Satchfan,
You have my undying gratitude for taking the time to help me with this. I had no problem following your instructions, which means they were super clear. I am posting the results below.
Thank you!
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:08-06-2015
Ran by Beth (administrator) on BETH-LAPTOP on 10-06-2015 08:36:59
Running from C:\Users\Beth\Desktop
Loaded Profiles: Beth (Available Profiles: Beth)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\nis.exe
() C:\Program Files (x86)\Ralink\RT2860 Wireless LAN Card\ExtraFiles\RaMediaServer.exe
(Synaptics, Inc.) C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\nis.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Vimicro) C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
(Synaptics Incorporated) C:\Program Files (x86)\Synaptics\Scrybe\scrybe.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
() C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11831400 2011-04-21] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2735400 2011-03-31] (Synaptics Incorporated)
HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [206176 2012-02-06] (Lenovo)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [789920 2012-02-06] (Lenovo)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9769888 2012-02-06] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2012-02-06] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-12-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [332BigDog] => C:\Program Files (x86)\USB Camera2\VM332_STI.EXE [536576 2010-01-19] (Vimicro)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-28] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [228448 2011-01-28] (CyberLink Corp.)
HKLM-x32\...\Run: [VeriFaceManager] => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-02-06] (Lenovo)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
HKLM-x32\...\Run: [Easy Dock] => [X]
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AirPort Base Station Agent] => C:\Program Files (x86)\AirPort\APAgent.exe [771360 2009-11-11] (Apple Inc.)
HKU\S-1-5-21-4225998983-3709521534-2982131043-1002\...\Run: [Easy Dock] => [X]
HKU\S-1-5-21-4225998983-3709521534-2982131043-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8322328 2015-05-08] (Piriform Ltd)
HKU\S-1-5-21-4225998983-3709521534-2982131043-1002\...\MountPoints2: {308f75a9-f148-11e1-acd0-f0def1c749ec} - E:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-4225998983-3709521534-2982131043-1002\...\MountPoints2: {ee1ea08e-7785-11e2-82a2-00027239c062} - F:\VerizonSWUpgradeAssistantLauncher.exe
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2013-02-13]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Scrybe.lnk [2012-06-15]
ShortcutTarget: Scrybe.lnk -> C:\Windows\Installer\{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}\NewShortcut11_8ACB210B42E44145A8C31F8E3DD765A3.exe (Acresso Software Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [VeriFace Enc] -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\windows\system32\IcnOvrly.dll [2012-02-06] ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-4225998983-3709521534-2982131043-1002\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.google.com/ie
HKU\S-1-5-21-4225998983-3709521534-2982131043-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://www.google.com/ie
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope value is missing
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2011-06-07] (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2011-06-07] (Advanced Micro Devices)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL [2015-03-04] (Symantec Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-22] (Oracle Corporation)
BHO-x32: DefaultTab Browser Helper -> {7F6AFBF1-E065-4627-A2FD-810366367D01} -> C:\Users\Beth\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-22] (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-4225998983-3709521534-2982131043-1002 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-4225998983-3709521534-2982131043-1002 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 172.16.42.1
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2013-04-02] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-22] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-09] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\ATT\8.3.1.18\ma\bin\npMotive.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-08-03] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}] - C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn [2015-06-09]
FF HKLM-x32\...\Firefox\Extensions: [{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}] - C:\Program Files\Updater By SweetPacks\Firefox
Chrome:
=======
CHR Profile: C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Angry Birds) - C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2013-04-01]
CHR Extension: (Google Calendar) - C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2013-04-01]
CHR Extension: (Bookmark Manager) - C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-06-08]
CHR Extension: (Norton Identity Safe) - C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-15]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11]
CHR Extension: (Norton Security Toolbar) - C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-03-28]
CHR Extension: (Google Wallet) - C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Profile: C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-08]
CHR Extension: (Google Docs) - C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-08]
CHR Extension: (Google Drive) - C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-08]
CHR Extension: (YouTube) - C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-08]
CHR Extension: (Google Search) - C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-08]
CHR Extension: (Google Sheets) - C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-08]
CHR Extension: (Bookmark Manager) - C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-06-08]
CHR Extension: (Norton Identity Safe) - C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-06-08]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-08]
CHR Extension: (Norton Security Toolbar) - C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2015-06-08]
CHR Extension: (Google Wallet) - C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-08]
CHR Extension: (Gmail) - C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-08]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\Exts\Chrome.crx [2015-03-22]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\Exts\Chrome.crx [2015-03-22]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-12-15] (Advanced Micro Devices, Inc.) [File not signed]
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\NIS.exe [276336 2015-03-07] (Symantec Corporation)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RaMediaServer; C:\Program Files (x86)\Ralink\RT2860 Wireless LAN Card\ExtraFiles\RaMediaServer.exe [454656 2010-05-19] () [File not signed]
R2 ScrybeUpdater; C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe [1300264 2011-05-27] (Synaptics, Inc.)
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\Unchecky_svc.exe [164600 2015-06-08] (RaMMicHaeL)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20150602.001\BHDrvx64.sys [1640152 2015-06-01] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1507000.00B\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [489776 2015-06-08] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [145200 2015-06-08] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20150609.002\IDSvia64.sys [684248 2015-06-05] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20150609.001\ENG64.SYS [129752 2015-04-29] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20150609.001\EX64.SYS [2137304 2015-04-29] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1507000.00B\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1507000.00B\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1507000.00B\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1507000.00B\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-19] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1507000.00B\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1507000.00B\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-07-28] (Apple, Inc.) [File not signed]
U3 BcmSqlStartupSvc; No ImagePath
U2 CLKMSVC10_3A60B698; No ImagePath
U2 CLKMSVC10_C3B3B687; No ImagePath
U2 DriverService; No ImagePath
U2 IAStorDataMgrSvc; No ImagePath
U2 iATAgentService; No ImagePath
U2 idealife Update Service; No ImagePath
U3 IGRS; No ImagePath
U2 IviRegMgr; No ImagePath
S3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
U2 nvUpdatusService; No ImagePath
U2 Oasis2Service; No ImagePath
U2 PCCarerService; No ImagePath
U2 ReadyComm.DirectRouter; No ImagePath
U2 RichVideo; No ImagePath
U2 RtLedService; No ImagePath
U2 SeaPort; No ImagePath
U2 SoftwareService; No ImagePath
U3 SQLWriter; No ImagePath
S3 vzandnetdiag; system32\DRIVERS\lgvzandnetdiag64.sys [X]
S3 vzandnetdiag2; system32\DRIVERS\lgvzandnetdiag264.sys [X]
S3 vzandnetmodem; system32\DRIVERS\lgvzandnetmdm64.sys [X]
S3 vzandnetndis; system32\DRIVERS\lgvzandnetndis64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-10 08:36 - 2015-06-10 08:37 - 00024405 _____ C:\Users\Beth\Desktop\FRST.txt
2015-06-10 08:36 - 2015-06-10 08:37 - 00000000 ____D C:\FRST
2015-06-10 08:35 - 2015-06-10 08:35 - 02108928 _____ (Farbar) C:\Users\Beth\Desktop\frst64.exe
2015-06-09 18:09 - 2015-06-09 18:09 - 00000000 ____D C:\Users\Beth\AppData\Roaming\java
2015-06-09 18:09 - 2015-06-09 18:09 - 00000000 ____D C:\Users\Beth\AppData\Roaming\.minecraft
2015-06-09 18:01 - 2015-06-09 18:08 - 00000000 ____D C:\Program Files (x86)\Minecraft
2015-06-09 18:01 - 2015-06-09 18:01 - 00000961 _____ C:\Users\Public\Desktop\Minecraft.lnk
2015-06-09 18:01 - 2015-06-09 18:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
2015-06-09 17:52 - 2015-06-09 17:52 - 00000184 _____ C:\Users\Beth\Downloads\eula.txt
2015-06-09 17:52 - 2015-06-09 17:52 - 00000061 _____ C:\Users\Beth\Downloads\server.properties
2015-06-09 17:50 - 2015-06-09 17:50 - 02314240 _____ C:\Users\Beth\Downloads\MinecraftInstaller.msi
2015-06-09 17:47 - 2015-06-09 17:47 - 10174886 _____ C:\Users\Beth\Downloads\minecraft_server.1.8.7.exe
2015-06-09 17:39 - 2015-06-09 17:39 - 00000000 ____D C:\Users\Beth\AppData\Local\GWX
2015-06-09 17:37 - 2015-06-09 17:37 - 00000056 _____ C:\windows\setupact.log
2015-06-09 17:37 - 2015-06-09 17:37 - 00000000 _____ C:\windows\setuperr.log
2015-06-08 23:53 - 2015-06-08 23:53 - 00002794 _____ C:\windows\System32\Tasks\CCleanerSkipUAC
2015-06-08 23:53 - 2015-06-08 23:53 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-06-08 23:53 - 2015-06-08 23:53 - 00000000 ____D C:\Program Files\CCleaner
2015-06-08 23:52 - 2015-06-08 23:52 - 06549184 _____ (Piriform Ltd) C:\Users\Beth\Downloads\ccsetup506.exe
2015-06-08 23:51 - 2015-06-08 23:51 - 00001023 _____ C:\Users\Public\Desktop\Unchecky.lnk
2015-06-08 23:51 - 2015-06-08 23:51 - 00000000 ____D C:\ProgramData\Unchecky
2015-06-08 23:51 - 2015-06-08 23:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unchecky
2015-06-08 23:51 - 2015-06-08 23:51 - 00000000 ____D C:\Program Files (x86)\Unchecky
2015-06-08 23:49 - 2015-06-08 23:49 - 01142616 _____ (RaMMicHaeL) C:\Users\Beth\Downloads\unchecky_setup.exe
2015-06-08 23:49 - 2015-06-08 23:49 - 01142616 _____ (RaMMicHaeL) C:\Users\Beth\Downloads\unchecky_setup (1).exe
2015-06-08 22:48 - 2015-06-08 22:48 - 00000000 ____D C:\windows\pss
2015-06-08 21:53 - 2015-06-08 21:53 - 00003192 _____ C:\windows\System32\Tasks\IHUninstallTrackingTASK
2015-06-08 21:52 - 2015-06-08 21:52 - 00003192 _____ C:\windows\System32\Tasks\IHSelfDeleteTASK
2015-06-08 21:52 - 2015-06-08 21:52 - 00000000 ____D C:\ProgramData\Motive
2015-06-08 20:59 - 2015-06-08 20:59 - 00001086 _____ C:\Users\Public\Desktop\KeyFinder.lnk
2015-06-08 20:59 - 2015-06-08 20:59 - 00000000 ____D C:\Users\Beth\AppData\Roaming\OpenCandy
2015-06-08 20:59 - 2015-06-08 20:59 - 00000000 ____D C:\Users\Beth\AppData\Local\IsolatedStorage
2015-06-08 20:59 - 2015-06-08 20:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyFinder
2015-06-08 20:59 - 2015-06-08 20:59 - 00000000 ____D C:\Program Files (x86)\Magical Jelly Bean
2015-06-08 20:58 - 2015-06-08 20:58 - 01178272 _____ (Magical Jelly Bean ) C:\Users\Beth\Downloads\KeyFinderInstaller.exe
2015-06-08 20:24 - 2015-06-08 20:24 - 02721168 _____ (Microsoft Corporation) C:\Users\Beth\Downloads\Windows7-USB-DVD-Download-Tool-Installer-en-US.exe
2015-06-08 18:31 - 2015-05-22 14:18 - 01021440 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-06-08 18:31 - 2015-05-22 14:18 - 00757248 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-06-08 18:31 - 2015-05-22 14:18 - 00700416 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-06-08 18:31 - 2015-05-22 14:18 - 00423424 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-06-08 18:31 - 2015-05-22 14:18 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-06-08 18:31 - 2015-05-22 14:18 - 00045568 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-06-08 18:31 - 2015-05-22 14:13 - 01119232 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-06-08 18:31 - 2015-05-21 09:19 - 00193536 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-05-14 07:28 - 2015-05-14 07:28 - 00000000 ____D C:\Users\Beth\Documents\Bluetooth Exchange Folder
2015-05-14 03:05 - 2015-05-01 09:17 - 00124112 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 03:05 - 2015-05-01 09:16 - 00102608 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 00:01 - 2015-05-04 21:29 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-05-14 00:01 - 2015-05-04 21:12 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-05-14 00:01 - 2015-04-17 23:10 - 00460800 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2015-05-14 00:01 - 2015-04-17 22:56 - 00342016 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2015-05-14 00:01 - 2015-01-28 23:19 - 02543104 _____ (Microsoft Corporation) C:\windows\system32\wpdshext.dll
2015-05-14 00:01 - 2015-01-28 23:02 - 02311168 _____ (Microsoft Corporation) C:\windows\SysWOW64\wpdshext.dll
2015-05-14 00:00 - 2015-04-27 15:28 - 05569984 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-05-14 00:00 - 2015-04-27 15:28 - 00155584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-05-14 00:00 - 2015-04-27 15:28 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-05-14 00:00 - 2015-04-27 15:26 - 01728960 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-05-14 00:00 - 2015-04-27 15:23 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-05-14 00:00 - 2015-04-27 15:23 - 01254400 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll
2015-05-14 00:00 - 2015-04-27 15:23 - 01162752 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2015-05-14 00:00 - 2015-04-27 15:23 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
2015-05-14 00:00 - 2015-04-27 15:23 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2015-05-14 00:00 - 2015-04-27 15:23 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-05-14 00:00 - 2015-04-27 15:23 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-05-14 00:00 - 2015-04-27 15:23 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2015-05-14 00:00 - 2015-04-27 15:23 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2015-05-14 00:00 - 2015-04-27 15:23 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-05-14 00:00 - 2015-04-27 15:23 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-05-14 00:00 - 2015-04-27 15:23 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2015-05-14 00:00 - 2015-04-27 15:23 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2015-05-14 00:00 - 2015-04-27 15:23 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-05-14 00:00 - 2015-04-27 15:23 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-05-14 00:00 - 2015-04-27 15:23 - 00113664 _____ (Microsoft Corporation) C:\windows\system32\sechost.dll
2015-05-14 00:00 - 2015-04-27 15:23 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-05-14 00:00 - 2015-04-27 15:23 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-05-14 00:00 - 2015-04-27 15:23 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-05-14 00:00 - 2015-04-27 15:23 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-05-14 00:00 - 2015-04-27 15:23 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-05-14 00:00 - 2015-04-27 15:23 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-05-14 00:00 - 2015-04-27 15:23 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2015-05-14 00:00 - 2015-04-27 15:23 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2015-05-14 00:00 - 2015-04-27 15:22 - 00404992 _____ (Microsoft Corporation) C:\windows\system32\tracerpt.exe
2015-05-14 00:00 - 2015-04-27 15:22 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2015-05-14 00:00 - 2015-04-27 15:22 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-05-14 00:00 - 2015-04-27 15:22 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-05-14 00:00 - 2015-04-27 15:22 - 00104448 _____ (Microsoft Corporation) C:\windows\system32\logman.exe
2015-05-14 00:00 - 2015-04-27 15:22 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\typeperf.exe
2015-05-14 00:00 - 2015-04-27 15:22 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\relog.exe
2015-05-14 00:00 - 2015-04-27 15:22 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-05-14 00:00 - 2015-04-27 15:22 - 00019456 _____ (Microsoft Corporation) C:\windows\system32\diskperf.exe
2015-05-14 00:00 - 2015-04-27 15:21 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-05-14 00:00 - 2015-04-27 15:18 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-05-14 00:00 - 2015-04-27 15:18 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-05-14 00:00 - 2015-04-27 15:16 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-05-14 00:00 - 2015-04-27 15:16 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-05-14 00:00 - 2015-04-27 15:16 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-14 00:00 - 2015-04-27 15:16 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-14 00:00 - 2015-04-27 15:16 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-14 00:00 - 2015-04-27 15:16 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-14 00:00 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-14 00:00 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-14 00:00 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-14 00:00 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-14 00:00 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-14 00:00 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-14 00:00 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-14 00:00 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-14 00:00 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-14 00:00 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-14 00:00 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-14 00:00 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-14 00:00 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-14 00:00 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-14 00:00 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-14 00:00 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-14 00:00 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-14 00:00 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-14 00:00 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-14 00:00 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-14 00:00 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-14 00:00 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-14 00:00 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-14 00:00 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-14 00:00 - 2015-04-27 15:11 - 03989440 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-05-14 00:00 - 2015-04-27 15:11 - 03934144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-05-14 00:00 - 2015-04-27 15:08 - 01310744 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-05-14 00:00 - 2015-04-27 15:05 - 00635392 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll
2015-05-14 00:00 - 2015-04-27 15:05 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-05-14 00:00 - 2015-04-27 15:05 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-05-14 00:00 - 2015-04-27 15:05 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-05-14 00:00 - 2015-04-27 15:05 - 00092160 _____ (Microsoft Corporation) C:\windows\SysWOW64\sechost.dll
2015-05-14 00:00 - 2015-04-27 15:05 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-05-14 00:00 - 2015-04-27 15:05 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-05-14 00:00 - 2015-04-27 15:05 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-05-14 00:00 - 2015-04-27 15:05 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2015-05-14 00:00 - 2015-04-27 15:04 - 00641536 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2015-05-14 00:00 - 2015-04-27 15:04 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-05-14 00:00 - 2015-04-27 15:04 - 00364544 _____ (Microsoft Corporation) C:\windows\SysWOW64\tracerpt.exe
2015-05-14 00:00 - 2015-04-27 15:04 - 00082944 _____ (Microsoft Corporation) C:\windows\SysWOW64\logman.exe
2015-05-14 00:00 - 2015-04-27 15:04 - 00040448 _____ (Microsoft Corporation) C:\windows\SysWOW64\typeperf.exe
2015-05-14 00:00 - 2015-04-27 15:04 - 00037888 _____ (Microsoft Corporation) C:\windows\SysWOW64\relog.exe
2015-05-14 00:00 - 2015-04-27 15:04 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2015-05-14 00:00 - 2015-04-27 15:04 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-05-14 00:00 - 2015-04-27 15:03 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2015-05-14 00:00 - 2015-04-27 15:03 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2015-05-14 00:00 - 2015-04-27 15:03 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-05-14 00:00 - 2015-04-27 15:03 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-05-14 00:00 - 2015-04-27 15:03 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\diskperf.exe
2015-05-14 00:00 - 2015-04-27 15:03 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2015-05-14 00:00 - 2015-04-27 15:01 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-05-14 00:00 - 2015-04-27 15:01 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-05-14 00:00 - 2015-04-27 14:59 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-05-14 00:00 - 2015-04-27 14:59 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2015-05-14 00:00 - 2015-04-27 14:59 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-14 00:00 - 2015-04-27 14:59 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-14 00:00 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-14 00:00 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-14 00:00 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-14 00:00 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-14 00:00 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-14 00:00 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-14 00:00 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-14 00:00 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-14 00:00 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-14 00:00 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-14 00:00 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-14 00:00 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-14 00:00 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-14 00:00 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-14 00:00 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-14 00:00 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-14 00:00 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-14 00:00 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-14 00:00 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-14 00:00 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-14 00:00 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-14 00:00 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-14 00:00 - 2015-04-27 14:06 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll
2015-05-14 00:00 - 2015-04-27 13:57 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2015-05-14 00:00 - 2015-04-27 13:57 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2015-05-14 00:00 - 2015-04-27 13:55 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-14 00:00 - 2015-04-27 13:55 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-14 00:00 - 2015-04-27 13:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-14 00:00 - 2015-04-27 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-14 00:00 - 2015-04-21 22:28 - 00389840 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-05-14 00:00 - 2015-04-21 21:48 - 00342736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-05-14 00:00 - 2015-04-21 13:14 - 24971776 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-05-14 00:00 - 2015-04-21 13:08 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-05-14 00:00 - 2015-04-21 13:07 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-05-14 00:00 - 2015-04-21 12:51 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-05-14 00:00 - 2015-04-21 12:50 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-05-14 00:00 - 2015-04-21 12:50 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-05-14 00:00 - 2015-04-21 12:50 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-05-14 00:00 - 2015-04-21 12:49 - 02885120 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-05-14 00:00 - 2015-04-21 12:48 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-05-14 00:00 - 2015-04-21 12:41 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-05-14 00:00 - 2015-04-21 12:40 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-05-14 00:00 - 2015-04-21 12:37 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-05-14 00:00 - 2015-04-21 12:35 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-05-14 00:00 - 2015-04-21 12:35 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-05-14 00:00 - 2015-04-21 12:35 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-05-14 00:00 - 2015-04-21 12:34 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-05-14 00:00 - 2015-04-21 12:31 - 06025728 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-05-14 00:00 - 2015-04-21 12:26 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-05-14 00:00 - 2015-04-21 12:25 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-05-14 00:00 - 2015-04-21 12:24 - 19691008 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-05-14 00:00 - 2015-04-21 12:22 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-05-14 00:00 - 2015-04-21 12:14 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-05-14 00:00 - 2015-04-21 12:11 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-05-14 00:00 - 2015-04-21 12:11 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-05-14 00:00 - 2015-04-21 12:10 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-05-14 00:00 - 2015-04-21 12:09 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-05-14 00:00 - 2015-04-21 12:09 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-05-14 00:00 - 2015-04-21 12:08 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-05-14 00:00 - 2015-04-21 12:08 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-05-14 00:00 - 2015-04-21 12:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-05-14 00:00 - 2015-04-21 12:04 - 02278400 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-05-14 00:00 - 2015-04-21 12:03 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-05-14 00:00 - 2015-04-21 12:02 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-05-14 00:00 - 2015-04-21 12:00 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-05-14 00:00 - 2015-04-21 11:58 - 00664576 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-05-14 00:00 - 2015-04-21 11:58 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-05-14 00:00 - 2015-04-21 11:57 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-05-14 00:00 - 2015-04-21 11:49 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-05-14 00:00 - 2015-04-21 11:49 - 00720384 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-05-14 00:00 - 2015-04-21 11:48 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-05-14 00:00 - 2015-04-21 11:47 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-05-14 00:00 - 2015-04-21 11:46 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-05-14 00:00 - 2015-04-21 11:43 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-14 00:00 - 2015-04-21 11:40 - 14401536 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-05-14 00:00 - 2015-04-21 11:39 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-05-14 00:00 - 2015-04-21 11:38 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-05-14 00:00 - 2015-04-21 11:36 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-05-14 00:00 - 2015-04-21 11:31 - 04305920 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-05-14 00:00 - 2015-04-21 11:27 - 02352128 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-05-14 00:00 - 2015-04-21 11:26 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-05-14 00:00 - 2015-04-21 11:25 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-05-14 00:00 - 2015-04-21 11:24 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-05-14 00:00 - 2015-04-21 11:17 - 12828672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-05-14 00:00 - 2015-04-21 11:15 - 01547264 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-05-14 00:00 - 2015-04-21 11:03 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-05-14 00:00 - 2015-04-21 11:02 - 01882112 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-05-14 00:00 - 2015-04-21 10:58 - 01310208 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-05-14 00:00 - 2015-04-21 10:56 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-05-14 00:00 - 2015-04-12 23:28 - 00328704 _____ (Microsoft Corporation) C:\windows\system32\services.exe
2015-05-13 23:59 - 2015-04-19 23:17 - 01647104 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2015-05-13 23:59 - 2015-04-19 23:17 - 01179136 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2015-05-13 23:59 - 2015-04-19 22:56 - 01250816 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2015-05-13 23:59 - 2015-04-19 22:11 - 03204608 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-05-13 23:59 - 2015-04-07 23:29 - 00275456 _____ (Microsoft Corporation) C:\windows\system32\InkEd.dll
2015-05-13 23:59 - 2015-04-07 23:29 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\jnwmon.dll
2015-05-13 23:59 - 2015-04-07 23:14 - 00216064 _____ (Microsoft Corporation) C:\windows\SysWOW64\InkEd.dll
2015-05-13 23:59 - 2015-02-18 03:06 - 00123904 _____ (Microsoft Corporation) C:\windows\SysWOW64\poqexec.exe
2015-05-13 23:59 - 2015-02-18 03:04 - 00142336 _____ (Microsoft Corporation) C:\windows\system32\poqexec.exe
2015-05-13 23:49 - 2015-03-04 00:41 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\apphelp.dll
2015-05-13 23:49 - 2015-03-04 00:41 - 00072192 _____ (Microsoft Corporation) C:\windows\system32\aelupsvc.dll
2015-05-13 23:49 - 2015-03-04 00:41 - 00023552 _____ (Microsoft Corporation) C:\windows\system32\sdbinst.exe
2015-05-13 23:49 - 2015-03-04 00:41 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\shimeng.dll
2015-05-13 23:49 - 2015-03-04 00:11 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\shimeng.dll
2015-05-13 23:49 - 2015-03-04 00:10 - 00295936 _____ (Microsoft Corporation) C:\windows\SysWOW64\apphelp.dll
2015-05-13 23:49 - 2015-03-04 00:10 - 00020992 _____ (Microsoft Corporation) C:\windows\SysWOW64\sdbinst.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-10 08:29 - 2012-12-31 19:28 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-06-10 08:29 - 2012-02-06 15:00 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-10 08:29 - 2012-02-06 14:48 - 01201092 _____ C:\FaceProv.log
2015-06-10 08:29 - 2012-02-06 14:22 - 01814821 _____ C:\windows\WindowsUpdate.log
2015-06-09 18:44 - 2009-07-14 00:45 - 00028928 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-09 18:44 - 2009-07-14 00:45 - 00028928 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-09 17:42 - 2009-07-14 01:13 - 00782470 _____ C:\windows\system32\PerfStringBackup.INI
2015-06-09 17:39 - 2012-02-06 15:00 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-09 17:39 - 2012-02-06 14:50 - 00742542 _____ C:\windows\system32\fastboot.set
2015-06-09 17:38 - 2012-02-06 14:48 - 00000000 ____D C:\ProgramData\VeriFace
2015-06-09 17:37 - 2009-07-14 01:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-06-09 00:03 - 2012-06-08 11:47 - 00000000 ____D C:\Users\Beth\AppData\Local\CrashDumps
2015-06-09 00:03 - 2011-02-22 07:19 - 00000000 ____D C:\windows\Panther
2015-06-08 23:42 - 2012-05-17 19:50 - 00000000 ____D C:\Users\Beth\AppData\Local\Google
2015-06-08 23:02 - 2012-05-17 19:49 - 00112104 _____ C:\Users\Beth\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-08 22:59 - 2009-07-14 00:45 - 00412424 _____ C:\windows\system32\FNTCACHE.DAT
2015-06-08 22:57 - 2012-08-24 11:07 - 00010582 _____ C:\ProgramData\hpzinstall.log
2015-06-08 22:53 - 2012-08-24 11:06 - 00000000 ____D C:\ProgramData\HP
2015-06-08 22:52 - 2012-08-24 11:09 - 00000000 ____D C:\Program Files (x86)\HP
2015-06-08 22:50 - 2012-08-24 11:15 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2015-06-08 22:44 - 2013-11-04 16:14 - 00000000 ____D C:\Program Files\Paint.NET
2015-06-08 21:52 - 2014-03-20 17:09 - 00000000 ____D C:\Program Files (x86)\ATT
2015-06-08 21:52 - 2013-07-12 17:11 - 00000000 ____D C:\Users\Beth\AppData\Local\Deployment
2015-06-08 21:51 - 2013-07-12 17:13 - 00000000 ____D C:\Users\Beth\AppData\Local\Amazon Cloud Drive
2015-06-08 21:50 - 2014-07-23 23:15 - 00000000 ____D C:\Program Files\Digital Copy
2015-06-08 21:49 - 2012-06-15 21:04 - 00000000 ____D C:\ProgramData\Apple
2015-06-08 21:41 - 2012-06-20 19:18 - 00000000 ____D C:\Users\Beth\AppData\Roaming\Dropbox
2015-06-08 19:00 - 2012-06-20 19:20 - 00000000 ___RD C:\Users\Beth\Dropbox
2015-06-08 18:51 - 2014-12-11 10:12 - 00000000 ____D C:\windows\system32\appraiser
2015-06-08 18:51 - 2014-05-04 12:33 - 00000000 ___SD C:\windows\system32\CompatTel
2015-06-08 18:45 - 2015-04-07 08:15 - 00000000 ___SD C:\windows\SysWOW64\GWX
2015-06-08 18:45 - 2015-04-07 08:15 - 00000000 ___SD C:\windows\system32\GWX
2015-05-16 12:56 - 2012-02-06 15:00 - 00003894 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-16 12:56 - 2012-02-06 15:00 - 00003642 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-14 04:48 - 2009-07-13 23:20 - 00000000 ____D C:\windows\rescache
2015-05-14 03:57 - 2013-03-13 03:02 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-05-14 03:57 - 2013-03-13 03:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-05-14 03:54 - 2011-09-28 23:37 - 00000000 ____D C:\Program Files\Windows Journal
2015-05-14 03:54 - 2009-07-13 23:20 - 00000000 ____D C:\windows\system32\AdvancedInstallers
2015-05-14 03:34 - 2012-05-30 17:16 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-05-14 03:29 - 2014-06-04 18:15 - 00000000 ____D C:\windows\system32\MRT
2015-05-14 03:12 - 2014-06-04 18:15 - 140425016 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-05-14 03:05 - 2013-03-13 03:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-13 23:09 - 2014-09-09 22:51 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
==================== Files in the root of some directories =======
2012-06-28 10:19 - 2012-06-28 16:35 - 0006144 _____ () C:\Users\Beth\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-08-24 11:07 - 2015-06-08 22:57 - 0010582 _____ () C:\ProgramData\hpzinstall.log
Some files in TEMP:
====================
C:\Users\Beth\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpx__4cw.dll
C:\Users\Beth\AppData\Local\Temp\IHU323A.tmp.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-05-14 00:59
==================== End of log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:08-06-2015
Ran by Beth at 2015-06-10 08:38:04
Running from C:\Users\Beth\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-4225998983-3709521534-2982131043-500 - Administrator - Disabled)
Beth (S-1-5-21-4225998983-3709521534-2982131043-1002 - Administrator - Enabled) => C:\Users\Beth
Guest (S-1-5-21-4225998983-3709521534-2982131043-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4225998983-3709521534-2982131043-1003 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Norton Internet Security (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Internet Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.111 - Adobe Systems Incorporated)
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Reader X (10.1.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
AirPort (HKLM-x32\...\{AA68AAAE-41F0-40B5-8896-5947F5FD6889}) (Version: 5.6.1.2 - Apple Inc.)
AMD Catalyst Install Manager (HKLM\...\{2EA6DD00-92B2-DC34-9447-EFCDBE46236B}) (Version: 3.0.847.0 - Advanced Micro Devices, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.06 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 6.0.2.1 - Lenovo)
Energy Management (x32 Version: 6.0.2.1 - Lenovo) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
JavaFX 2.1.0 (HKLM-x32\...\{1111706F-666A-4037-7777-210328764D10}) (Version: 2.1.0 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}) (Version: 1.11.0209.1 - Lenovo EasyCamera)
Lenovo EE Boot Optimizer (HKLM\...\Lenovo EE Boot Optimizer) (Version: 0.0.1.9 - Lenovo)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.0.2525 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.0.2525 - CyberLink Corp.) Hidden
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3728 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 3.1.3728 - CyberLink Corp.) Hidden
Magical Jelly Bean KeyFinder (HKLM-x32\...\KeyFinder_is1) (Version: 2.0.10.10 - Magical Jelly Bean)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.7.0.11 - Symantec Corporation)
Onekey Theater (HKLM-x32\...\InstallShield_{D4B060B9-AD4A-4152-9D99-28B93C615AFE}) (Version: 2.0.2.8 - Lenovo)
Onekey Theater (x32 Version: 2.0.2.8 - Lenovo) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.7303 - CyberLink Corp.)
PowerXpressHybrid (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 1.2.0.36 - Ralink)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.21.531.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6358 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10008 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SRS Control Panel (HKLM\...\{F3C66EC8-2F33-452D-9CFF-E8C886B3ECC4}) (Version: 1.11.0900 - SRS Labs, Inc.)
Synaptics Gesture Suite featuring SYNAPTICS | Scrybe (HKLM-x32\...\{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}) (Version: 1.6.5.17120 - Synaptics Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.20.0 - Synaptics Incorporated)
Unchecky v0.3.7.5 (HKLM-x32\...\Unchecky) (Version: 0.3.7.5 - RaMMicHaeL)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.6 - Lenovo)
UserGuide (x32 Version: 1.0.0.6 - Lenovo) Hidden
VeriFace (HKLM-x32\...\VeriFace) (Version: 4.0.1.0126 - Lenovo)
WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.2700 - Broadcom Corporation)
Windows Driver Package - Lenovo (ACPIVPC) System (12/02/2010 6.1.0.1) (HKLM\...\EA12B1FB53CE4E387C31A85236C41EF559B5E392) (Version: 12/02/2010 6.1.0.1 - Lenovo)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinFF 1.4.2 (HKLM-x32\...\WinFF_is1) (Version: - WinFF.org)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-4225998983-3709521534-2982131043-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Beth\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-4225998983-3709521534-2982131043-1002_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Beth\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4225998983-3709521534-2982131043-1002_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Beth\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4225998983-3709521534-2982131043-1002_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Beth\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4225998983-3709521534-2982131043-1002_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Beth\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4225998983-3709521534-2982131043-1002_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Beth\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4225998983-3709521534-2982131043-1002_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Beth\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
==================== Restore Points =========================
08-06-2015 18:44:09 Windows Update
08-06-2015 21:42:29 Removed Google Talk Plugin
08-06-2015 21:44:15 Removed HP Update.
08-06-2015 21:46:50 Removed Apple Mobile Device Support
08-06-2015 21:48:34 Removed Apple Application Support
08-06-2015 21:50:14 Removed Amazon Music Importer
08-06-2015 22:43:23 Removed Paint.NET v3.5.11
08-06-2015 23:04:17 Removed LG Verizon United Drivers.
08-06-2015 23:19:01 Removed Apple Software Update
08-06-2015 23:28:24 Removed Apple Software Update
09-06-2015 17:57:04 Installed Minecraft
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 22:34 - 2015-06-09 17:37 - 00001993 ____A C:\windows\system32\Drivers\etc\hosts
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com
There are 4 more lines.
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {09FCE31B-B7A7-4E02-9299-20871A51FB67} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {12E8BD40-23E7-4E1A-9393-00F51908FD7F} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2011-01-28] (CyberLink)
Task: {200AE3C0-F28F-4A22-88A3-787894415B4D} - System32\Tasks\IHUninstallTrackingTASK => CMD
Task: {3A56107B-26E5-4653-989A-50FC35505411} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {4629B2A9-3528-42D0-8F85-839DD6238490} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-13] (Google Inc.)
Task: {5DC388E0-5ABB-46CC-99B4-E3DFE84F8ECD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-13] (Google Inc.)
Task: {623834D9-5A27-40BA-9709-F5E46FC6DDAB} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {75C8FD91-F67F-40B6-B73B-010ADCD397F2} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-03-16] (Microsoft Corporation)
Task: {7FCA1010-422C-4A55-B112-275E5CF8B7CE} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {932C62E4-48FC-4473-B876-2180777D3C16} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\WSCStub.exe [2015-03-07] (Symantec Corporation)
Task: {9562456F-AA20-49E8-A9E1-E74120C79CE0} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: {B0276214-5E8B-42DC-8AA9-0A1E128DBB19} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation)
Task: {CD2245D6-7422-4822-ACD5-7A8E780772A7} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {D760E403-075E-4D23-BE7B-953BDE2D20D6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-05-08] (Piriform Ltd)
Task: {E36164C1-A48D-4A49-8A4E-A50295EC449F} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2012-05-23] (Microsoft Corporation)
Task: {EC0B37DF-AF40-4882-A9A9-FA4BC0302DFA} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {F177D72C-9D96-4985-B5D7-3BD73C5829BB} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {F9F3DDFF-08EF-4388-845B-47A7B7F15F85} - System32\Tasks\IHSelfDeleteTASK => CMD
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (Whitelisted) ==============
2011-12-15 05:05 - 2011-12-15 05:05 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2012-02-06 14:32 - 2010-05-19 06:43 - 00454656 _____ () C:\Program Files (x86)\Ralink\RT2860 Wireless LAN Card\ExtraFiles\RaMediaServer.exe
2011-02-16 13:56 - 2011-02-16 13:56 - 00202144 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect64.dll
2011-02-16 14:01 - 2011-02-16 14:01 - 00156576 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll64.dll
2012-02-06 14:48 - 2012-02-06 14:48 - 01508192 _____ () C:\windows\system32\IcnOvrly.dll
2012-02-06 14:48 - 2012-02-06 14:48 - 00628064 _____ () C:\windows\system32\SimpleExt.dll
2011-07-04 01:58 - 2011-03-31 19:29 - 00057640 _____ () C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll
2008-12-19 23:20 - 2012-02-06 15:06 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2008-12-19 23:20 - 2012-02-06 15:06 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2012-02-06 14:51 - 2012-02-06 14:51 - 00100256 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
2011-12-15 05:04 - 2011-12-15 05:04 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2011-11-09 05:55 - 2011-11-09 05:55 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-12-15 05:11 - 2011-12-15 05:11 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-02-16 13:51 - 2011-02-16 13:51 - 00161696 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll
2011-02-16 13:53 - 2011-02-16 13:53 - 00133024 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll
2012-06-15 13:06 - 2011-03-31 19:29 - 00066856 _____ () C:\windows\SysWOW64\SynTPEnhPS.dll
2012-02-06 14:48 - 2012-02-06 14:48 - 00013664 _____ () C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
2015-06-08 18:32 - 2015-05-22 16:22 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libglesv2.dll
2015-06-08 18:32 - 2015-05-22 16:22 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-4225998983-3709521534-2982131043-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Beth\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 172.16.42.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupreg: BYRUA_AGENT => C:\ProgramData\LGMOBILEAX\BYR_Client\VZWUAAgent.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpqSRMon => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
MSCONFIG\startupreg: SmileboxTray => "C:\Users\Beth\AppData\Roaming\Smilebox\SmileboxTray.exe"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{4049F04D-C0F6-46E5-B0D5-A663D0995A3A}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{552FD3DF-1D93-46E9-93F9-E5E7608C7AEB}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{64045B83-A53F-46CD-989D-176D0CC48944}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{F99C2E4B-2A71-457E-BA07-E9E46A58E4DF}] => (Allow) LPort=2869
FirewallRules: [{4B4DB879-208D-4314-A242-DE52D38F51C4}] => (Allow) LPort=1900
FirewallRules: [{CC5B8D3B-AC27-4D34-B375-E9037A536B00}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{A4BE72AF-E433-41DB-8BAE-78CCCC9BBD5C}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{A484F45A-D471-4870-B148-9CB10B6B27E9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{EAB37D0A-1683-4A4B-AD7A-4833B0BAB04B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{837FD3B5-E19E-442B-AD0C-BA4A4558106F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{12B512FA-5D20-4058-910D-2F4D097D236D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{CC2D7107-988E-4923-9E17-3E68BAD6E37A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{CCC0C064-9428-404A-865D-107A219FE1DC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{C32356FD-8A79-4CF9-9902-9D36E5CA884D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{4A72C653-2512-4BF2-A40A-E345D46F65AD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{E9450FBB-6AFE-41E7-8BF7-0C449FB785BF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{B3B9B754-B355-495F-A21A-3635F3E47984}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{EE4C8A97-F2DF-4DDA-8A3F-4BC17E682E78}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe
FirewallRules: [{F7D2B3E8-7E26-4612-B02B-76AA958F5149}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{901FBBE7-00E6-4801-AE16-5C0E04A7DEC8}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{ED33270B-F08D-4382-A994-85EA8A25E5AA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe
FirewallRules: [{505AFC09-9A7E-4F8C-82B3-9642E8154D90}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe
FirewallRules: [{2D861EDF-0DB0-4D76-BABE-A17A70D84F7E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{83F60E58-BC3D-4DFB-BDBD-6FF1CFB30BBD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{08C0FA45-B5B6-4D90-94C0-9AEB60A45AFA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{8C598D32-3BA1-4DD3-841E-20AE5DB8ED42}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{29EE2281-8F3D-4538-97D8-3F3DAF86E889}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{E3796465-F746-4B8F-AB6F-1F77A7B8C85B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{2A9EC455-6A29-42DE-A957-9D4FA8E8C835}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{955F0332-AABA-43D8-9684-65BD1431BBE6}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{1193E114-8A53-4456-98EE-19F29B60DC89}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{51216167-F5FB-4449-B71D-5DC2B4C3065F}] => (Allow) C:\Program Files (x86)\AirPort\APAgent.exe
FirewallRules: [TCP Query User{DA7AB81C-AB61-4DF1-BCB9-EB6027B3C777}C:\users\beth\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\beth\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{96255355-908A-4010-9918-92F8359E99A8}C:\users\beth\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\beth\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{F57C1EA1-C396-4597-8CB4-884DB12E5327}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/09/2015 05:57:09 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-4225998983-3709521534-2982131043-1002.bak). hr = 0x80070539, The security ID structure is invalid.
.
Operation:
OnIdentify event
Gathering Writer Data
Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {1a044959-ff81-41ba-87c2-cbeb44319078}
Error: (06/09/2015 05:38:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/08/2015 11:40:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/08/2015 11:28:24 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-4225998983-3709521534-2982131043-1002.bak). hr = 0x80070539, The security ID structure is invalid.
.
Operation:
OnIdentify event
Gathering Writer Data
Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {d7f26658-84d3-48e3-8ceb-c3e4552b2116}
Error: (06/08/2015 11:19:01 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-4225998983-3709521534-2982131043-1002.bak). hr = 0x80070539, The security ID structure is invalid.
.
Operation:
OnIdentify event
Gathering Writer Data
Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {50d86aa9-fede-42b2-be15-4a73c3956e93}
Error: (06/08/2015 11:04:19 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-4225998983-3709521534-2982131043-1002.bak). hr = 0x80070539, The security ID structure is invalid.
.
Operation:
OnIdentify event
Gathering Writer Data
Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {4c0c42cc-58fd-41b9-95eb-5de9ddef86ec}
Error: (06/08/2015 11:00:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/08/2015 10:43:23 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-4225998983-3709521534-2982131043-1002.bak). hr = 0x80070539, The security ID structure is invalid.
.
Operation:
OnIdentify event
Gathering Writer Data
Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {9e005eb4-f8e8-48f9-8cbe-c138bbf6091d}
Error: (06/08/2015 10:18:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/08/2015 09:50:14 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-4225998983-3709521534-2982131043-1002.bak). hr = 0x80070539, The security ID structure is invalid.
.
Operation:
OnIdentify event
Gathering Writer Data
Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {912410bf-b184-4d21-8a77-4af9be2848db}
System errors:
=============
Error: (06/10/2015 05:01:21 AM) (Source: cdrom) (EventID: 15) (User: )
Description: The device, \Device\CdRom0, is not ready for access yet.
Error: (06/10/2015 05:01:21 AM) (Source: cdrom) (EventID: 15) (User: )
Description: The device, \Device\CdRom0, is not ready for access yet.
Error: (06/09/2015 09:12:47 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer BETHLAPTOP
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{3ECD416B-FB63-45FB-8BF1-DFCDF0871B78}.
The master browser is stopping or an election is being forced.
Error: (06/09/2015 07:41:17 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: The Ralink UPnP Media Server service has reported an invalid current state 0.
Error: (06/09/2015 07:41:15 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: The Ralink UPnP Media Server service has reported an invalid current state 0.
Error: (06/09/2015 05:37:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee SiteAdvisor Service service failed to start due to the following error:
%%2
Error: (06/09/2015 00:10:04 AM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: The Ralink UPnP Media Server service has reported an invalid current state 0.
Error: (06/08/2015 11:42:33 PM) (Source: cdrom) (EventID: 15) (User: )
Description: The device, \Device\CdRom0, is not ready for access yet.
Error: (06/08/2015 11:39:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee SiteAdvisor Service service failed to start due to the following error:
%%2
Error: (06/08/2015 11:38:02 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: The Ralink UPnP Media Server service has reported an invalid current state 0.
Microsoft Office:
=========================
Error: (06/09/2015 05:57:09 PM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-21-4225998983-3709521534-2982131043-1002.bak)0x80070539, The security ID structure is invalid.
Operation:
OnIdentify event
Gathering Writer Data
Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {1a044959-ff81-41ba-87c2-cbeb44319078}
Error: (06/09/2015 05:38:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/08/2015 11:40:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/08/2015 11:28:24 PM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-21-4225998983-3709521534-2982131043-1002.bak)0x80070539, The security ID structure is invalid.
Operation:
OnIdentify event
Gathering Writer Data
Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {d7f26658-84d3-48e3-8ceb-c3e4552b2116}
Error: (06/08/2015 11:19:01 PM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-21-4225998983-3709521534-2982131043-1002.bak)0x80070539, The security ID structure is invalid.
Operation:
OnIdentify event
Gathering Writer Data
Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {50d86aa9-fede-42b2-be15-4a73c3956e93}
Error: (06/08/2015 11:04:19 PM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-21-4225998983-3709521534-2982131043-1002.bak)0x80070539, The security ID structure is invalid.
Operation:
OnIdentify event
Gathering Writer Data
Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {4c0c42cc-58fd-41b9-95eb-5de9ddef86ec}
Error: (06/08/2015 11:00:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/08/2015 10:43:23 PM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-21-4225998983-3709521534-2982131043-1002.bak)0x80070539, The security ID structure is invalid.
Operation:
OnIdentify event
Gathering Writer Data
Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {9e005eb4-f8e8-48f9-8cbe-c138bbf6091d}
Error: (06/08/2015 10:18:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/08/2015 09:50:14 PM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-21-4225998983-3709521534-2982131043-1002.bak)0x80070539, The security ID structure is invalid.
Operation:
OnIdentify event
Gathering Writer Data
Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {912410bf-b184-4d21-8a77-4af9be2848db}
CodeIntegrity Errors:
===================================
Date: 2013-03-04 20:06:01.030
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-03-04 20:06:00.950
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-03-04 20:05:56.943
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-03-04 20:05:56.862
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: AMD A6-3420M APU with Radeon HD Graphics
Percentage of memory in use: 58%
Total physical RAM: 3558.11 MB
Available physical RAM: 1489.08 MB
Total Pagefile: 7114.43 MB
Available Pagefile: 4591.68 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:421.81 GB) (Free:366.15 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:26.88 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 866EDC07)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=421.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=14.8 GB) - (Type=12)
==================== End of log ============================