:37 - 00000000 ____D () C:\Windows\SysWOW64\slmgr
2015-03-20 18:31 - 2009-07-14 01:37 - 00000000 ____D () C:\Windows\SysWOW64\Printing_Admin_Scripts
2015-03-20 18:31 - 2009-07-14 01:37 - 00000000 ____D () C:\Windows\system32\winrm
2015-03-20 18:31 - 2009-07-14 01:37 - 00000000 ____D () C:\Windows\system32\WCN
2015-03-20 18:31 - 2009-07-14 01:37 - 00000000 ____D () C:\Windows\system32\slmgr
2015-03-20 18:31 - 2009-07-14 01:37 - 00000000 ____D () C:\Windows\system32\Printing_Admin_Scripts
2015-03-20 18:31 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\SysWOW64\WindowsPowerShell
2015-03-20 18:31 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\system32\restore
2015-03-20 18:31 - 2009-07-14 01:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-03-20 18:31 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\spp
2015-03-20 18:31 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Speech
2015-03-20 18:31 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\NetworkList
2015-03-20 18:31 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\MUI
2015-03-20 18:31 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Msdtc
2015-03-20 18:31 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\IME
2015-03-20 18:31 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\spp
2015-03-20 18:31 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\spool
2015-03-20 18:31 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Speech
2015-03-20 18:31 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\SMI
2015-03-20 18:31 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NetworkList
2015-03-20 18:31 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\IME
2015-03-20 18:30 - 2014-12-20 21:19 - 00000000 ____D () C:\Windows\pss
2015-03-20 18:30 - 2014-12-14 20:54 - 00000000 ____D () C:\Windows\system32\1033
2015-03-20 18:30 - 2014-12-07 17:12 - 00000000 ____D () C:\Windows\softwaredistribution.bak
2015-03-20 18:30 - 2009-08-28 07:00 - 00000000 ____D () C:\Windows\oem
2015-03-20 18:30 - 2009-07-14 03:45 - 00000000 ____D () C:\Windows\ShellNew
2015-03-20 18:30 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\Performance
2015-03-20 18:30 - 2009-07-14 00:45 - 00000000 ____D () C:\Windows\Setup
2015-03-20 18:30 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Speech
2015-03-20 18:30 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\security
2015-03-20 18:30 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\schemas
2015-03-20 18:30 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Resources
2015-03-20 18:30 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PLA
2015-03-20 18:29 - 2014-12-06 21:36 - 00000000 ____D () C:\Users\Kelly\Downloads\ProcessExplorer
2015-03-20 18:29 - 2014-11-30 13:33 - 00000000 ____D () C:\Windows\erdnt
2015-03-20 18:29 - 2014-11-28 18:11 - 00000000 ____D () C:\Windows\ERUNT
2015-03-20 18:29 - 2014-11-02 12:04 - 00000000 ____D () C:\Users\Kelly\Downloads\Autoruns
2015-03-20 18:29 - 2014-07-17 22:47 - 00000000 ____D () C:\Users\Kelly\AppData\Local\OurrarUdl
2015-03-20 18:29 - 2014-06-26 23:43 - 00000000 ____D () C:\Users\Kelly\AppData\Roaming\Skype
2015-03-20 18:29 - 2014-06-08 17:27 - 00000000 ____D () C:\Users\Kelly\AppData\Roaming\AnvSoft
2015-03-20 18:29 - 2014-06-04 15:58 - 00000000 ____D () C:\Users\Public\CyberLink
2015-03-20 18:29 - 2014-06-03 13:54 - 00000000 ____D () C:\Windows\en
2015-03-20 18:29 - 2014-05-25 22:19 - 00000000 ___RD () C:\Users\Kelly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-03-20 18:29 - 2014-05-25 22:19 - 00000000 ___RD () C:\Users\Kelly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-20 18:29 - 2009-08-28 07:28 - 00000000 ____D () C:\Windows\DeployWinRE
2015-03-20 18:29 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Help
2015-03-20 18:29 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Globalization
2015-03-20 18:29 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Branding
2015-03-20 18:29 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat
2015-03-20 18:26 - 2014-12-19 08:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-03-20 18:26 - 2014-12-19 08:53 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2015-03-20 18:26 - 2014-12-14 21:36 - 00000000 ____D () C:\ProgramData\NuGet
2015-03-20 18:26 - 2014-12-14 21:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2015-03-20 18:26 - 2014-12-14 20:51 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition
2015-03-20 18:26 - 2014-11-01 11:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-03-20 18:26 - 2014-10-31 14:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-03-20 18:26 - 2014-10-31 14:55 - 00000000 ____D () C:\Program Files\iTunes
2015-03-20 18:26 - 2014-10-26 21:22 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-20 18:26 - 2014-09-22 11:32 - 00000000 ____D () C:\Program Files\Bonjour
2015-03-20 18:26 - 2014-09-21 11:39 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-03-20 18:26 - 2014-09-21 11:39 - 00000000 ____D () C:\Program Files\iPod
2015-03-20 18:26 - 2014-09-21 11:38 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-03-20 18:26 - 2014-09-21 11:37 - 00000000 ____D () C:\ProgramData\Apple
2015-03-20 18:26 - 2014-09-04 11:15 - 00000000 ____D () C:\Users\Default\AppData\Local\Eastman_Kodak_Company
2015-03-20 18:26 - 2014-09-04 11:15 - 00000000 ____D () C:\Users\Default User\AppData\Local\Eastman_Kodak_Company
2015-03-20 18:26 - 2014-07-24 11:50 - 00000000 ____D () C:\Program Files\GIMP 2
2015-03-20 18:26 - 2014-06-26 23:43 - 00000000 ____D () C:\ProgramData\Skype
2015-03-20 18:26 - 2014-06-26 23:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-03-20 18:26 - 2014-06-18 11:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FotoSketcher
2015-03-20 18:26 - 2014-06-13 14:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnvSoft
2015-03-20 18:26 - 2014-06-10 20:07 - 00000000 ____D () C:\Users\Kelly\.phet
2015-03-20 18:26 - 2014-06-09 15:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintProjects
2015-03-20 18:26 - 2014-06-09 15:29 - 00000000 ____D () C:\Users\Kelly\AppData\Local\Eastman_Kodak_Company
2015-03-20 18:26 - 2014-06-06 19:39 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodak
2015-03-20 18:26 - 2014-06-05 19:57 - 00000000 ____D () C:\Users\Kelly\AppData\Local\Microsoft Help
2015-03-20 18:26 - 2014-05-30 13:08 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2015-03-20 18:26 - 2014-05-27 06:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-03-20 18:26 - 2014-05-25 22:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works
2015-03-20 18:26 - 2014-05-25 22:27 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2015-03-20 18:26 - 2014-05-25 22:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Web Camera
2015-03-20 18:26 - 2014-05-25 22:25 - 00000000 ____D () C:\Program Files\Synaptics
2015-03-20 18:26 - 2014-05-25 22:20 - 00000000 ____D () C:\ProgramData\OEM_E471269A730D
2015-03-20 18:26 - 2009-08-28 07:01 - 00000000 ____D () C:\Program Files\Gateway
2015-03-20 18:26 - 2009-08-28 07:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gateway MyBackup
2015-03-20 18:26 - 2009-08-28 06:46 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-20 18:26 - 2009-08-28 06:40 - 00000000 ____D () C:\Program Files\Realtek
2015-03-20 18:26 - 2009-08-28 06:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Launch Manager
2015-03-20 18:26 - 2009-08-28 06:36 - 00000000 ____D () C:\Program Files\CONEXANT
2015-03-20 18:26 - 2009-07-14 01:32 - 00000000 ____D () C:\Program Files\Reference Assemblies
2015-03-20 18:26 - 2009-07-14 01:32 - 00000000 ____D () C:\Program Files\MSBuild
2015-03-20 18:26 - 2009-07-14 01:32 - 00000000 ____D () C:\Program Files\Microsoft Games
2015-03-20 18:26 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Windows NT
2015-03-20 18:26 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-03-20 18:26 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files (x86)\Windows NT
2015-03-20 18:25 - 2014-12-14 21:48 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 11.0
2015-03-20 18:25 - 2014-12-14 21:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft SDKs
2015-03-20 18:25 - 2014-12-14 20:45 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 12.0
2015-03-20 18:25 - 2014-09-21 11:39 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-03-20 18:25 - 2014-06-26 23:43 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-03-20 18:25 - 2014-06-18 11:11 - 00000000 ____D () C:\Program Files (x86)\FotoSketcher
2015-03-20 18:25 - 2014-06-09 15:19 - 00000000 ____D () C:\Program Files (x86)\Kodak
2015-03-20 18:25 - 2014-06-06 19:43 - 00000000 ____D () C:\Program Files (x86)\PrintProjects
2015-03-20 18:25 - 2014-06-03 13:53 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2015-03-20 18:25 - 2014-06-03 13:43 - 00000000 ____D () C:\Program Files (x86)\Microsoft OneDrive
2015-03-20 18:25 - 2014-05-27 06:48 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-03-20 18:25 - 2014-05-25 22:25 - 00000000 ____D () C:\Program Files (x86)\Video Web Camera
2015-03-20 18:25 - 2009-08-28 06:46 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-03-20 18:25 - 2009-08-28 06:41 - 00000000 ____D () C:\Program Files (x86)\Gateway Games
2015-03-20 18:25 - 2009-08-28 06:41 - 00000000 ____D () C:\Program Files (x86)\Gateway
2015-03-20 18:25 - 2009-08-28 06:36 - 00000000 ____D () C:\Program Files (x86)\InstallShield Installation Information
2015-03-20 18:25 - 2009-07-14 01:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2015-03-20 18:24 - 2014-09-22 11:32 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2015-03-20 18:24 - 2014-09-22 11:32 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2015-03-20 18:24 - 2014-06-13 13:56 - 00000000 ____D () C:\Program Files (x86)\Audacity
2015-03-20 18:24 - 2009-08-28 07:26 - 00000000 ____D () C:\OEM
2015-03-20 18:23 - 2014-06-03 13:50 - 00000000 ____D () C:\Program Files\Windows Live
2015-03-20 18:14 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2015-03-20 17:49 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Web
2015-03-20 17:49 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Vss
2015-03-20 17:47 - 2009-08-28 07:06 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2015-03-20 17:44 - 2014-07-29 12:17 - 00000000 ____D () C:\Windows\SysWOW64\20-20 Technologies
2015-03-20 17:44 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\system32\WindowsPowerShell
2015-03-20 17:42 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\MUI
2015-03-20 17:39 - 2009-07-14 01:13 - 00781782 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-20 17:18 - 2014-06-26 23:43 - 00000000 ____D () C:\Users\Kelly\AppData\Local\Skype
2015-03-20 17:18 - 2014-06-24 10:33 - 00000000 ____D () C:\Users\Kelly\Documents\tweaking.com_windows_repair_aio
2015-03-20 17:18 - 2014-05-25 23:11 - 00000000 ____D () C:\Users\Kelly\AppData\Roaming\Adobe
2015-03-20 17:02 - 2014-06-24 19:27 - 00000000 ____D () C:\RegBackup
2015-03-20 17:02 - 2009-07-13 23:20 - 00000000 ___RD () C:\Users\Default
2015-03-20 16:58 - 2014-12-16 10:49 - 00000000 ____D () C:\ProgramData\Lavasoft
2015-03-20 16:58 - 2014-06-06 19:32 - 00000000 ____D () C:\ProgramData\Kodak
2015-03-20 16:58 - 2014-06-03 13:42 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2015-03-20 16:58 - 2009-08-28 07:05 - 00000000 ____D () C:\ProgramData\Adobe
2015-03-20 16:58 - 2009-08-28 07:04 - 00000000 ____D () C:\ProgramData\Google
2015-03-20 16:58 - 2009-08-28 07:01 - 00000000 ____D () C:\ProgramData\Gateway
2015-03-20 16:57 - 2014-12-14 20:54 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2015-03-20 16:57 - 2009-08-28 06:47 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-03-20 16:57 - 2009-08-28 06:46 - 00000000 ____D () C:\Program Files\Preload
2015-03-20 16:56 - 2014-12-16 10:53 - 00000000 ____D () C:\Program Files\Lavasoft
2015-03-20 16:54 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\SpeechEngines
2015-03-20 16:53 - 2014-12-14 21:08 - 00000000 ____D () C:\Program Files (x86)\Windows Kits
2015-03-20 16:52 - 2014-11-29 17:25 - 00000000 __SHD () C:\Users\Kelly\AppData\Local\EmieSiteList
2015-03-20 16:50 - 2009-08-28 06:59 - 00000000 ____D () C:\Program Files (x86)\NewTech Infosystems
2015-03-20 16:50 - 2009-08-28 06:36 - 00000000 ____D () C:\Program Files (x86)\Realtek
2015-03-20 16:50 - 2009-07-14 01:32 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies
2015-03-20 16:48 - 2014-12-14 20:54 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2015-03-20 16:47 - 2014-12-14 21:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Help Viewer
2015-03-20 16:45 - 2014-10-25 20:18 - 00000000 ____D () C:\Users\Administrator
2015-03-20 16:42 - 2009-08-28 07:05 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-03-20 16:38 - 2009-08-28 06:46 - 00000000 ___RD () C:\MSOCache
2015-03-20 14:00 - 2014-05-25 22:19 - 00000000 ___RD () C:\Users\Kelly
2015-03-20 00:42 - 2014-05-25 23:56 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-03-20 00:37 - 2015-01-27 23:57 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-03-19 23:18 - 2015-01-28 00:01 - 00000000 ____D () C:\Program Files\AVAST Software
2015-03-19 23:18 - 2009-08-28 07:04 - 00000000 ____D () C:\Program Files\Google
2015-03-19 23:17 - 2009-08-28 07:04 - 00000000 ____D () C:\Program Files (x86)\Google
2015-03-18 18:52 - 2009-07-14 00:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-03-18 18:52 - 2009-07-14 00:54 - 00002020 ___SH () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop(17616).ini
2015-03-18 15:20 - 2014-05-30 12:22 - 00000000 ____D () C:\Users\Kelly\AppData\Local\Windows Live
2015-03-18 12:52 - 2014-10-26 16:17 - 00000000 ____D () C:\EEK
2015-03-18 10:41 - 2009-12-20 13:52 - 00007100 _____ () C:\Users\Kelly\Desktop\folder_fix_w7.reg
2015-03-17 09:48 - 2009-08-28 07:09 - 01300280 _____ () C:\Windows\PFRO.log
2015-03-15 18:16 - 2009-08-28 07:29 - 00000000 ____D () C:\Windows\Panther
2015-03-15 14:57 - 2014-12-16 10:55 - 00002288 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2015-03-15 14:57 - 2014-12-16 10:55 - 00002288 _____ () C:\ProgramData\Desktop\Ad-Aware Antivirus.lnk
2015-03-14 23:06 - 2014-07-24 16:16 - 00008704 _____ () C:\Users\Kelly\Documents\email.wps
2015-03-13 22:21 - 2014-07-12 12:10 - 00000000 ____D () C:\Users\Kelly\.gimp-2.8
2015-03-04 21:18 - 2015-01-14 13:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-04 21:08 - 2015-01-14 13:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-03 16:26 - 2014-08-02 17:03 - 00012288 _____ () C:\Users\Kelly\Documents\capital one.wps
2015-03-03 16:22 - 2015-01-30 12:33 - 00250368 _____ () C:\Users\Kelly\Documents\CTS receipt january 30 2015.wps
2015-03-03 16:21 - 2014-07-05 20:28 - 00010752 _____ () C:\Users\Kelly\Documents\credit one bank.wps
2015-02-24 04:17 - 2014-05-25 22:31 - 00295552 _____ (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-22 17:35 - 2015-01-14 13:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

==================== Files in the root of some directories =======

2009-07-14 00:54 - 2009-07-14 00:54 - 0000174 ___SH () C:\Program Files\desktop(17580).ini
2015-03-16 16:31 - 2015-03-16 16:31 - 34592048 _____ (Any-Video-Converter.com                                     ) C:\Program Files (x86)\avc-free.exe
2009-07-14 00:54 - 2009-07-14 00:54 - 0000174 ___SH () C:\Program Files (x86)\desktop(17485).ini
2014-12-14 18:59 - 2014-12-12 14:33 - 53303296 _____ () C:\Program Files (x86)\Silverlight.msp
2015-03-18 12:14 - 2015-03-21 15:31 - 0000334 _____ () C:\Users\Kelly\AppData\Roaming\wklnhst.dat

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-03-15 11:20

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Kelly at 2015-03-21 15:56:36
Running from C:\Users\Kelly\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Ad-Aware Antivirus (HKLM\...\{A5C0392D-46A7-4CB3-800B-5794909453BD}_AdAwareUpdater) (Version: 11.5.202.7299 - Lavasoft)
AdAwareInstaller (Version: 11.5.202.7299 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.5.202.7299 - Lavasoft) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
aioprnt (Version: 5.3.1.0 - Eastman Kodak Company) Hidden
aioscnnr (x32 Version: 5.8.10.0 - Your Company Name) Hidden
aioscnnr (x32 Version: 7.6.13.10 - Your Company Name) Hidden
AntimalwareEngine (Version: 3.0.0.56 - Lavasoft) Hidden
Any Video Converter 5.7.8 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Backup Manager Basic (x32 Version: 2.0.0.22 - NewTech Infosystems) Hidden
Behaviors SDK (Windows Phone) for Visual Studio 2013 (x32 Version: 12.0.50716.0 - Microsoft Corporation) Hidden
Behaviors SDK (Windows) for Visual Studio 2013 (x32 Version: 12.0.50429.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build Tools - amd64 (Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools - x86 (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
C4USelfUpdater (x32 Version: 1.00.0000 - Your Company Name) Hidden
center (x32 Version: 7.8.0.0 - Eastman Kodak Company) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Convert VOB to AVI (HKLM-x32\...\{5FE0C13A-63F1-4394-88A8-2D8722A75FE0}_is1) (Version:  - www.convertvobtoavi.com)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Entity Framework 6.1.1 Tools  for Visual Studio 2013 (HKLM-x32\...\{85253F13-EE42-4850-A3A5-79B90E92D7AC}) (Version: 12.0.30610.0 - Microsoft Corporation)
essentials (x32 Version: 7.8.0.0 - Eastman Kodak Company) Hidden
FotoSketcher 2.85 (HKLM-x32\...\{E7C6D565-2E48-4303-A114-AFE7B2E561AF}_is1) (Version:  - David THOIRON)
Gateway Games (HKLM-x32\...\WildTangent gateway Master Uninstall) (Version: 1.0.0.71 - WildTangent)
Gateway InfoCentre (HKLM-x32\...\Gateway InfoCentre) (Version: 3.02.3000 - Gateway Incorporated)
Gateway MyBackup (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.22 - NewTech Infosystems)
Gateway Power Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.05.3002 - Gateway Incorporated)
Gateway Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3002 - Acer Incorporated)
Gateway Registration (HKLM-x32\...\Gateway Registration) (Version: 1.02.3004 - Gateway Incorporated)
Gateway ScreenSaver (HKLM-x32\...\Gateway Screensaver) (Version: 1.7.0730 - Gateway Incorporated)
Gateway Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.01.3014 - Gateway Incorporated)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.4.56 - Conexant Systems)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3001 - Gateway Incorporated)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kodak AIO Printer (Version: 7.8.1.0 - Eastman Kodak Company) Hidden
KODAK AiO Software (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.8.5.2 - Eastman Kodak Company)
Launch Manager (HKLM-x32\...\LManager) (Version: 3.0.03 - Gateway)
LocalESPC (x32 Version: 8.59.29989 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.41012.0) (HKLM-x32\...\{AC8E0CF4-42A1-4151-B684-97CF6FD726CF}) (Version: 12.0.41012.0 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{8C06D6DB-A391-4686-B050-99CC522A7843}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{4AEB505C-95E1-4964-9B64-8D27F3186D30}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{67E03279-F703-408F-B4BF-46B5FC8D70CD}) (Version: 9.7.0621 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
ocr (x32 Version: 6.2.3.50 - Eastman Kodak Company) Hidden
PowreShellIntegration.Notifications (x32 Version: 2.5.21003.1603 - Microsoft Corporation) Hidden
PreReq (x32 Version: 6.2.4.0 - Eastman Kodak Company) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT  (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
PrintProjects (HKLM-x32\...\PrintProjects) (Version: 1.0.0.9282 - RocketLife Inc.)
Python Tools Redirection Template (x32 Version: 1.1 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5904 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30102 - Realtek Semiconductor Corp.)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.2.0 - Synaptics Incorporated)
TypeScript Power Tool (x32 Version: 1.0.5.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2013 (x32 Version: 1.0.5.0 - Microsoft Corporation) Hidden
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Video Web Camera (HKLM-x32\...\{12A1B519-5934-4508-ADBD-335347B0DC87}) (Version: 1.7.46.715 - Chicony Electronics Co.,Ltd.)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Visual Studio 2013 Update 4 (KB2829760) (HKLM-x32\...\{53d408db-eb91-43fb-9d8f-167681c19763}) (Version: 12.0.31101 - Microsoft Corporation)
VS Update core components (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
Welcome Center (HKLM-x32\...\Gateway Welcome Center) (Version: 1.00.3005 - Gateway Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}) (Version: 14.0.8064.206 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

30-01-2015 21:22:48 avast! antivirus system restore point
07-02-2015 16:58:25 Scheduled Checkpoint
11-02-2015 11:31:41 Restore Operation
11-02-2015 11:44:30 avast! antivirus system restore point
15-02-2015 11:33:31 Restore Operation
15-02-2015 11:48:38 avast! antivirus system restore point
20-02-2015 16:22:42 avast! antivirus system restore point
20-02-2015 18:40:23 avast! antivirus system restore point
20-02-2015 19:22:36 avast! antivirus system restore point
21-02-2015 11:51:25 avast! antivirus system restore point
22-02-2015 16:00:23 Installed Process Blocker 1.0.12.0
22-02-2015 16:48:54 AA11
22-02-2015 16:57:56 Restore Operation
22-02-2015 17:55:58 AA11
28-02-2015 21:06:20 Restore Operation
02-03-2015 11:48:30 AA11
04-03-2015 13:22:27 Restore Operation
07-03-2015 18:14:58 Windows Update
08-03-2015 14:45:13 Windows Update
08-03-2015 16:50:48 Installed DirectX
08-03-2015 16:51:15 Installed DirectX
08-03-2015 16:51:45 Installed DirectX
08-03-2015 20:58:50 Windows Live Essentials
08-03-2015 20:59:16 WLSetup
09-03-2015 20:11:42 Restore Operation
09-03-2015 23:58:49 avast! antivirus system restore point
12-03-2015 07:19:55 Windows Update
14-03-2015 10:44:42 Restore Operation
15-03-2015 16:23:49 Installed Should I Remove It
15-03-2015 16:42:56 avast! antivirus system restore point
17-03-2015 08:55:56 Windows Update
17-03-2015 09:23:11 Installed Free VOB To AVI Converter
18-03-2015 10:24:44 Removed Should I Remove It
19-03-2015 20:30:51 Restore Operation
20-03-2015 00:39:23 avast! antivirus system restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2014-06-24 20:24 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0E5FADD6-5ACE-4E38-BDC8-5CF9B10BAEE5} - System32\Tasks\ProgramRefresh-ATFST => C:\Program Files (x86)\File Type Assistant\tsasetup.exe <==== ATTENTION
Task: {2CE189EC-2FEE-4E20-AE93-1E14A2F1E6D4} - System32\Tasks\TweakBit\Driver Updater\Start Driver Updater оn logon => C:\Program Files (x86)\TweakBit\Driver Updater\DriverUpdater.exe
Task: {6E2B8484-9A71-47C9-BB8E-A21FC4A3CEFC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {8CBC52E6-A71C-44E4-BC04-11A69CB3D793} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\Gateway\Gateway Recovery Management\NotificationCenter\Notification.exe [2009-07-09] (Acer)
Task: {9E3ECC7B-242E-47F1-ACED-F53943DEBE87} - System32\Tasks\ProgramUpdateCheck => C:\Program Files (x86)\File Type Assistant\TSAssist.exe <==== ATTENTION
Task: {ECA6F6FD-7AA1-4EB1-A695-8E4688841254} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-20] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) ==============

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1519497777-177528772-3543348537-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.254

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: ePowerSvc => 2
MSCONFIG\Services: GameConsoleService => 3
MSCONFIG\Services: Greg_Service => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: Kodak AiO Network Discovery Service => 2
MSCONFIG\Services: Kodak AiO Status Monitor Service => 2
MSCONFIG\Services: LavasoftAdAwareService11 => 2
MSCONFIG\Services: NTI IScheduleSvc => 2
MSCONFIG\Services: Partner Service => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Updater Service => 2
MSCONFIG\startupreg: Acer ePower Management => C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
MSCONFIG\startupreg: AdAwareTray => "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AVG_UI => "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
MSCONFIG\startupreg: BackupManagerTray => "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
MSCONFIG\startupreg: Camera Assistant Software => "C:\Program Files (x86)\Video Web Camera\traybar.exe"
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: Conime => %windir%\system32\conime.exe
MSCONFIG\startupreg: EKIJ5000StatusMonitor => C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe
MSCONFIG\startupreg: EKStatusMonitor => C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LManager => C:\Program Files (x86)\Launch Manager\LManager.exe
MSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
MSCONFIG\startupreg: PDVD8LanguageShortcut => "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: RemoteControl8 => "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

==================== Accounts: =============================

Administrator (S-1-5-21-1519497777-177528772-3543348537-500 - Administrator - Enabled)
Guest (S-1-5-21-1519497777-177528772-3543348537-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-1519497777-177528772-3543348537-1002 - Limited - Enabled)
Kelly (S-1-5-21-1519497777-177528772-3543348537-1001 - Administrator - Enabled) => C:\Users\Kelly

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (03/21/2015 03:41:27 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
 Access is denied.  (HRESULT : 0x80070005) (0x80070005)

Error: (03/21/2015 03:41:27 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
 Access is denied.  (HRESULT : 0x80070005) (0x80070005)

Error: (03/21/2015 03:41:27 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 Access is denied.  (HRESULT : 0x80070005) (0x80070005)

Error: (03/21/2015 03:41:27 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 Element not found.  (HRESULT : 0x80070490) (0x80070490)

Error: (03/21/2015 03:41:27 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 Access is denied.  (HRESULT : 0x80070005) (0x80070005)

Error: (03/21/2015 03:38:16 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
 Access is denied.  (HRESULT : 0x80070005) (0x80070005)

Error: (03/21/2015 03:38:16 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
 Access is denied.  (HRESULT : 0x80070005) (0x80070005)

Error: (03/21/2015 03:38:16 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 Access is denied.  (HRESULT : 0x80070005) (0x80070005)

Error: (03/21/2015 03:38:16 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 Element not found.  (HRESULT : 0x80070490) (0x80070490)

Error: (03/21/2015 03:38:16 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 Access is denied.  (HRESULT : 0x80070005) (0x80070005)

System errors:
=============
Error: (03/21/2015 03:41:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 8 time(s).

Error: (03/21/2015 03:41:27 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Search service terminated with the following error:
%%5

Error: (03/21/2015 03:38:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 7 time(s).

Error: (03/21/2015 03:38:16 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Search service terminated with the following error:
%%5

Error: (03/21/2015 03:37:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 6 time(s).

Error: (03/21/2015 03:37:41 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Search service terminated with the following error:
%%5

Error: (03/21/2015 01:30:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 5 time(s).

Error: (03/21/2015 01:30:02 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Search service terminated with the following error:
%%5

Error: (03/21/2015 00:14:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 4 time(s).

Error: (03/21/2015 00:14:25 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Search service terminated with the following error:
%%5

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-11-30 13:01:33.554
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-11-30 13:01:33.508
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-10-29 18:10:33.943
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-29 18:10:33.943
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-29 18:10:33.943
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-29 18:10:33.912
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-29 18:10:33.912
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-29 18:10:33.912
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-28 16:16:24.640
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-28 16:16:24.640
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU T6600 @ 2.20GHz
Percentage of memory in use: 33%
Total physical RAM: 4025.98 MB
Available physical RAM: 2669.29 MB
Total Pagefile: 8050.14 MB
Available Pagefile: 6673.01 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (Gateway) (Fixed) (Total:453.66 GB) (Free:230.05 GB) NTFS
Drive d: (DVD_CAMERA) (CDROM) (Total:1.32 GB) (Free:0 GB) UDF
Drive e: () (Removable) (Total:14.83 GB) (Free:12.7 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: C170412A)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=102 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=453.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 14.8 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================


  • 0

Advertisements

#2
Essexboy
Posted 22 March 2015 - 06:51 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there, my initial reaction would be to re-install windows. Do you have a windows CD

There is no guarantee that this can be repaired, so all we can do is try



CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1519497777-177528772-3543348537-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll No File
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKU\S-1-5-21-1519497777-177528772-3543348537-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
S4 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe [713568 2014-12-18] ()
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-07-10] (BitDefender S.R.L.)
2015-03-15 16:24 - 2015-03-18 10:25 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2015-03-15 16:20 - 2015-03-20 18:31 - 00000000 ____D () C:\Windows\System32\Tasks\TweakBit
2015-03-15 16:20 - 2015-03-15 18:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TweakBit
2015-03-15 16:20 - 2015-03-15 18:58 - 00000000 ____D () C:\Program Files (x86)\TweakBit
2015-03-20 00:37 - 2015-01-27 23:57 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-03-19 23:18 - 2015-01-28 00:01 - 00000000 ____D () C:\Program Files\AVAST Software
Task: {0E5FADD6-5ACE-4E38-BDC8-5CF9B10BAEE5} - System32\Tasks\ProgramRefresh-ATFST => C:\Program Files (x86)\File Type Assistant\tsasetup.exe <==== ATTENTION
Task: {2CE189EC-2FEE-4E20-AE93-1E14A2F1E6D4} - System32\Tasks\TweakBit\Driver Updater\Start Driver Updater ?n logon => C:\Program Files (x86)\TweakBit\Driver Updater\DriverUpdater.exe
Task: {9E3ECC7B-242E-47F1-ACED-F53943DEBE87} - System32\Tasks\ProgramUpdateCheck => C:\Program Files (x86)\File Type Assistant\TSAssist.exe <==== ATTENTION
C:\Program Files (x86)\File Type Assistant
C:\Program Files (x86)\TweakBit
C:\ProgramData\Norton
C:\Program Files\Lavasoft
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Download Windows All In One Repair from Tweaking.com to your desktop
Install the programme

Reboot to safe mode with networking
Run Windows All In One
Select Step 2
Select open Pre-repairs scan then click scan
Let that complete
Save the results to a text file on your desktop

waioprescan.JPG

Next select Step 5 and back up the registry

waioregback.JPG

Open the Repairs tab

waioopenrep.JPG

Select the following repair numbers :

1 to 27

Set the system to reboot on completion
The press Start Repairs

waiorepair.JPG
  • 0

#3
tink0303
Posted 22 March 2015 - 10:14 AM

tink0303

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

Hi. Thank you for helping. I do not have a Windows CD. I will go ahead and get started on all of these steps. Hope it works!


  • 0

#4
tink0303
Posted 22 March 2015 - 11:01 AM

tink0303

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

I'm having trouble with the 2nd step that tells me to save this as fixlist.txt. The directions say:  Save this as fixlist.txt, in the same location as FRST.exe. Run FRST and press Fix. On completion a log will be generated please post that. There is a blue picture with the FRST64 logo inside it and a lined paper with fixlist underneath. How do I access that?


  • 0

#5
Essexboy
Posted 22 March 2015 - 11:02 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you let me know what make and model your computer is please

The FRST programme should be on your desktop, if it is not then please place it there (the programme not a shortcut) then download the attached fixlist.txt to the desktop and then start FRST and press fix

[attachment=76155:fixlist.txt]
  • 0

#6
tink0303
Posted 22 March 2015 - 11:48 AM

tink0303

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

Hi. It's a Gateway NV78. Thank you for resending.


  • 0

#7
Essexboy
Posted 22 March 2015 - 12:12 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK having a look at the manual now
  • 0

#8
tink0303
Posted 22 March 2015 - 12:19 PM

tink0303

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

My FRST.exe is on my desktop. I saved the fixlist.txt to my desktop too, but nothing happens when I try and run the fix. My computer doesn't work normal at all. How can I get the fix to go into the FRST program?


  • 0

#9
tink0303
Posted 22 March 2015 - 01:25 PM

tink0303

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

I attached the fixlist to the FRST.exe and clicked fix. It completed and restarted my computer. You say a log was generated that I should post? Where is that log and what is it called?


  • 0

#10
Essexboy
Posted 22 March 2015 - 02:06 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
It should be in the same location as FRST and called fixlog.txt
  • 0

Advertisements

#11
tink0303
Posted 22 March 2015 - 03:51 PM

tink0303

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

Here is the fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Kelly at 2015-03-22 15:10:42 Run:1
Running from C:\Users\Kelly\Desktop
Loaded Profiles: Kelly (Available profiles: Kelly)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CreateRestorePoint:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1519497777-177528772-3543348537-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll No File
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKU\S-1-5-21-1519497777-177528772-3543348537-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
S4 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe [713568 2014-12-18] ()
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-07-10] (BitDefender S.R.L.)
2015-03-15 16:24 - 2015-03-18 10:25 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2015-03-15 16:20 - 2015-03-20 18:31 - 00000000 ____D () C:\Windows\System32\Tasks\TweakBit
2015-03-15 16:20 - 2015-03-15 18:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TweakBit
2015-03-15 16:20 - 2015-03-15 18:58 - 00000000 ____D () C:\Program Files (x86)\TweakBit
2015-03-20 00:37 - 2015-01-27 23:57 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-03-19 23:18 - 2015-01-28 00:01 - 00000000 ____D () C:\Program Files\AVAST Software
Task: {0E5FADD6-5ACE-4E38-BDC8-5CF9B10BAEE5} - System32\Tasks\ProgramRefresh-ATFST => C:\Program Files (x86)\File Type Assistant\tsasetup.exe <==== ATTENTION
Task: {2CE189EC-2FEE-4E20-AE93-1E14A2F1E6D4} - System32\Tasks\TweakBit\Driver Updater\Start Driver Updater ?n logon => C:\Program Files (x86)\TweakBit\Driver Updater\DriverUpdater.exe
Task: {9E3ECC7B-242E-47F1-ACED-F53943DEBE87} - System32\Tasks\ProgramUpdateCheck => C:\Program Files (x86)\File Type Assistant\TSAssist.exe <==== ATTENTION
C:\Program Files (x86)\File Type Assistant
C:\Program Files (x86)\TweakBit
C:\ProgramData\Norton
C:\Program Files\Lavasoft
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers

*****************

Restore point was successfully created.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-1519497777-177528772-3543348537-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully.
HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => Key not found.
HKU\S-1-5-21-1519497777-177528772-3543348537-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC} => value deleted successfully.
LavasoftAdAwareService11 => Service deleted successfully.
Trufos => Service deleted successfully.
C:\Windows\SysWOW64\AI_RecycleBin => Moved successfully.
C:\Windows\System32\Tasks\TweakBit => Moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TweakBit => Moved successfully.
C:\Program Files (x86)\TweakBit => Moved successfully.
C:\ProgramData\AVAST Software => Moved successfully.
C:\Program Files\AVAST Software => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0E5FADD6-5ACE-4E38-BDC8-5CF9B10BAEE5}" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0E5FADD6-5ACE-4E38-BDC8-5CF9B10BAEE5}" => Key Deleted successfully.
C:\Windows\System32\Tasks\ProgramRefresh-ATFST => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProgramRefresh-ATFST" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2CE189EC-2FEE-4E20-AE93-1E14A2F1E6D4}" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2CE189EC-2FEE-4E20-AE93-1E14A2F1E6D4}" => Key Deleted successfully.
C:\Windows\System32\Tasks\TweakBit\Driver Updater\Start Driver Updater ?n logon not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TweakBit\Driver Updater\Start Driver Updater ?n logon => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9E3ECC7B-242E-47F1-ACED-F53943DEBE87}" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9E3ECC7B-242E-47F1-ACED-F53943DEBE87}" => Key Deleted successfully.
C:\Windows\System32\Tasks\ProgramUpdateCheck => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProgramUpdateCheck" => Key Deleted successfully.
"C:\Program Files (x86)\File Type Assistant" => File/Directory not found.
"C:\Program Files (x86)\TweakBit" => File/Directory not found.
"C:\ProgramData\Norton" => File/Directory not found.
C:\Program Files\Lavasoft => Moved successfully.

========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.

 

========= End of Reg: =========

========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.

 

========= End of Reg: =========

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
HKU\S-1-5-21-1519497777-177528772-3543348537-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\S-1-5-21-1519497777-177528772-3543348537-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.

========= End of RemoveProxy: =========

=========  bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {D462FEBD-BB1A-483B-BE63-13F7FED2860C}.
{AF81E3FF-C894-49CC-A7AF-F64D6C4D0B9F} canceled.
{9273096F-EB60-4EC8-9924-226C127605C5} canceled.
{4325743E-9DE3-4C14-9460-BE3D948A8857} canceled.
{DD974703-081A-4F19-A8E7-B65AE04FBE9D} canceled.
{7596E348-281E-4071-9621-AC1CA7437C4E} canceled.
{2E775A2B-0590-4341-B3B4-4AFFE506B513} canceled.
{6A01AFEF-5D21-413C-AF98-9AA1E80662F4} canceled.
{D3355A12-EF23-47C3-90FE-5DE7EA89EF6D} canceled.
{3AB95A5D-7F7B-4EE4-B2C9-A7D6E2D9B200} canceled.
9 out of 10 jobs canceled.

========= End of CMD: =========

EmptyTemp: => Removed 2.7 GB temporary data.

The system needed a reboot.

==== End of Fixlog 15:13:51 ====

 

I also finished running Tweaking.com. Are there results from that somewhere that you want to see?


  • 0

#12
Essexboy
Posted 22 March 2015 - 04:06 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Just the pre run scan please. Is there any improvement in the system
  • 0

#13
tink0303
Posted 22 March 2015 - 05:31 PM

tink0303

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

To check if it was any better, I put a mini DVD in the disc drive and checked the properties. I've been trying to load this video of my kids for a while now and it won't let me. When I looked at the properties for one of the files that's in it, the box that comes up only has 2 tabs, General and Details. Under the details tab, it shows Everyone as the owner. Also, I did a screenshot and then typed paint in the start search. When Paint comes up, it says Paint (17611). Not sure what that number is for. So, I'm thinking it's not much better.


  • 0

#14
tink0303
Posted 23 March 2015 - 06:52 AM

tink0303

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

What do I do now?


  • 0

#15
Essexboy
Posted 23 March 2015 - 09:52 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK first thing to do is determine whether the recovery partition is available

1 Click (Start), All Programs, Gateway, then click Gateway Recovery Management.
2.Gateway Recovery Management opens.

Go no further at this stage just let me know if that menu opens
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics


Also tagged with one or more of these keywords: permissions, corrupt, slow running computer

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP