Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Windows Indexing

Started by A1RotNBrat , Jan 06 2016 11:45 AM

Please log in to reply

#16
RKinner

Posted 07 January 2016 - 08:19 PM

Malware Expert

Expert
24,625 posts

Run VEW again for both System and Application and post the logs.

Get Process Explorer

http://live.sysinter...com/procexp.exe

Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK

Options, Verify Image Signatures

Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a full minute then:

File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.

#17
A1RotNBrat

Posted 07 January 2016 - 08:40 PM

Member

Topic Starter
Member
102 posts

System Log

Vino's Event Viewer v01c run on Windows 7 in English

Report run at 07/01/2016 8:38:59 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'System' Log - Critical Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'System' Date/Time: 07/01/2016 4:32:34 PM

Type: Critical Category: 173

Event: 142 Source: Microsoft-Windows-Kernel-Power

The system has rebooted without cleanly shutting down first. This error is caused because the system stopped responding and the hardware watchdog triggered a system reset.

Log: 'System' Date/Time: 07/01/2016 4:32:34 PM

Type: Critical Category: 63

Event: 41 Source: Microsoft-Windows-Kernel-Power

The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'System' Log - Error Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'System' Date/Time: 08/01/2016 2:37:16 AM

Type: Error Category: 0

Event: 7034 Source: Service Control Manager

The Windows Search service terminated unexpectedly. It has done this 23 time(s).

Log: 'System' Date/Time: 08/01/2016 2:37:07 AM

Type: Error Category: 0

Event: 10010 Source: Microsoft-Windows-DistributedCOM

The server {B52D54BB-4818-4EB9-AA80-F9EACD371DF8} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 08/01/2016 2:35:07 AM

Type: Error Category: 0

Event: 7034 Source: Service Control Manager

The Windows Search service terminated unexpectedly. It has done this 22 time(s).

Log: 'System' Date/Time: 08/01/2016 2:34:58 AM

Type: Error Category: 0

Event: 10010 Source: Microsoft-Windows-DistributedCOM

The server {B52D54BB-4818-4EB9-AA80-F9EACD371DF8} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 08/01/2016 2:32:58 AM

Type: Error Category: 0

Event: 7034 Source: Service Control Manager

The Windows Search service terminated unexpectedly. It has done this 21 time(s).

Log: 'System' Date/Time: 08/01/2016 2:32:49 AM

Type: Error Category: 0

Event: 7034 Source: Service Control Manager

The Windows Search service terminated unexpectedly. It has done this 20 time(s).

Log: 'System' Date/Time: 08/01/2016 2:32:42 AM

Type: Error Category: 0

Event: 7034 Source: Service Control Manager

The Windows Search service terminated unexpectedly. It has done this 19 time(s).

Log: 'System' Date/Time: 08/01/2016 2:32:34 AM

Type: Error Category: 0

Event: 10010 Source: Microsoft-Windows-DistributedCOM

The server {B52D54BB-4818-4EB9-AA80-F9EACD371DF8} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 08/01/2016 2:30:34 AM

Type: Error Category: 0

Event: 7034 Source: Service Control Manager

The Windows Search service terminated unexpectedly. It has done this 18 time(s).

Log: 'System' Date/Time: 08/01/2016 2:30:25 AM

Type: Error Category: 0

Event: 10010 Source: Microsoft-Windows-DistributedCOM

The server {B52D54BB-4818-4EB9-AA80-F9EACD371DF8} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 08/01/2016 2:28:25 AM

Type: Error Category: 0

Event: 7034 Source: Service Control Manager

The Windows Search service terminated unexpectedly. It has done this 17 time(s).

Log: 'System' Date/Time: 08/01/2016 2:28:18 AM

Type: Error Category: 0

Event: 10010 Source: Microsoft-Windows-DistributedCOM

The server {B52D54BB-4818-4EB9-AA80-F9EACD371DF8} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 08/01/2016 2:26:18 AM

Type: Error Category: 0

Event: 7034 Source: Service Control Manager

The Windows Search service terminated unexpectedly. It has done this 16 time(s).

Log: 'System' Date/Time: 08/01/2016 2:26:09 AM

Type: Error Category: 0

Event: 7034 Source: Service Control Manager

The Windows Search service terminated unexpectedly. It has done this 15 time(s).

Log: 'System' Date/Time: 08/01/2016 2:25:58 AM

Type: Error Category: 0

Event: 10010 Source: Microsoft-Windows-DistributedCOM

The server {B52D54BB-4818-4EB9-AA80-F9EACD371DF8} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 08/01/2016 2:23:58 AM

Type: Error Category: 0

Event: 7034 Source: Service Control Manager

The Windows Search service terminated unexpectedly. It has done this 14 time(s).

Log: 'System' Date/Time: 08/01/2016 2:23:43 AM

Type: Error Category: 0

Event: 10010 Source: Microsoft-Windows-DistributedCOM

The server {B52D54BB-4818-4EB9-AA80-F9EACD371DF8} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 08/01/2016 2:21:43 AM

Type: Error Category: 0

Event: 7034 Source: Service Control Manager

The Windows Search service terminated unexpectedly. It has done this 13 time(s).

Log: 'System' Date/Time: 08/01/2016 2:21:30 AM

Type: Error Category: 0

Event: 10010 Source: Microsoft-Windows-DistributedCOM

The server {B52D54BB-4818-4EB9-AA80-F9EACD371DF8} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 08/01/2016 2:19:30 AM

Type: Error Category: 0

Event: 7034 Source: Service Control Manager

The Windows Search service terminated unexpectedly. It has done this 12 time(s).

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'System' Log - Warning Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'System' Date/Time: 08/01/2016 2:01:01 AM

Type: Warning Category: 212

Event: 219 Source: Microsoft-Windows-Kernel-PnP

The driver \Driver\WudfRd failed to load for the device USB\VID_0BB4&PID_0BAD&MI_00\6&540db0c&0&0000.

Log: 'System' Date/Time: 08/01/2016 12:48:08 AM

Type: Warning Category: 212

Event: 219 Source: Microsoft-Windows-Kernel-PnP

The driver \Driver\WudfRd failed to load for the device USB\VID_0BB4&PID_0BAD&MI_00\6&540db0c&0&0000.

Log: 'System' Date/Time: 07/01/2016 8:50:48 PM

Type: Warning Category: 1014

Event: 1014 Source: Microsoft-Windows-DNS-Client

Name resolution for the name recs.richrelevance.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 07/01/2016 7:10:16 PM

Type: Warning Category: 212

Event: 219 Source: Microsoft-Windows-Kernel-PnP

The driver \Driver\WudfRd failed to load for the device USB\VID_0BB4&PID_0BAD&MI_00\6&540db0c&0&0000.

Log: 'System' Date/Time: 07/01/2016 4:32:43 PM

Type: Warning Category: 212

Event: 219 Source: Microsoft-Windows-Kernel-PnP

The driver \Driver\WudfRd failed to load for the device USB\VID_0BB4&PID_0BAD&MI_00\6&540db0c&0&0000.

Log: 'System' Date/Time: 07/01/2016 3:45:07 PM

Type: Warning Category: 0

Event: 1073 Source: User32

The attempt by user MARTIN\Amy Martin to restart/shutdown computer MARTIN failed

Edited by A1RotNBrat, 07 January 2016 - 08:41 PM.

#18
A1RotNBrat

Posted 07 January 2016 - 08:41 PM

Member

Topic Starter
Member
102 posts

Application Log

Vino's Event Viewer v01c run on Windows 7 in English

Report run at 07/01/2016 8:39:54 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'Application' Log - Critical Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'Application' Log - Error Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'Application' Date/Time: 08/01/2016 2:39:24 AM

Type: Error Category: 100

Event: 1000 Source: Application Error

Faulting application name: SearchIndexer.exe, version: 7.0.9600.17787, time stamp: 0x551b6346 Faulting module name: msvcrt.dll, version: 7.0.9600.17415, time stamp: 0x545055fe Exception code: 0xc00000fd Fault offset: 0x00000000000022a3 Faulting process id: 0x156c Faulting application start time: 0x01d149bdc49e192b Faulting application path: C:\WINDOWS\system32\SearchIndexer.exe Faulting module path: C:\WINDOWS\system32\msvcrt.dll Report Id: 06b1cf35-b5b1-11e5-bf7a-a8e85ff6dddf Faulting package full name: Faulting package-relative application ID:

Log: 'Application' Date/Time: 08/01/2016 2:37:16 AM

Type: Error Category: 100

Event: 1000 Source: Application Error

Faulting application name: SearchIndexer.exe, version: 7.0.9600.17787, time stamp: 0x551b6346 Faulting module name: msvcrt.dll, version: 7.0.9600.17415, time stamp: 0x545055fe Exception code: 0xc00000fd Fault offset: 0x000000000000272c Faulting process id: 0xf64 Faulting application start time: 0x01d149bd77b91681 Faulting application path: C:\WINDOWS\system32\SearchIndexer.exe Faulting module path: C:\WINDOWS\system32\msvcrt.dll Report Id: baacea2f-b5b0-11e5-bf7a-a8e85ff6dddf Faulting package full name: Faulting package-relative application ID:

Log: 'Application' Date/Time: 08/01/2016 2:35:07 AM

Type: Error Category: 100

Event: 1000 Source: Application Error

Faulting application name: SearchIndexer.exe, version: 7.0.9600.17787, time stamp: 0x551b6346 Faulting module name: msvcrt.dll, version: 7.0.9600.17415, time stamp: 0x545055fe Exception code: 0xc00000fd Fault offset: 0x000000000000272c Faulting process id: 0x19e0 Faulting application start time: 0x01d149bd2aa20ebb Faulting application path: C:\WINDOWS\system32\SearchIndexer.exe Faulting module path: C:\WINDOWS\system32\msvcrt.dll Report Id: 6dc811d1-b5b0-11e5-bf7a-a8e85ff6dddf Faulting package full name: Faulting package-relative application ID:

Log: 'Application' Date/Time: 08/01/2016 2:32:57 AM

Type: Error Category: 100

Event: 1000 Source: Application Error

Faulting application name: SearchIndexer.exe, version: 7.0.9600.17787, time stamp: 0x551b6346 Faulting module name: ntdll.dll, version: 6.3.9600.18146, time stamp: 0x5650b9bb Exception code: 0xc00000fd Fault offset: 0x000000000004868e Faulting process id: 0x1970 Faulting application start time: 0x01d149bcddf329ab Faulting application path: C:\WINDOWS\system32\SearchIndexer.exe Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll Report Id: 208591cf-b5b0-11e5-bf7a-a8e85ff6dddf Faulting package full name: Faulting package-relative application ID:

Log: 'Application' Date/Time: 08/01/2016 2:32:49 AM

Type: Error Category: 100

Event: 1000 Source: Application Error

Faulting application name: SearchIndexer.exe, version: 7.0.9600.17787, time stamp: 0x551b6346 Faulting module name: msvcrt.dll, version: 7.0.9600.17415, time stamp: 0x545055fe Exception code: 0xc00000fd Fault offset: 0x0000000000001f4a Faulting process id: 0x1950 Faulting application start time: 0x01d149bcd9742312 Faulting application path: C:\WINDOWS\system32\SearchIndexer.exe Faulting module path: C:\WINDOWS\system32\msvcrt.dll Report Id: 1b68b2d0-b5b0-11e5-bf7a-a8e85ff6dddf Faulting package full name: Faulting package-relative application ID:

Log: 'Application' Date/Time: 08/01/2016 2:32:41 AM

Type: Error Category: 100

Event: 1000 Source: Application Error

Faulting application name: SearchIndexer.exe, version: 7.0.9600.17787, time stamp: 0x551b6346 Faulting module name: msvcrt.dll, version: 7.0.9600.17415, time stamp: 0x545055fe Exception code: 0xc00000fd Fault offset: 0x000000000000276c Faulting process id: 0x1934 Faulting application start time: 0x01d149bcd4f75571 Faulting application path: C:\WINDOWS\system32\SearchIndexer.exe Faulting module path: C:\WINDOWS\system32\msvcrt.dll Report Id: 16c7464e-b5b0-11e5-bf7a-a8e85ff6dddf Faulting package full name: Faulting package-relative application ID:

Log: 'Application' Date/Time: 08/01/2016 2:30:33 AM

Type: Error Category: 100

Event: 1000 Source: Application Error

Faulting application name: SearchIndexer.exe, version: 7.0.9600.17787, time stamp: 0x551b6346 Faulting module name: msvcrt.dll, version: 7.0.9600.17415, time stamp: 0x545055fe Exception code: 0xc00000fd Fault offset: 0x00000000000022a3 Faulting process id: 0xfe0 Faulting application start time: 0x01d149bc87f84a6e Faulting application path: C:\WINDOWS\system32\SearchIndexer.exe Faulting module path: C:\WINDOWS\system32\msvcrt.dll Report Id: caa3a937-b5af-11e5-bf7a-a8e85ff6dddf Faulting package full name: Faulting package-relative application ID:

Log: 'Application' Date/Time: 08/01/2016 2:28:24 AM

Type: Error Category: 100

Event: 1000 Source: Application Error

Faulting application name: SearchIndexer.exe, version: 7.0.9600.17787, time stamp: 0x551b6346 Faulting module name: msvcrt.dll, version: 7.0.9600.17415, time stamp: 0x545055fe Exception code: 0xc00000fd Fault offset: 0x00000000000022de Faulting process id: 0x2f0 Faulting application start time: 0x01d149bc3c83c3a9 Faulting application path: C:\WINDOWS\system32\SearchIndexer.exe Faulting module path: C:\WINDOWS\system32\msvcrt.dll Report Id: 7dd71776-b5af-11e5-bf7a-a8e85ff6dddf Faulting package full name: Faulting package-relative application ID:

Log: 'Application' Date/Time: 08/01/2016 2:26:18 AM

Type: Error Category: 100

Event: 1000 Source: Application Error

Faulting application name: SearchIndexer.exe, version: 7.0.9600.17787, time stamp: 0x551b6346 Faulting module name: msvcrt.dll, version: 7.0.9600.17415, time stamp: 0x545055fe Exception code: 0xc00000fd Fault offset: 0x00000000000022a3 Faulting process id: 0xf18 Faulting application start time: 0x01d149bbef3c2803 Faulting application path: C:\WINDOWS\system32\SearchIndexer.exe Faulting module path: C:\WINDOWS\system32\msvcrt.dll Report Id: 32941f05-b5af-11e5-bf7a-a8e85ff6dddf Faulting package full name: Faulting package-relative application ID:

Log: 'Application' Date/Time: 08/01/2016 2:26:08 AM

Type: Error Category: 100

Event: 1000 Source: Application Error

Faulting application name: SearchIndexer.exe, version: 7.0.9600.17787, time stamp: 0x551b6346 Faulting module name: msvcrt.dll, version: 7.0.9600.17415, time stamp: 0x545055fe Exception code: 0xc00000fd Fault offset: 0x00000000000022a3 Faulting process id: 0x1004 Faulting application start time: 0x01d149bbe8ffd01f Faulting application path: C:\WINDOWS\system32\SearchIndexer.exe Faulting module path: C:\WINDOWS\system32\msvcrt.dll Report Id: 2cbdc907-b5af-11e5-bf7a-a8e85ff6dddf Faulting package full name: Faulting package-relative application ID:

Log: 'Application' Date/Time: 08/01/2016 2:23:58 AM

Type: Error Category: 100

Event: 1000 Source: Application Error

Faulting application name: SearchIndexer.exe, version: 7.0.9600.17787, time stamp: 0x551b6346 Faulting module name: msvcrt.dll, version: 7.0.9600.17415, time stamp: 0x545055fe Exception code: 0xc00000fd Fault offset: 0x0000000000001f4a Faulting process id: 0x6c0 Faulting application start time: 0x01d149bb98849e9f Faulting application path: C:\WINDOWS\system32\SearchIndexer.exe Faulting module path: C:\WINDOWS\system32\msvcrt.dll Report Id: df104177-b5ae-11e5-bf7a-a8e85ff6dddf Faulting package full name: Faulting package-relative application ID:

Log: 'Application' Date/Time: 08/01/2016 2:21:43 AM

Type: Error Category: 100

Event: 1000 Source: Application Error

Faulting application name: SearchIndexer.exe, version: 7.0.9600.17787, time stamp: 0x551b6346 Faulting module name: msvcrt.dll, version: 7.0.9600.17415, time stamp: 0x545055fe Exception code: 0xc00000fd Fault offset: 0x00000000000022de Faulting process id: 0x171c Faulting application start time: 0x01d149bb490e8812 Faulting application path: C:\WINDOWS\system32\SearchIndexer.exe Faulting module path: C:\WINDOWS\system32\msvcrt.dll Report Id: 8e94574b-b5ae-11e5-bf7a-a8e85ff6dddf Faulting package full name: Faulting package-relative application ID:

Log: 'Application' Date/Time: 08/01/2016 2:19:30 AM

Type: Error Category: 100

Event: 1000 Source: Application Error

Faulting application name: SearchIndexer.exe, version: 7.0.9600.17787, time stamp: 0x551b6346 Faulting module name: ntdll.dll, version: 6.3.9600.18146, time stamp: 0x5650b9bb Exception code: 0xc00000fd Fault offset: 0x0000000000030c72 Faulting process id: 0x7a8 Faulting application start time: 0x01d149bafb7867d0 Faulting application path: C:\WINDOWS\system32\SearchIndexer.exe Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll Report Id: 3f1598ee-b5ae-11e5-bf7a-a8e85ff6dddf Faulting package full name: Faulting package-relative application ID:

Log: 'Application' Date/Time: 08/01/2016 2:17:20 AM

Type: Error Category: 100

Event: 1000 Source: Application Error

Faulting application name: SearchIndexer.exe, version: 7.0.9600.17787, time stamp: 0x551b6346 Faulting module name: ntdll.dll, version: 6.3.9600.18146, time stamp: 0x5650b9bb Exception code: 0xc00000fd Fault offset: 0x0000000000030dcb Faulting process id: 0xe98 Faulting application start time: 0x01d149baaf16b95a Faulting application path: C:\WINDOWS\system32\SearchIndexer.exe Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll Report Id: f189baa7-b5ad-11e5-bf7a-a8e85ff6dddf Faulting package full name: Faulting package-relative application ID:

Log: 'Application' Date/Time: 08/01/2016 2:16:53 AM

Type: Error Category: 100

Event: 1000 Source: Application Error

Faulting application name: SearchIndexer.exe, version: 7.0.9600.17787, time stamp: 0x551b6346 Faulting module name: msvcrt.dll, version: 7.0.9600.17415, time stamp: 0x545055fe Exception code: 0xc00000fd Fault offset: 0x00000000000022de Faulting process id: 0x1140 Faulting application start time: 0x01d149ba9eccb444 Faulting application path: C:\WINDOWS\system32\SearchIndexer.exe Faulting module path: C:\WINDOWS\system32\msvcrt.dll Report Id: e199b8bf-b5ad-11e5-bf7a-a8e85ff6dddf Faulting package full name: Faulting package-relative application ID:

Log: 'Application' Date/Time: 08/01/2016 2:16:38 AM

Type: Error Category: 100

Event: 1000 Source: Application Error

Faulting application name: SearchIndexer.exe, version: 7.0.9600.17787, time stamp: 0x551b6346 Faulting module name: ntdll.dll, version: 6.3.9600.18146, time stamp: 0x5650b9bb Exception code: 0xc00000fd Fault offset: 0x0000000000030e5a Faulting process id: 0x11ec Faulting application start time: 0x01d149ba95f94122 Faulting application path: C:\WINDOWS\system32\SearchIndexer.exe Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll Report Id: d8abbac4-b5ad-11e5-bf7a-a8e85ff6dddf Faulting package full name: Faulting package-relative application ID:

Log: 'Application' Date/Time: 08/01/2016 2:14:29 AM

Type: Error Category: 100

Event: 1000 Source: Application Error

Faulting application name: SearchIndexer.exe, version: 7.0.9600.17787, time stamp: 0x551b6346 Faulting module name: ntdll.dll, version: 6.3.9600.18146, time stamp: 0x5650b9bb Exception code: 0xc00000fd Fault offset: 0x000000000004868e Faulting process id: 0x1500 Faulting application start time: 0x01d149ba492f3a9e Faulting application path: C:\WINDOWS\system32\SearchIndexer.exe Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll Report Id: 8c0ce9f4-b5ad-11e5-bf7a-a8e85ff6dddf Faulting package full name: Faulting package-relative application ID:

Log: 'Application' Date/Time: 08/01/2016 2:12:20 AM

Type: Error Category: 100

Event: 1000 Source: Application Error

Faulting application name: SearchIndexer.exe, version: 7.0.9600.17787, time stamp: 0x551b6346 Faulting module name: msvcrt.dll, version: 7.0.9600.17415, time stamp: 0x545055fe Exception code: 0xc00000fd Fault offset: 0x0000000000001f4a Faulting process id: 0xc48 Faulting application start time: 0x01d149b9fb6310ed Faulting application path: C:\WINDOWS\system32\SearchIndexer.exe Faulting module path: C:\WINDOWS\system32\msvcrt.dll Report Id: 3f3f1832-b5ad-11e5-bf7a-a8e85ff6dddf Faulting package full name: Faulting package-relative application ID:

Log: 'Application' Date/Time: 08/01/2016 2:10:10 AM

Type: Error Category: 100

Event: 1000 Source: Application Error

Faulting application name: SearchIndexer.exe, version: 7.0.9600.17787, time stamp: 0x551b6346 Faulting module name: msvcrt.dll, version: 7.0.9600.17415, time stamp: 0x545055fe Exception code: 0xc00000fd Fault offset: 0x00000000000022a3 Faulting process id: 0x1760 Faulting application start time: 0x01d149b9ad56115a Faulting application path: C:\WINDOWS\system32\SearchIndexer.exe Faulting module path: C:\WINDOWS\system32\msvcrt.dll Report Id: f162d6be-b5ac-11e5-bf7a-a8e85ff6dddf Faulting package full name: Faulting package-relative application ID:

Log: 'Application' Date/Time: 08/01/2016 2:09:34 AM

Type: Error Category: 101

Event: 1002 Source: Application Hang

The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: e90 Start Time: 01d149b8e469a448 Termination Time: 4294967295 Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe Report Id: daec5d36-b5ac-11e5-bf7a-a8e85ff6dddf Faulting package full name: Facebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nnt Faulting package-relative application ID: App

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'Application' Log - Warning Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'Application' Date/Time: 08/01/2016 1:09:40 AM

Type: Warning Category: 3

Event: 3036 Source: Microsoft-Windows-Search

Crawl could not be completed on content source <winrt://{S-1-5-21-3873701136-3596577701-2754614134-1001}/>.

Context: Windows Application, SystemIndex Catalog

Details:

The parameter is incorrect. (HRESULT : 0x80070057) (0x80070057)

Log: 'Application' Date/Time: 08/01/2016 1:09:29 AM

Type: Warning Category: 1

Event: 1008 Source: Microsoft-Windows-Search

The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}.

Log: 'Application' Date/Time: 08/01/2016 12:51:39 AM

Type: Warning Category: 18

Event: 4627 Source: Microsoft-Windows-EventSystem

The COM+ Event System timed out attempting to fire the PostShell method on event class {D5978650-5B9F-11D1-8DD2-00AA004ABD5E} for publisher and subscriber . The subscriber failed to respond within 180 seconds. The display name of the subscription is "SENS Logon2 Subscription". The HRESULT was 80010002.

#19
A1RotNBrat

Posted 07 January 2016 - 08:57 PM

Member

Topic Starter
Member
102 posts

Process CPU Private Bytes Working Set PID Verified Signer Description Company Name

System Idle Process 65.24 0 K 4 K 0

SearchIndexer.exe 19.00 11,872 K 13,744 K 6984 Microsoft Windows Search Indexer Microsoft Corporation

avp.exe 10.50 334,404 K 120,644 K 1640 Kaspersky Anti-Virus Kaspersky Lab ZAO

SearchIndexer.exe 5.39 11,116 K 12,636 K 3400 Microsoft Windows Search Indexer Microsoft Corporation

wermgr.exe 4.52 3,164 K 11,000 K 6784 Windows Problem Reporting Microsoft Corporation

procexp64.exe 4.29 24,556 K 54,008 K 6324 Sysinternals Process Explorer Sysinternals - www.sysinternals.com

System 1.22 19,544 K 1,264 K 4

svchost.exe 1.10 716 K 3,076 K 1556 Host Process for Windows Services Microsoft Corporation

OUTLOOK.EXE 1.03 79,744 K 133,460 K 4260 Microsoft Outlook Microsoft Corporation

svchost.exe 1.02 66,012 K 74,760 K 1036 Host Process for Windows Services Microsoft Corporation

Interrupts 0.94 0 K 0 K n/a Hardware Interrupts and DPCs

dwm.exe 0.75 26,604 K 24,804 K 68 Desktop Window Manager Microsoft Corporation

services.exe 0.49 3,316 K 6,860 K 844 Services and Controller app Microsoft Corporation

explorer.exe 0.48 92,824 K 142,292 K 2768 Windows Explorer Microsoft Corporation

avp.exe 0.40 50,248 K 8,936 K 5892 Kaspersky Anti-Virus Kaspersky Lab ZAO

svchost.exe 0.38 5,624 K 10,080 K 956 Host Process for Windows Services Microsoft Corporation

csrss.exe 0.34 2,348 K 36,088 K 756 Client Server Runtime Process Microsoft Corporation

chrome.exe 0.27 29,724 K 29,428 K 5320 Google Chrome Google Inc.

pcServiceHost.exe 0.27 11,352 K 10,444 K 2000 mcci+McciServiceHost Alcatel-Lucent

chrome.exe 0.25 201,088 K 265,456 K 5704 Google Chrome Google Inc.

svchost.exe 0.19 6,176 K 13,808 K 912 Host Process for Windows Services Microsoft Corporation

lsass.exe 0.18 5,016 K 12,628 K 852 Local Security Authority Process Microsoft Corporation

svchost.exe 0.16 17,972 K 25,788 K 532 Host Process for Windows Services Microsoft Corporation

svchost.exe 0.14 11,596 K 20,248 K 488 Host Process for Windows Services Microsoft Corporation

chrome.exe 0.11 61,732 K 105,780 K 4676 Google Chrome Google Inc.

csrss.exe 0.07 1,916 K 4,224 K 672 Client Server Runtime Process Microsoft Corporation

VESMgrSub.exe 0.05 3,636 K 11,272 K 2180 VAIO Control Center Sony Corporation

SkyDrive.exe 0.04 8,036 K 16,248 K 3100 OneDrive Sync Engine Microsoft Corporation

svchost.exe 0.04 38,920 K 49,872 K 688 Host Process for Windows Services Microsoft Corporation

LMS.exe 0.03 1,244 K 4,516 K 3296 Local Manageability Service Intel Corporation

chrome.exe 0.03 68,428 K 116,368 K 2876 Google Chrome Google Inc.

rpdsvc.exe 0.03 37,824 K 42,020 K 1372 RealPlayer Cloud Service RealNetworks, Inc.

taskhostex.exe 0.02 16,440 K 23,492 K 2776 Host Process for Windows Tasks Microsoft Corporation

svchost.exe 0.01 6,820 K 14,440 K 1184 Host Process for Windows Services Microsoft Corporation

svchost.exe 0.01 15,924 K 22,716 K 1348 Host Process for Windows Services Microsoft Corporation

VESMgrSub.exe 0.01 2,892 K 9,356 K 2172 VAIO Control Center Sony Corporation

AppleMobileDeviceService.exe < 0.01 2,908 K 9,604 K 1520 MobileDeviceService Apple Inc.

svchost.exe < 0.01 4,808 K 11,120 K 3060 Host Process for Windows Services Microsoft Corporation

FCUpdateService.exe < 0.01 956 K 5,032 K 1800 Foxit Cloud Safe Update Service Foxit Software Inc.

SynTPEnh.exe < 0.01 5,640 K 1,288 K 2816 Synaptics TouchPad 64-bit Enhancements Synaptics Incorporated

BtvStack.exe < 0.01 8,296 K 15,484 K 5252 Extension Core Qualcomm Atheros Commnucations

ZuneLauncher.exe 1,072 K 4,268 K 5492 Zune Auto-Launcher Microsoft Corporation

YahooAUService.exe 4,016 K 7,228 K 3488 AutoUpater Service Module Yahoo! Inc.

WUDFHost.exe 1,832 K 6,896 K 2356 Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation

WmiPrvSE.exe 1,960 K 5,780 K 4272 WMI Provider Host Microsoft Corporation

winlogon.exe 1,548 K 8,096 K 800 Windows Logon Application Microsoft Corporation

wininit.exe 792 K 3,840 K 740 Windows Start-Up Application Microsoft Corporation

VUAgent.exe 4,340 K 12,656 K 5812 VUAgent Sony Corporation

vim.exe 3,024 K 616 K 2032 VAIO Control Center (vim Module) Sony Corporation

vim.exe 3,316 K 740 K 4172 VAIO Control Center (vim Module) Sony Corporation

VESMgr.exe 2,008 K 6,372 K 2112 VAIO Control Center (Service Module) Sony Corporation

VAIOUpdt.exe 2,664 K 1,584 K 3448 VAIO Update Sony Corporation

UNS.exe 3,220 K 10,824 K 2228 User Notification Service Intel Corporation

SynTPHelper.exe 716 K 236 K 5296 Synaptics Pointing Device Helper Synaptics Incorporated

svchost.exe 4,228 K 12,824 K 1748 Host Process for Windows Services Microsoft Corporation

svchost.exe 2,244 K 7,788 K 2052 Host Process for Windows Services Microsoft Corporation

svchost.exe 1,424 K 4,828 K 4376 Host Process for Windows Services Microsoft Corporation

spoolsv.exe 4,360 K 12,416 K 1320 Spooler SubSystem App Microsoft Corporation

smss.exe 280 K 1,004 K 408 Windows Session Manager Microsoft Corporation

SettingSyncHost.exe 5,472 K 3,104 K 3532 Host Process for Setting Synchronization Microsoft Corporation

rndlresolversvc.exe 1,032 K 3,976 K 1116

RIMBBLaunchAgent.exe 3,724 K 6,596 K 2344 Launch Agent Service Research In Motion Limited

RealPlayerUpdateSvc.exe 4,088 K 7,776 K 1204

RAVBg64.exe 4,048 K 9,212 K 5428 HD Audio Background Process Realtek Semiconductor

ProtectedObjectsSrv.exe 1,140 K 4,912 K 1708 InfoWatch CryptoStorage Protected objects controller service Infowatch

procexp.exe 2,304 K 7,868 K 4280 Sysinternals Process Explorer Sysinternals - www.sysinternals.com

PresentationFontCache.exe 24,964 K 15,636 K 4004 PresentationFontCache.exe Microsoft Corporation

PMBVolumeWatcher.exe 4,140 K 11,928 K 2792 Media Check Tool Sony Corporation

PMBDeviceInfoProvider.exe 1,144 K 4,632 K 2044 Device Information Provider Sony Corporation

pcCMService.exe 1,392 K 6,076 K 1908 mcci+McciCMService Alcatel-Lucent

pcCMService.exe 1,340 K 5,884 K 1972 mcci+McciCMService Alcatel-Lucent

OSPPSVC.EXE 3,644 K 11,924 K 940 Microsoft Office Software Protection Platform Service Microsoft Corporation

NetworkClient.exe 2,572 K 804 K 2140 VAIO Control Center (Network Setting Client) Sony Corporation

mDNSResponder.exe 1,432 K 4,880 K 1688 Bonjour Service Apple Inc.

jusched.exe 1,268 K 5,308 K 5932 Java Update Scheduler Oracle Corporation

Jhi_service.exe 1,048 K 4,516 K 1856 Intel® Dynamic Application Loader Host Interface Intel Corporation

ISBMgr.exe 1,900 K 8,168 K 5728 ISB Utility Sony Corporation

IntelMeFWService.exe 820 K 3,712 K 2764 Intel® ME Service Intel Corporation

igfxTray.exe 12,616 K 17,996 K 1028 igfxTray Module Intel Corporation

igfxHK.exe 5,004 K 10,120 K 2348 igfxHK Module Intel Corporation

igfxEM.exe 7,220 K 13,216 K 3420 igfxEM Module Intel Corporation

igfxCUIService.exe 1,496 K 6,208 K 988 igfxCUIService Module Intel Corporation

HeciServer.exe 1,208 K 5,168 K 1828 Intel® Capability Licensing Service Interface Intel® Corporation

GWX.exe 3,544 K 828 K 3908 GWX Microsoft Corporation

GoogleCrashHandler64.exe 1,284 K 256 K 2980 Google Crash Handler Google Inc.

GoogleCrashHandler.exe 1,356 K 236 K 2972 Google Crash Handler Google Inc.

dllhost.exe 1,728 K 6,944 K 2328 COM Surrogate Microsoft Corporation

dllhost.exe 2,508 K 7,796 K 5864 COM Surrogate Microsoft Corporation

dasHost.exe 3,064 K 9,764 K 4868 Device Association Framework Provider Host Microsoft Corporation

chrome.exe 60,396 K 68,388 K 4292 Google Chrome Google Inc.

chrome.exe 24,884 K 22,600 K 5332 Google Chrome Google Inc.

chrome.exe 1,480 K 5,720 K 5000 Google Chrome Google Inc.

audiodg.exe 7,676 K 10,412 K 1584 Windows Audio Device Graph Isolation Microsoft Corporation

Ath_CoexAgent.exe 1,528 K 5,224 K 3536 Atheros Coex Service Application Atheros

armsvc.exe 1,024 K 4,092 K 1480 Adobe Acrobat Update Service Adobe Systems Incorporated

AdminService.exe 1,404 K 4,788 K 1564 AdminService Application Qualcomm Atheros Commnucations

ActivateDesktop.exe 1,232 K 4,904 K 5448

#20
RKinner

Posted 07 January 2016 - 09:27 PM

Malware Expert

Expert
24,625 posts

You have two things slowing you down. One is the Windows Search service. It keeps trying to start and fails so it starts again. I see in Win 8 there are two other services that depend on Search but they are set to Manual so won't be part of this toggling.

Just to see if it makes a difference you can go into services.msc and double click on Windows Search and change the Start Type to Manual then Apply. Your reboot should go a lot faster.

The other thing that is causing the slowdown is SearchIndexer.exe. You have not one but two of them running.

SearchIndexer.exe 19.00 11,872 K 13,744 K 6984 Microsoft Windows Search Indexer Microsoft Corporation

SearchIndexer.exe 5.39 11,116 K 12,636 K 3400 Microsoft Windows Search Indexer Microsoft Corporation

and together they take up almost 25% of the CPU. You are losing another 10% to your anti-virus. Probably because every time one of your searchindexer programs looks at a file the anti-virus has to look at it too.

I only have one running on mine and it is not using any CPU time. When I stop the search service my one searchindexer goes away so let's verify that both of yours are gone by running a new process explorer log.

We can try replacing your registry entries with those from my Win 8.1. They should be the same.

Download the attached wsearch.zip file and save it then right click on it and extract all. Find wsearch.reg and right click on it and Merge.

#21
A1RotNBrat

Posted 08 January 2016 - 08:03 AM

Member

Topic Starter
Member
102 posts

Okay, did this and when I got to the reboot part, it said please wait while updating computer, installing update 2 of 3. So I went to bed and left it running...this morning it was still updating 2 of 3 so I powered it off. Reboot was slow but windows search was working. I rebooted again, and it is still taking forever to load, but search is working. So is it something else causing it to take so long to boot?

#22
RKinner

Posted 08 January 2016 - 08:13 AM

Malware Expert

Expert
24,625 posts

Run VEW again and let's see what new errors we have.

Also run Process Explorer and let's see if we have two searchindexer.exe's

#23
A1RotNBrat

Posted 08 January 2016 - 08:35 AM

Member

Topic Starter
Member
102 posts

Vino's Event Viewer v01c run on Windows 7 in English

Report run at 08/01/2016 8:34:34 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'System' Log - Critical Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'System' Date/Time: 08/01/2016 1:13:33 PM

Type: Critical Category: 173

Event: 142 Source: Microsoft-Windows-Kernel-Power

The system has rebooted without cleanly shutting down first. This error is caused because the system stopped responding and the hardware watchdog triggered a system reset.

Log: 'System' Date/Time: 08/01/2016 1:13:33 PM

Type: Critical Category: 63

Event: 41 Source: Microsoft-Windows-Kernel-Power

The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 07/01/2016 4:32:34 PM

Type: Critical Category: 173

Event: 142 Source: Microsoft-Windows-Kernel-Power

The system has rebooted without cleanly shutting down first. This error is caused because the system stopped responding and the hardware watchdog triggered a system reset.

Log: 'System' Date/Time: 07/01/2016 4:32:34 PM

Type: Critical Category: 63

Event: 41 Source: Microsoft-Windows-Kernel-Power

The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'System' Log - Error Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'System' Date/Time: 08/01/2016 1:55:15 PM

Type: Error Category: 0

Event: 7034 Source: Service Control Manager

The ATT MAHostService service terminated unexpectedly. It has done this 3 time(s).

Log: 'System' Date/Time: 08/01/2016 1:55:15 PM

Type: Error Category: 0

Event: 7023 Source: Service Control Manager

The event description cannot be found.

Log: 'System' Date/Time: 08/01/2016 1:55:13 PM

Type: Error Category: 0

Event: 7031 Source: Service Control Manager

The ATT MAHostService service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

Log: 'System' Date/Time: 08/01/2016 1:55:12 PM

Type: Error Category: 0

Event: 7023 Source: Service Control Manager

The event description cannot be found.

Log: 'System' Date/Time: 08/01/2016 1:54:40 PM

Type: Error Category: 0

Event: 7031 Source: Service Control Manager

The ATT MAHostService service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

Log: 'System' Date/Time: 08/01/2016 1:54:38 PM

Type: Error Category: 0

Event: 7000 Source: Service Control Manager

The vcs service failed to start due to the following error: Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Log: 'System' Date/Time: 08/01/2016 1:54:38 PM

Type: Error Category: 0

Event: 10010 Source: Microsoft-Windows-DistributedCOM

The server {DDCFD26B-FEED-44CD-B71D-79487D2E5E5A} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 08/01/2016 1:52:37 PM

Type: Error Category: 0

Event: 7000 Source: Service Control Manager

The MCSTRM service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 08/01/2016 1:52:37 PM

Type: Error Category: 0

Event: 7023 Source: Service Control Manager

The event description cannot be found.

Log: 'System' Date/Time: 08/01/2016 1:51:36 PM

Type: Error Category: 0

Event: 10010 Source: Microsoft-Windows-DistributedCOM

The server {4545DEA0-2DFC-4906-A728-6D986BA399A9} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 08/01/2016 1:19:01 PM

Type: Error Category: 0

Event: 10010 Source: Microsoft-Windows-DistributedCOM

The server windowsphone.App.wwa did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 08/01/2016 1:18:27 PM

Type: Error Category: 0

Event: 7034 Source: Service Control Manager

The ATT MAHostService service terminated unexpectedly. It has done this 3 time(s).

Log: 'System' Date/Time: 08/01/2016 1:18:27 PM

Type: Error Category: 0

Event: 7023 Source: Service Control Manager

The event description cannot be found.

Log: 'System' Date/Time: 08/01/2016 1:18:19 PM

Type: Error Category: 0

Event: 7031 Source: Service Control Manager

The ATT MAHostService service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

Log: 'System' Date/Time: 08/01/2016 1:18:19 PM

Type: Error Category: 0

Event: 7023 Source: Service Control Manager

The event description cannot be found.

Log: 'System' Date/Time: 08/01/2016 1:17:50 PM

Type: Error Category: 0

Event: 7031 Source: Service Control Manager

The ATT MAHostService service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

Log: 'System' Date/Time: 08/01/2016 1:17:46 PM

Type: Error Category: 0

Event: 7000 Source: Service Control Manager

Log: 'System' Date/Time: 08/01/2016 1:17:45 PM

Type: Error Category: 0

Event: 10010 Source: Microsoft-Windows-DistributedCOM

The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 08/01/2016 1:16:24 PM

Type: Error Category: 0

Event: 10010 Source: Microsoft-Windows-DistributedCOM

The server {DDCFD26B-FEED-44CD-B71D-79487D2E5E5A} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 08/01/2016 1:14:24 PM

Type: Error Category: 0

Event: 7000 Source: Service Control Manager

The MCSTRM service failed to start due to the following error: The system cannot find the file specified.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'System' Log - Warning Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'System' Date/Time: 08/01/2016 1:52:22 PM

Type: Warning Category: 212

Event: 219 Source: Microsoft-Windows-Kernel-PnP

The driver \Driver\WudfRd failed to load for the device USB\VID_0BB4&PID_0BAD&MI_00\6&540db0c&0&0000.

Log: 'System' Date/Time: 08/01/2016 1:29:25 PM

Type: Warning Category: 1014

Event: 1014 Source: Microsoft-Windows-DNS-Client

Name resolution for the name r5---sn-5uaezn6s.c.pack.google.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 08/01/2016 1:13:43 PM

Type: Warning Category: 212

Event: 219 Source: Microsoft-Windows-Kernel-PnP

The driver \Driver\WudfRd failed to load for the device USB\VID_0BB4&PID_0BAD&MI_00\6&540db0c&0&0000.

Log: 'System' Date/Time: 08/01/2016 9:31:37 AM

Type: Warning Category: 0

Event: 134 Source: Microsoft-Windows-Time-Service

NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)

Log: 'System' Date/Time: 08/01/2016 2:01:01 AM

Type: Warning Category: 212

Event: 219 Source: Microsoft-Windows-Kernel-PnP

The driver \Driver\WudfRd failed to load for the device USB\VID_0BB4&PID_0BAD&MI_00\6&540db0c&0&0000.

Log: 'System' Date/Time: 08/01/2016 12:48:08 AM

Type: Warning Category: 212

Event: 219 Source: Microsoft-Windows-Kernel-PnP

The driver \Driver\WudfRd failed to load for the device USB\VID_0BB4&PID_0BAD&MI_00\6&540db0c&0&0000.

Log: 'System' Date/Time: 07/01/2016 8:50:48 PM

Type: Warning Category: 1014

Event: 1014 Source: Microsoft-Windows-DNS-Client

Name resolution for the name recs.richrelevance.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 07/01/2016 7:10:16 PM

Type: Warning Category: 212

Event: 219 Source: Microsoft-Windows-Kernel-PnP

The driver \Driver\WudfRd failed to load for the device USB\VID_0BB4&PID_0BAD&MI_00\6&540db0c&0&0000.

Log: 'System' Date/Time: 07/01/2016 4:32:43 PM

Type: Warning Category: 212

Event: 219 Source: Microsoft-Windows-Kernel-PnP

The driver \Driver\WudfRd failed to load for the device USB\VID_0BB4&PID_0BAD&MI_00\6&540db0c&0&0000.

Log: 'System' Date/Time: 07/01/2016 3:45:07 PM

Type: Warning Category: 0

Event: 1073 Source: User32

The attempt by user MARTIN\Amy Martin to restart/shutdown computer MARTIN failed

#24
A1RotNBrat

Posted 08 January 2016 - 08:36 AM

Member

Topic Starter
Member
102 posts

Vino's Event Viewer v01c run on Windows 7 in English

Report run at 08/01/2016 8:35:35 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'Application' Log - Critical Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'Application' Log - Error Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'Application' Date/Time: 08/01/2016 1:59:50 PM

Type: Error Category: 101

Event: 1002 Source: Application Hang

The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: f80 Start Time: 01d14a1c221f33e9 Termination Time: 4294967295 Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe Report Id: 14ceb11e-b610-11e5-bf7c-d250d63afe24 Faulting package full name: Facebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nnt Faulting package-relative application ID: App

Log: 'Application' Date/Time: 08/01/2016 1:56:03 PM

Type: Error Category: 5973

Event: 5973 Source: Microsoft-Windows-Immersive-Shell

Activation of app Microsoft.WindowsPhone_8wekyb3d8bbwe!windowsphone.App failed with error: The app didn't start in the required time. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 08/01/2016 1:55:40 PM

Type: Error Category: 2414

Event: 2486 Source: Microsoft-Windows-Immersive-Shell

App Microsoft.WindowsPhone_1.42.1701.1_x64__8wekyb3d8bbwe+windowsphone.App did not launch within its allotted time.

Log: 'Application' Date/Time: 08/01/2016 1:39:09 PM

Type: Error Category: 100

Event: 1000 Source: Application Error

Faulting application name: wwahost.exe, version: 6.3.9600.17415, time stamp: 0x545036ce Faulting module name: twinapi.appcore.dll, version: 6.3.9600.17415, time stamp: 0x54503c4d Exception code: 0xc000027b Fault offset: 0x0000000000063c1f Faulting process id: 0xb8 Faulting application start time: 0x01d14a19daba2ba7 Faulting application path: C:\WINDOWS\system32\wwahost.exe Faulting module path: C:\Windows\System32\twinapi.appcore.dll Report Id: 312d8fb9-b60d-11e5-bf7b-c72943972fd3 Faulting package full name: Microsoft.WindowsPhone_1.42.1701.1_x64__8wekyb3d8bbwe Faulting package-relative application ID: windowsphone.App

Log: 'Application' Date/Time: 08/01/2016 1:26:10 PM

Type: Error Category: 101

Event: 1002 Source: Application Hang

The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 119c Start Time: 01d14a170bb8690a Termination Time: 4294967295 Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe Report Id: 5acba192-b60b-11e5-bf7b-c72943972fd3 Faulting package full name: Facebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nnt Faulting package-relative application ID: App

Log: 'Application' Date/Time: 08/01/2016 1:19:01 PM

Type: Error Category: 5973

Event: 5973 Source: Microsoft-Windows-Immersive-Shell

Log: 'Application' Date/Time: 08/01/2016 1:18:52 PM

Type: Error Category: 2414

Event: 2486 Source: Microsoft-Windows-Immersive-Shell

App Microsoft.WindowsPhone_1.42.1701.1_x64__8wekyb3d8bbwe+windowsphone.App did not launch within its allotted time.

Log: 'Application' Date/Time: 08/01/2016 9:33:58 AM

Type: Error Category: 101

Event: 1002 Source: Application Hang

The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 3238 Start Time: 01d149f79080978b Termination Time: 4294967295 Application Path: C:\WINDOWS\syswow64\backgroundTaskHost.exe Report Id: f06cfa86-b5ea-11e5-bf7a-a8e85ff6dddf Faulting package full name: LogosBibleSoftware.Vyrso_1.2.0.3_x86__h0wrhs0ttj2c8 Faulting package-relative application ID: App

Log: 'Application' Date/Time: 08/01/2016 8:33:50 AM

Type: Error Category: 100

Event: 1000 Source: Application Error

Faulting application name: SearchIndexer.exe, version: 7.0.9600.17787, time stamp: 0x551b6346 Faulting module name: ntdll.dll, version: 6.3.9600.18146, time stamp: 0x5650b9bb Exception code: 0xc00000fd Fault offset: 0x0000000000030dd0 Faulting process id: 0x2974 Faulting application start time: 0x01d149ef478d1e9e Faulting application path: C:\WINDOWS\system32\SearchIndexer.exe Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll Report Id: 8a7b9d17-b5e2-11e5-bf7a-a8e85ff6dddf Faulting package full name: Faulting package-relative application ID:

Log: 'Application' Date/Time: 08/01/2016 8:31:41 AM

Type: Error Category: 100

Event: 1000 Source: Application Error

Faulting application name: SearchIndexer.exe, version: 7.0.9600.17787, time stamp: 0x551b6346 Faulting module name: msvcrt.dll, version: 7.0.9600.17415, time stamp: 0x545055fe Exception code: 0xc00000fd Fault offset: 0x00000000000022a3 Faulting process id: 0x281c Faulting application start time: 0x01d149eefc1a06a5 Faulting application path: C:\WINDOWS\system32\SearchIndexer.exe Faulting module path: C:\WINDOWS\system32\msvcrt.dll Report Id: 3d7dc470-b5e2-11e5-bf7a-a8e85ff6dddf Faulting package full name: Faulting package-relative application ID:

Log: 'Application' Date/Time: 08/01/2016 8:31:35 AM

Type: Error Category: 100

Event: 1000 Source: Application Error

Faulting application name: SearchIndexer.exe, version: 7.0.9600.17787, time stamp: 0x551b6346 Faulting module name: msvcrt.dll, version: 7.0.9600.17415, time stamp: 0x545055fe Exception code: 0xc00000fd Fault offset: 0x0000000000001f4a Faulting process id: 0x24f0 Faulting application start time: 0x01d149eef7d28af4 Faulting application path: C:\WINDOWS\system32\SearchIndexer.exe Faulting module path: C:\WINDOWS\system32\msvcrt.dll Report Id: 39b5e1d3-b5e2-11e5-bf7a-a8e85ff6dddf Faulting package full name: Faulting package-relative application ID:

Log: 'Application' Date/Time: 08/01/2016 8:29:27 AM

Type: Error Category: 100

Event: 1000 Source: Application Error

Faulting application name: SearchIndexer.exe, version: 7.0.9600.17787, time stamp: 0x551b6346 Faulting module name: msvcrt.dll, version: 7.0.9600.17415, time stamp: 0x545055fe Exception code: 0xc00000fd Fault offset: 0x00000000000022de Faulting process id: 0x2378 Faulting application start time: 0x01d149eeaba83c28 Faulting application path: C:\WINDOWS\system32\SearchIndexer.exe Faulting module path: C:\WINDOWS\system32\msvcrt.dll Report Id: edbc4fa9-b5e1-11e5-bf7a-a8e85ff6dddf Faulting package full name: Faulting package-relative application ID:

Log: 'Application' Date/Time: 08/01/2016 8:29:20 AM

Type: Error Category: 100

Event: 1000 Source: Application Error

Faulting application name: SearchIndexer.exe, version: 7.0.9600.17787, time stamp: 0x551b6346 Faulting module name: msvcrt.dll, version: 7.0.9600.17415, time stamp: 0x545055fe Exception code: 0xc00000fd Fault offset: 0x00000000000022b7 Faulting process id: 0x1edc Faulting application start time: 0x01d149eea80aaec8 Faulting application path: C:\WINDOWS\system32\SearchIndexer.exe Faulting module path: C:\WINDOWS\system32\msvcrt.dll Report Id: e9441763-b5e1-11e5-bf7a-a8e85ff6dddf Faulting package full name: Faulting package-relative application ID:

Log: 'Application' Date/Time: 08/01/2016 8:27:13 AM

Type: Error Category: 100

Event: 1000 Source: Application Error

Faulting application name: SearchIndexer.exe, version: 7.0.9600.17787, time stamp: 0x551b6346 Faulting module name: msvcrt.dll, version: 7.0.9600.17415, time stamp: 0x545055fe Exception code: 0xc00000fd Fault offset: 0x0000000000001fc7 Faulting process id: 0x215c Faulting application start time: 0x01d149ee5c8278ed Faulting application path: C:\WINDOWS\system32\SearchIndexer.exe Faulting module path: C:\WINDOWS\system32\msvcrt.dll Report Id: 9e1e5bf7-b5e1-11e5-bf7a-a8e85ff6dddf Faulting package full name: Faulting package-relative application ID:

Log: 'Application' Date/Time: 08/01/2016 8:27:06 AM

Type: Error Category: 100

Event: 1000 Source: Application Error

Faulting application name: SearchIndexer.exe, version: 7.0.9600.17787, time stamp: 0x551b6346 Faulting module name: msvcrt.dll, version: 7.0.9600.17415, time stamp: 0x545055fe Exception code: 0xc00000fd Fault offset: 0x0000000000001fc7 Faulting process id: 0x25a0 Faulting application start time: 0x01d149ee57c9e10f Faulting application path: C:\WINDOWS\system32\SearchIndexer.exe Faulting module path: C:\WINDOWS\system32\msvcrt.dll Report Id: 99f58de6-b5e1-11e5-bf7a-a8e85ff6dddf Faulting package full name: Faulting package-relative application ID:

Log: 'Application' Date/Time: 08/01/2016 8:24:59 AM

Type: Error Category: 100

Event: 1000 Source: Application Error

Faulting application name: SearchIndexer.exe, version: 7.0.9600.17787, time stamp: 0x551b6346 Faulting module name: msvcrt.dll, version: 7.0.9600.17415, time stamp: 0x545055fe Exception code: 0xc00000fd Fault offset: 0x0000000000001f4a Faulting process id: 0x2214 Faulting application start time: 0x01d149ee0c34e17e Faulting application path: C:\WINDOWS\system32\SearchIndexer.exe Faulting module path: C:\WINDOWS\system32\msvcrt.dll Report Id: 4ddd5762-b5e1-11e5-bf7a-a8e85ff6dddf Faulting package full name: Faulting package-relative application ID:

Log: 'Application' Date/Time: 08/01/2016 8:24:52 AM

Type: Error Category: 100

Event: 1000 Source: Application Error

Faulting application name: SearchIndexer.exe, version: 7.0.9600.17787, time stamp: 0x551b6346 Faulting module name: msvcrt.dll, version: 7.0.9600.17415, time stamp: 0x545055fe Exception code: 0xc00000fd Fault offset: 0x00000000000022de Faulting process id: 0x1c3c Faulting application start time: 0x01d149ee08302fa2 Faulting application path: C:\WINDOWS\system32\SearchIndexer.exe Faulting module path: C:\WINDOWS\system32\msvcrt.dll Report Id: 49d0bcb5-b5e1-11e5-bf7a-a8e85ff6dddf Faulting package full name: Faulting package-relative application ID:

Log: 'Application' Date/Time: 08/01/2016 8:22:45 AM

Type: Error Category: 100

Event: 1000 Source: Application Error

Faulting application name: SearchIndexer.exe, version: 7.0.9600.17787, time stamp: 0x551b6346 Faulting module name: msvcrt.dll, version: 7.0.9600.17415, time stamp: 0x545055fe Exception code: 0xc00000fd Fault offset: 0x00000000000022a3 Faulting process id: 0x1fb4 Faulting application start time: 0x01d149edbc3a8655 Faulting application path: C:\WINDOWS\system32\SearchIndexer.exe Faulting module path: C:\WINDOWS\system32\msvcrt.dll Report Id: fe40a13e-b5e0-11e5-bf7a-a8e85ff6dddf Faulting package full name: Faulting package-relative application ID:

Log: 'Application' Date/Time: 08/01/2016 8:22:38 AM

Type: Error Category: 100

Event: 1000 Source: Application Error

Faulting application name: SearchIndexer.exe, version: 7.0.9600.17787, time stamp: 0x551b6346 Faulting module name: ntdll.dll, version: 6.3.9600.18146, time stamp: 0x5650b9bb Exception code: 0xc00000fd Fault offset: 0x00000000000487c5 Faulting process id: 0x2414 Faulting application start time: 0x01d149edb7f9eed2 Faulting application path: C:\WINDOWS\system32\SearchIndexer.exe Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll Report Id: f9a91448-b5e0-11e5-bf7a-a8e85ff6dddf Faulting package full name: Faulting package-relative application ID:

Log: 'Application' Date/Time: 08/01/2016 8:20:31 AM

Type: Error Category: 100

Event: 1000 Source: Application Error

Faulting application name: SearchIndexer.exe, version: 7.0.9600.17787, time stamp: 0x551b6346 Faulting module name: ntdll.dll, version: 6.3.9600.18146, time stamp: 0x5650b9bb Exception code: 0xc00000fd Fault offset: 0x0000000000030dcb Faulting process id: 0x26d0 Faulting application start time: 0x01d149ed6c96c3f1 Faulting application path: C:\WINDOWS\system32\SearchIndexer.exe Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll Report Id: ae0bcfba-b5e0-11e5-bf7a-a8e85ff6dddf Faulting package full name: Faulting package-relative application ID:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'Application' Log - Warning Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'Application' Date/Time: 08/01/2016 1:27:26 PM

Type: Warning Category: 3

Event: 3036 Source: Microsoft-Windows-Search

Crawl could not be completed on content source <winrt://{S-1-5-21-3873701136-3596577701-2754614134-1001}/>.

Context: Application, SystemIndex Catalog

Details:

The parameter is incorrect. (HRESULT : 0x80070057) (0x80070057)

Log: 'Application' Date/Time: 08/01/2016 1:17:39 PM

Type: Warning Category: 18

Event: 4627 Source: Microsoft-Windows-EventSystem

Log: 'Application' Date/Time: 08/01/2016 9:33:30 AM

Type: Warning Category: 7

Event: 507 Source: ESENT

LiveComm (12772) C:\Users\Amy Martin\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\e4181f4d799caa52\120712-0049\: A request to read from the file "C:\Users\Amy Martin\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\e4181f4d799caa52\120712-0049\DBStore\livecomm.edb" at offset 16384 (0x0000000000004000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (30 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 08/01/2016 1:09:40 AM

Type: Warning Category: 3

Event: 3036 Source: Microsoft-Windows-Search

Crawl could not be completed on content source <winrt://{S-1-5-21-3873701136-3596577701-2754614134-1001}/>.

Context: Windows Application, SystemIndex Catalog

Details:

The parameter is incorrect. (HRESULT : 0x80070057) (0x80070057)

Log: 'Application' Date/Time: 08/01/2016 1:09:29 AM

Type: Warning Category: 1

Event: 1008 Source: Microsoft-Windows-Search

The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}.

Log: 'Application' Date/Time: 08/01/2016 12:51:39 AM

Type: Warning Category: 18

Event: 4627 Source: Microsoft-Windows-EventSystem

#25
A1RotNBrat

Posted 08 January 2016 - 08:39 AM

Member

Topic Starter
Member
102 posts

Process CPU Private Bytes Working Set PID Verified Signer Description Company Name

System Idle Process 78.90 0 K 4 K 0

avp.exe 4.13 403,504 K 146,596 K 1648 Kaspersky Anti-Virus Kaspersky Lab ZAO

procexp64.exe 4.75 25,040 K 52,540 K 6792 Sysinternals Process Explorer Sysinternals - www.sysinternals.com

Interrupts 0.73 0 K 0 K n/a Hardware Interrupts and DPCs

pcServiceHost.exe 0.49 10,376 K 11,468 K 2004 mcci+McciServiceHost Alcatel-Lucent

avp.exe 0.38 52,032 K 9,844 K 5568 Kaspersky Anti-Virus Kaspersky Lab ZAO

dwm.exe 0.79 23,592 K 23,628 K 440 Desktop Window Manager Microsoft Corporation

csrss.exe 0.29 2,432 K 34,288 K 756 Client Server Runtime Process Microsoft Corporation

OUTLOOK.EXE 0.61 83,256 K 137,280 K 4600 Microsoft Outlook Microsoft Corporation

System 0.30 39,676 K 8,432 K 4

chrome.exe 0.12 287,936 K 364,676 K 5712 Google Chrome Google Inc.

VESMgrSub.exe 0.05 3,588 K 11,104 K 2116 VAIO Control Center Sony Corporation

SearchProtocolHost.exe 1.95 21,260 K 14,764 K 6248 Microsoft Windows Search Protocol Host Microsoft Corporation

rpdsvc.exe 0.08 37,468 K 41,880 K 1396 RealPlayer Cloud Service RealNetworks, Inc.

chrome.exe 0.10 59,172 K 76,960 K 5836 Google Chrome Google Inc.

SearchIndexer.exe 2.89 46,952 K 57,616 K 952 Microsoft Windows Search Indexer Microsoft Corporation

chrome.exe 0.09 63,148 K 104,120 K 4848 Google Chrome Google Inc.

chrome.exe 0.11 29,696 K 28,980 K 5212 Google Chrome Google Inc.

explorer.exe 0.68 57,628 K 94,364 K 2644 Windows Explorer Microsoft Corporation

LMS.exe 0.07 1,260 K 4,512 K 2832 Local Manageability Service Intel Corporation

svchost.exe 17,544 K 25,520 K 524 Host Process for Windows Services Microsoft Corporation

svchost.exe 0.02 10,832 K 19,856 K 668 Host Process for Windows Services Microsoft Corporation

AppleMobileDeviceService.exe < 0.01 2,964 K 9,660 K 1524 MobileDeviceService Apple Inc.

svchost.exe 7,084 K 15,032 K 1184 Host Process for Windows Services Microsoft Corporation

services.exe 0.01 3,280 K 6,748 K 844 Services and Controller app Microsoft Corporation

svchost.exe 28,804 K 43,156 K 680 Host Process for Windows Services Microsoft Corporation

svchost.exe < 0.01 6,112 K 13,460 K 912 Host Process for Windows Services Microsoft Corporation

svchost.exe 0.01 4,864 K 9,580 K 956 Host Process for Windows Services Microsoft Corporation

SynTPEnh.exe < 0.01 5,640 K 1,156 K 2660 Synaptics TouchPad 64-bit Enhancements Synaptics Incorporated

VUAgent.exe 4,152 K 12,536 K 2748 VUAgent Sony Corporation

SkyDrive.exe 9,408 K 16,368 K 3348 OneDrive Sync Engine Microsoft Corporation

csrss.exe < 0.01 1,972 K 4,284 K 676 Client Server Runtime Process Microsoft Corporation

BtvStack.exe < 0.01 8,096 K 15,456 K 4204 Extension Core Qualcomm Atheros Commnucations

ZuneLauncher.exe 1,056 K 4,248 K 4292 Zune Auto-Launcher Microsoft Corporation

YahooAUService.exe 3,956 K 7,168 K 3796 AutoUpater Service Module Yahoo! Inc.

WWAHost.exe Suspended 119,660 K 82,664 K 5808 Microsoft WWA Host Microsoft Corporation

WUDFHost.exe 2,652 K 7,896 K 4492 Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation

WmiPrvSE.exe 1,812 K 5,812 K 6524 WMI Provider Host Microsoft Corporation

winlogon.exe 1,392 K 8,056 K 800 Windows Logon Application Microsoft Corporation

wininit.exe 828 K 3,860 K 748 Windows Start-Up Application Microsoft Corporation

vim.exe 3,164 K 1,224 K 6672 VAIO Control Center (vim Module) Sony Corporation

vim.exe 2,968 K 616 K 6364 VAIO Control Center (vim Module) Sony Corporation

VESMgrSub.exe 2,844 K 9,280 K 2104 VAIO Control Center Sony Corporation

VESMgr.exe 2,016 K 6,492 K 1884 VAIO Control Center (Service Module) Sony Corporation

VAIOUpdt.exe 2,668 K 3,052 K 3276 VAIO Update Sony Corporation

UNS.exe 3,192 K 10,792 K 1096 User Notification Service Intel Corporation

taskhostex.exe < 0.01 16,952 K 23,292 K 2652 Host Process for Windows Tasks Microsoft Corporation

SynTPHelper.exe 704 K 128 K 6628 Synaptics Pointing Device Helper Synaptics Incorporated

svchost.exe 17,500 K 23,952 K 1384 Host Process for Windows Services Microsoft Corporation

svchost.exe 0.11 4,564 K 10,880 K 1928 Host Process for Windows Services Microsoft Corporation

svchost.exe < 0.01 61,664 K 70,288 K 1052 Host Process for Windows Services Microsoft Corporation

svchost.exe 4,220 K 12,844 K 1748 Host Process for Windows Services Microsoft Corporation

svchost.exe 2,116 K 7,748 K 1680 Host Process for Windows Services Microsoft Corporation

svchost.exe 1,388 K 4,792 K 4608 Host Process for Windows Services Microsoft Corporation

spoolsv.exe 4,312 K 12,272 K 1344 Spooler SubSystem App Microsoft Corporation

smss.exe 308 K 1,092 K 408 Windows Session Manager Microsoft Corporation

SettingSyncHost.exe 8,256 K 6,112 K 888 Host Process for Setting Synchronization Microsoft Corporation

SearchFilterHost.exe 2.32 1,972 K 5,968 K 3592 Microsoft Windows Search Filter Host Microsoft Corporation

RuntimeBroker.exe 12,556 K 28,200 K 2580 Runtime Broker Microsoft Corporation

rndlresolversvc.exe 1,028 K 3,972 K 1128

RIMBBLaunchAgent.exe 3,720 K 6,604 K 2336 Launch Agent Service Research In Motion Limited

RealPlayerUpdateSvc.exe 4,072 K 7,784 K 1536

RAVBg64.exe 4,028 K 9,232 K 4392 HD Audio Background Process Realtek Semiconductor

ProtectedObjectsSrv.exe 1,128 K 4,904 K 1716 InfoWatch CryptoStorage Protected objects controller service Infowatch

procexp.exe 2,300 K 7,684 K 5904 Sysinternals Process Explorer Sysinternals - www.sysinternals.com

PresentationFontCache.exe 25,012 K 15,936 K 2464 PresentationFontCache.exe Microsoft Corporation

PMBVolumeWatcher.exe 4,160 K 11,864 K 2060 Media Check Tool Sony Corporation

PMBDeviceInfoProvider.exe 1,156 K 4,624 K 1080 Device Information Provider Sony Corporation

pcCMService.exe 1,360 K 6,068 K 1920 mcci+McciCMService Alcatel-Lucent

pcCMService.exe 1,324 K 5,916 K 1960 mcci+McciCMService Alcatel-Lucent

OSPPSVC.EXE 3,664 K 12,028 K 2816 Microsoft Office Software Protection Platform Service Microsoft Corporation

NetworkClient.exe 2,584 K 948 K 2756 VAIO Control Center (Network Setting Client) Sony Corporation

mDNSResponder.exe 1,416 K 4,872 K 1696 Bonjour Service Apple Inc.

lsass.exe 4,876 K 12,508 K 852 Local Security Authority Process Microsoft Corporation

livecomm.exe 14,836 K 22,204 K 1060 Communications Service Microsoft Corporation

jusched.exe 1,260 K 5,316 K 5164 Java Update Scheduler Oracle Corporation

Jhi_service.exe 1,052 K 4,508 K 1848 Intel® Dynamic Application Loader Host Interface Intel Corporation

ISBMgr.exe 1,940 K 8,148 K 2188 ISB Utility Sony Corporation

IntelMeFWService.exe 836 K 3,724 K 3820 Intel® ME Service Intel Corporation

igfxTray.exe 12,608 K 17,988 K 4360 igfxTray Module Intel Corporation

igfxHK.exe 4,992 K 10,024 K 4348 igfxHK Module Intel Corporation

igfxEM.exe 7,116 K 13,232 K 4312 igfxEM Module Intel Corporation

igfxCUIService.exe 1,484 K 6,196 K 460 igfxCUIService Module Intel Corporation

HeciServer.exe 1,208 K 5,172 K 1820 Intel® Capability Licensing Service Interface Intel® Corporation

GWX.exe 2,780 K 928 K 3932 GWX Microsoft Corporation

GoogleCrashHandler64.exe 1,288 K 232 K 2916 Google Crash Handler Google Inc.

GoogleCrashHandler.exe 1,364 K 264 K 2896 Google Crash Handler Google Inc.

FCUpdateService.exe < 0.01 944 K 5,024 K 1800 Foxit Cloud Safe Update Service Foxit Software Inc.

dllhost.exe 1,728 K 6,940 K 2292 COM Surrogate Microsoft Corporation

dllhost.exe 2,484 K 7,772 K 5616 COM Surrogate Microsoft Corporation

dasHost.exe 3,124 K 9,680 K 4712 Device Association Framework Provider Host Microsoft Corporation

chrome.exe < 0.01 38,640 K 38,112 K 5116 Google Chrome Google Inc.

chrome.exe 1,480 K 5,716 K 4656 Google Chrome Google Inc.

chrome.exe 24,852 K 22,556 K 5220 Google Chrome Google Inc.

audiodg.exe 7,660 K 10,480 K 6836 Windows Audio Device Graph Isolation Microsoft Corporation

Ath_CoexAgent.exe 1,460 K 5,148 K 1204 Atheros Coex Service Application Atheros

armsvc.exe 1,020 K 4,088 K 1484 Adobe Acrobat Update Service Adobe Systems Incorporated

AdminService.exe 1,424 K 4,808 K 1568 AdminService Application Qualcomm Atheros Commnucations

ActivateDesktop.exe 1,220 K 4,884 K 4752

#26
RKinner

Posted 08 January 2016 - 09:56 AM

Malware Expert

Expert
24,625 posts

I'm seeing at least 3 services that aren't working correctly. They are

ATT MAHostService

MCSTRM service

vcs service.

The first two are legit. The last one I don't recognize. I'm going to have them move us to the malware forum so I can see what is going on.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.

click on the Addition.txt box.

Press Scan button.

It will produce a log called FRST.txt in the same directory the tool is run from.

Please copy and paste that log back here and also the second log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

#27
Naathim

Posted 08 January 2016 - 09:58 AM

GeekU Minion

Expert
4,568 posts

Topic moved to Virus & Malware Removal forum per Ron's request

#28
A1RotNBrat

Posted 08 January 2016 - 10:41 AM

Member

Topic Starter
Member
102 posts

I downloaded them both and when I start to run them, I get this message. I thought the first time I might have downloaded the wrong one, but both of them give this error. Is it okay to run it anyway?

#29
RKinner

Posted 08 January 2016 - 11:03 AM

Malware Expert

Expert
24,625 posts

You want the 64 bit version FRST64.exe. Tell Windows to let you run it.

#30
A1RotNBrat

Posted 08 January 2016 - 12:49 PM

Member

Topic Starter
Member
102 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-01-2015

Ran by Amy Martin (administrator) on MARTIN (08-01-2016 12:44:45)

Running from C:\Users\Amy Martin\Desktop

Loaded Profiles: Amy Martin & Kyle Martin (Available Profiles: Amy Martin & Kyle Martin)

Platform: Windows 8.1 (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe

(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Infowatch) C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe

(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe

(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe

(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe

(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe

() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe

(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe

() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe

(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe

(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe

(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe

(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient.exe

(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe

(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe

(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe

(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

(Intel Corporation) C:\Windows\System32\igfxEM.exe

(Intel Corporation) C:\Windows\System32\igfxHK.exe

(Intel Corporation) C:\Windows\System32\igfxTray.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe

(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe

(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\System32\WWAHost.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-10-09] (Realtek Semiconductor)

HKLM\...\Run: [ATT-SST_McciTrayApp] => C:\Program Files\ATT-SST\pcTrayApp.exe [2794496 2013-05-07] (Alcatel-Lucent)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)

HKLM\...\Run: [Zune Launcher] => C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [68776 2012-08-18] (Sony Corporation)

HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [724576 2012-07-27] (Sony Corporation)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)

HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-02] (Research In Motion Limited)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-03-21] (Apple Inc.)

HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [296520 2014-11-26] (RealNetworks, Inc.)

HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [560192 2014-10-29] ()

HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\runner_avp.exe [24256 2013-11-11] (Kaspersky Lab ZAO)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)

Winlogon\Notify\igfxcui: igfxdev.dll [X]

HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [129664 2012-12-28] (Qualcomm Atheros Commnucations)

HKU\S-1-5-21-3873701136-3596577701-2754614134-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [717696 2010-01-16] (Microsoft Corporation)

HKU\S-1-5-21-3873701136-3596577701-2754614134-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHWA.EXE /EPT "EPLTarget\P0000000000000000" /M "WorkForce 545"

HKU\S-1-5-21-3873701136-3596577701-2754614134-1001\...\Run: [Amazon Music] => C:\Users\Amy Martin\AppData\Local\Amazon Music\Amazon Music Helper.exe [3356480 2014-07-22] ()

ShellIconOverlayIdentifiers: [KAVOverlayIcon] -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\shellex.dll [2015-09-03] (Kaspersky Lab ZAO)

ShellIconOverlayIdentifiers-x32: [KAVOverlayIcon] -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\shellex.dll [2015-09-03] (Kaspersky Lab ZAO)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk [2014-11-26]

ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)

GroupPolicyUsers\S-1-5-21-3873701136-3596577701-2754614134-1002\User: Restriction <======= ATTENTION

GroupPolicyUsers\S-1-5-21-3873701136-3596577701-2754614134-1001\User: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

Tcpip\..\Interfaces\{471B1E49-8781-454C-9B0C-7381E1842C4F}: [DhcpNameServer] 192.168.1.254

Internet Explorer:

==================

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.v9.com/web/?type=ds&ts=1412461879&from=cor&uid=WDCXWD5000BPVT-55HXZT4_WD-WXX1E82MHFC7MHFC7&i=psd&t=349e49429&q={searchTerms}

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.v9.com/web/?type=ds&ts=1412461879&from=cor&uid=WDCXWD5000BPVT-55HXZT4_WD-WXX1E82MHFC7MHFC7&i=psd&t=349e49429&q={searchTerms}

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =

HKU\S-1-5-21-3873701136-3596577701-2754614134-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

URLSearchHook: HKU\S-1-5-21-3873701136-3596577701-2754614134-1001 - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)

URLSearchHook: [S-1-5-21-3873701136-3596577701-2754614134-1002] ATTENTION => Default URLSearchHook is missing

SearchScopes: HKLM-x32 -> {84dc9f6c-c9a5-4c64-ab67-d6ef60f963c8} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^ZO^xdm036^YY^us&si=EL_UTUS_20&ptb=2BD6E75E-25CD-4CC6-95B8-3B066E477445&ind=2013032721&n=77fc7111&psa=&st=sb&searchfor={searchTerms}

BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2014-10-26] (RealDownloader)

BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2015-04-29] (Kaspersky Lab ZAO)

BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)

BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2015-04-29] (Kaspersky Lab ZAO)

BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-12-28] (Qualcomm Atheros Commnucations)

BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2015-04-29] (Kaspersky Lab ZAO)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)

BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2015-04-29] (Kaspersky Lab ZAO)

BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll [2014-12-10] (Yahoo! Inc.)

BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2014-10-26] (RealDownloader)

BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2015-04-29] (Kaspersky Lab ZAO)

BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)

BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2015-04-29] (Kaspersky Lab ZAO)

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-25] (Oracle Corporation)

BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll [2015-04-29] (Kaspersky Lab ZAO)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-25] (Oracle Corporation)

BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll [2015-04-29] (Kaspersky Lab ZAO)

Toolbar: HKLM-x32 - att.net Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll [2014-12-10] (Yahoo! Inc.)

DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1430102806425

FireFox:

========

FF ProfilePath: C:\Users\Amy Martin\AppData\Roaming\Mozilla\Firefox\Profiles\rh0usd3d.default

FF DefaultSearchEngine.US: Google

FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2016-01-01] ()

FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\WINDOWS\system32\npDeployJava1.dll [2013-01-10] (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2016-01-01] ()

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1221171.dll [2015-10-19] (Adobe Systems, Inc.)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()

FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-09-11] (Foxit Corporation)

FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-09-11] (Foxit Corporation)

FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-09-11] (Foxit Corporation)

FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-09-11] (Foxit Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-25] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-25] (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)

FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll [2013-05-07] (Alcatel-Lucent)

FF Plugin-x32: @Motive.com/npMotiveRequest,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll [2011-12-06] (Alcatel-Lucent)

FF Plugin-x32: @real.com/nppl3260;version=17.0.15.10 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2014-11-26] (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.15 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2014-10-26] (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprpplugin;version=17.0.15.10 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2014-11-26] (RealPlayer Cloud)

FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2012-12-13] ()

FF Plugin-x32: @sony.com/ReaderDesktop -> C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll [2012-07-12] (Sony Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-3873701136-3596577701-2754614134-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Amy Martin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-06-10] (Unity Technologies ApS)

FF Extension: Motive Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\[email protected] [2015-06-30] [not signed]

FF HKLM-x32\...\Firefox\Extensions: [{338950EA-82DB-44C1-930D-0C28E023C9F0}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-11-26] [not signed]

FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected]

FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected] [2015-04-29] [not signed]

FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected]

FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected] [2015-04-29] [not signed]

FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected]

FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected] [2015-04-29] [not signed]

FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected]

FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected] [2015-04-29] [not signed]

FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected]

FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected] [2015-04-29] [not signed]

Chrome:

=======

CHR Profile: C:\Users\Amy Martin\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Docs) - C:\Users\Amy Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]

CHR Extension: (Google Drive) - C:\Users\Amy Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]

CHR Extension: (YouTube) - C:\Users\Amy Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]

CHR Extension: (Google Search) - C:\Users\Amy Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]

CHR Extension: (Kaspersky URL Advisor) - C:\Users\Amy Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2015-04-29]

CHR Extension: (Motive Extension) - C:\Users\Amy Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec [2013-12-05]

CHR Extension: (Block site) - C:\Users\Amy Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimnmioipafcokbfikbljfdeojpcgbh [2015-07-28]

CHR Extension: (Google Docs Offline) - C:\Users\Amy Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-20]

CHR Extension: (Do Not Disturb!) - C:\Users\Amy Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnddakjdkpofoablibghfikpeknhbia [2015-05-18]

CHR Extension: (Kaspersky Protection) - C:\Users\Amy Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpoimibckejjdjcfbdnajaicnklhfplh [2015-04-30]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Amy Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-24]

CHR Extension: (Gmail) - C:\Users\Amy Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]

CHR Extension: (Anti-Banner) - C:\Users\Amy Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2015-04-29]

CHR HKU\S-1-5-21-3873701136-3596577701-2754614134-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kbemlhjodpfopddibpbppifmogphpmil] - C:\Users\Amy Martin\AppData\Local\CRE\kbemlhjodpfopddibpbppifmogphpmil.crx <not found>

CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx [2013-11-11]

CHR HKLM-x32\...\Chrome\Extension: [edmgmpmklgfbohogafcfobonnkogchec] - C:\Program Files (x86)\Common Files\Motive\extensions\MotiveRequest.crx [2013-11-15]

CHR HKLM-x32\...\Chrome\Extension: [kbemlhjodpfopddibpbppifmogphpmil] - C:\Users\Amy Martin\AppData\Local\CRE\kbemlhjodpfopddibpbppifmogphpmil.crx <not found>

CHR HKLM-x32\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - hxxps://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh

CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx [2013-11-11]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [226944 2012-12-28] (Qualcomm Atheros Commnucations) [File not signed]

S2 ATT MAHostService; C:\Program Files (x86)\ATT\8.3.1.7\ma\bin\MAHostService.exe [321024 2013-08-26] (Alcatel-Lucent) [File not signed]

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO)

R2 CSObjectsSrv; C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [818888 2013-09-25] (Infowatch)

R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242912 2014-09-11] (Foxit Software Inc.)

R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation)

R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)

S3 NetworkSupport; C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe [625240 2013-09-28] (Sony Corporation)

R2 pcCMService; C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [369152 2013-03-02] (Alcatel-Lucent) [File not signed]

R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [460288 2013-03-02] (Alcatel-Lucent) [File not signed]

R2 pcServiceHost; C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe [342528 2013-05-07] (Alcatel-Lucent) [File not signed]

R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [474208 2012-07-27] (Sony Corporation)

R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-10-26] ()

R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-11-26] (RealNetworks, Inc.)

R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [31856 2014-10-30] ()

S3 Sony SCSI Helper Service; C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [73728 2012-09-19] (Sony Corporation) [File not signed]

S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [964608 2012-09-28] (Sony Corporation) [File not signed]

R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1653272 2015-07-31] (Sony Corporation)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-12-28] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3837440 2013-12-02] (Qualcomm Atheros Communications, Inc.)

S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2012-12-28] (Qualcomm Atheros)

S3 BTATH_VDP; C:\Windows\system32\drivers\btath_vdp.sys [428008 2012-12-28] (Qualcomm Atheros)

R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)

R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [98504 2013-09-25] (Infowatch)

R1 CSVirtualDiskDrv; C:\Windows\system32\DRIVERS\CSVirtualDiskDrv.sys [67784 2013-09-25] (Infowatch)

S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)

S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)

S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)

R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2015-04-29] (Kaspersky Lab ZAO)

S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29792 2013-11-11] (Kaspersky Lab)

U5 klflt; C:\Windows\System32\Drivers\klflt.sys [92768 2015-04-30] (Kaspersky Lab ZAO)

R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [627264 2015-04-30] (Kaspersky Lab ZAO)

R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2015-04-30] (Kaspersky Lab ZAO)

R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO)

R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO)

R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [50448 2013-11-11] (Kaspersky Lab ZAO)

R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [177864 2015-04-29] (Kaspersky Lab ZAO)

S2 MCSTRM; no ImagePath

S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2013-05-07] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]

S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.sys [43008 2013-05-07] (Printing Communications Assoc., Inc. (PCAUSA))

S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2013-05-07] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]

R3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.sys [40960 2013-05-07] (Printing Communications Assoc., Inc. (PCAUSA))

R3 RimVSerPort; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)

R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-05-27] (Synaptics Incorporated)

R3 SOWS; C:\Windows\System32\drivers\sows.sys [24280 2012-06-10] (Sony Corporation)

S3 utc5mtm0; C:\WINDOWS\SysWOW64\Drivers\utc5mtm0.sys [7168 2015-04-28] () [File not signed]

S2 vcs; C:\Program Files (x86)\Common Files\Avnex\vcs64.sys [4096 2015-12-13] () [File not signed]

R3 VCSVADHWSer; C:\Windows\system32\DRIVERS\vcsvad.sys [21504 2008-12-26] (Avnex)

S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)

S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-08 12:44 - 2016-01-08 12:45 - 00032469 _____ C:\Users\Amy Martin\Desktop\FRST.txt

2016-01-08 12:43 - 2016-01-08 12:44 - 00000000 ____D C:\FRST

2016-01-08 10:37 - 2016-01-08 10:37 - 01721856 _____ (Farbar) C:\Users\Amy Martin\Desktop\FRST.exe

2016-01-08 10:34 - 2016-01-08 10:34 - 02370560 _____ (Farbar) C:\Users\Amy Martin\Desktop\FRST64.exe

2016-01-08 08:39 - 2016-01-08 08:39 - 00008399 _____ C:\Users\Amy Martin\Desktop\Hardware Interrupts and DPCs3.TXT

2016-01-08 08:35 - 2016-01-08 08:35 - 00015113 _____ C:\VEW4.txt

2016-01-08 08:34 - 2016-01-08 08:34 - 00008924 _____ C:\VEW3.txt

2016-01-08 06:42 - 2016-01-08 06:42 - 00000000 ____D C:\Users\Amy Martin\Downloads\wsearch

2016-01-08 06:40 - 2016-01-08 06:40 - 00000925 _____ C:\Users\Amy Martin\Downloads\wsearch.zip

2016-01-07 20:55 - 2016-01-07 20:56 - 00008227 _____ C:\Users\Amy Martin\Desktop\Hardware Interrupts and DPCs1.TXT

2016-01-07 20:53 - 2016-01-07 20:53 - 00003772 _____ C:\Users\Amy Martin\Desktop\Hardware Interrupts and DPCs.txt

2016-01-07 20:42 - 2016-01-07 20:42 - 02660496 _____ (Sysinternals - www.sysinternals.com) C:\Users\Amy Martin\Desktop\procexp.exe

2016-01-07 20:40 - 2016-01-07 20:40 - 00015003 _____ C:\Users\Amy Martin\Desktop\VEW2.txt

2016-01-07 20:39 - 2016-01-07 20:39 - 00006731 _____ C:\Users\Amy Martin\Desktop\VEW1.txt

2016-01-07 20:30 - 2016-01-07 20:30 - 00061440 _____ ( ) C:\Users\Amy Martin\Downloads\VEW (1).exe

2016-01-07 20:27 - 2016-01-07 20:27 - 00000000 _____ C:\Users\Amy Martin\Documents\VEW1.txt

2016-01-07 14:17 - 2016-01-07 14:19 - 00888944 _____ C:\Users\Amy Martin\Desktop\MARTIN.txt

2016-01-07 14:13 - 2016-01-07 14:13 - 00000808 _____ C:\Users\Public\Desktop\Speccy.lnk

2016-01-07 14:13 - 2016-01-07 14:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy

2016-01-07 14:13 - 2016-01-07 14:13 - 00000000 ____D C:\Program Files\Speccy

2016-01-07 14:09 - 2016-01-07 14:09 - 00165788 _____ C:\Users\Amy Martin\Documents\MartinCompCert.pdf

2016-01-07 12:41 - 2016-01-07 12:42 - 05111240 _____ (Piriform Ltd) C:\Users\Amy Martin\Desktop\spsetup129.exe

2016-01-07 10:50 - 2016-01-08 08:35 - 00015113 _____ C:\VEW.txt

2016-01-07 10:49 - 2016-01-07 10:49 - 00001471 _____ C:\Users\Amy Martin\Desktop\VEW - Shortcut.lnk

2016-01-07 10:43 - 2016-01-07 10:43 - 00061440 _____ ( ) C:\Users\Amy Martin\Downloads\VEW.exe

2016-01-07 07:33 - 2016-01-07 14:10 - 00386186 _____ C:\Users\Amy Martin\Documents\Presentation2.pptx

2016-01-02 11:27 - 2016-01-05 18:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2015-12-27 12:30 - 2015-12-27 12:30 - 00092393 _____ C:\Users\Amy Martin\Documents\movieticket3.pdf

2015-12-27 12:29 - 2015-12-27 12:29 - 00092396 _____ C:\Users\Amy Martin\Documents\movieticket2.pdf

2015-12-27 12:27 - 2015-12-27 12:27 - 00092396 _____ C:\Users\Amy Martin\Documents\movieticket1.pdf

2015-12-27 12:19 - 2015-12-27 12:20 - 00092396 _____ C:\Users\Amy Martin\Downloads\e2bac473d033443ba1acade4e2de7d1df89584dc.pdf

2015-12-27 09:05 - 2015-12-27 09:05 - 00092396 _____ C:\Users\Amy Martin\Downloads\c1508ff6f6064790435b0b6bc5cd0d5f52edf1a2.pdf

2015-12-27 08:57 - 2015-12-27 08:57 - 00092393 _____ C:\Users\Amy Martin\Downloads\6bcebaccd4004a9a6846a79d365ce0edb1272d31.pdf

2015-12-15 12:14 - 2015-12-15 12:31 - 00000000 ____D C:\Users\Amy Martin\Documents\Wondershare PDF Converter

2015-12-15 12:14 - 2015-12-15 12:14 - 00000000 ____D C:\Users\Amy Martin\AppData\Local\Wondershare

2015-12-15 12:13 - 2016-01-01 14:59 - 00000000 ____D C:\Users\Amy Martin\AppData\Roaming\Wondershare

2015-12-15 12:13 - 2016-01-01 14:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare

2015-12-15 12:13 - 2016-01-01 14:59 - 00000000 ____D C:\Program Files (x86)\Wondershare

2015-12-15 12:11 - 2015-12-15 12:12 - 12537456 _____ (Wondershare Software ) C:\Users\Amy Martin\Downloads\pdf-converter_full755.exe

2015-12-15 12:05 - 2015-12-15 12:05 - 00207422 _____ C:\Users\Amy Martin\Documents\002.pdf

2015-12-15 07:49 - 2015-12-15 07:49 - 00152037 _____ C:\Users\Amy Martin\Documents\Settlement Agreement - MartinSigned (2)Martin.pdf

2015-12-13 14:01 - 2015-12-13 14:01 - 00000000 ____D C:\Users\Amy Martin\Naturalsoft

2015-12-13 13:42 - 2016-01-05 17:47 - 00000000 ____D C:\Program Files (x86)\Naturalsoft

2015-12-13 13:40 - 2015-12-13 13:57 - 00000000 ____D C:\Users\Amy Martin\AppData\Local\Downloaded Installations

2015-12-13 13:36 - 2015-12-13 13:39 - 32430256 _____ (Naturalsoft ) C:\Users\Amy Martin\Downloads\standardsetup.exe

2015-12-13 13:35 - 2015-12-13 13:42 - 00000000 ____D C:\Program Files (x86)\ AV Vcs 7.0

2015-12-13 13:35 - 2015-12-13 13:35 - 00000000 ____D C:\Users\Amy Martin\AppData\Roaming\Avnex

2015-12-13 13:35 - 2008-12-26 12:56 - 00021504 _____ (Avnex) C:\WINDOWS\system32\Drivers\vcsvad.sys

2015-12-13 13:28 - 2015-12-13 13:29 - 16953072 _____ C:\Users\Amy Martin\Downloads\vcs_aff.exe

2015-12-09 12:38 - 2015-11-05 02:59 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys

2015-12-09 12:37 - 2015-11-11 10:21 - 25837568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2015-12-09 12:37 - 2015-11-11 10:00 - 12856832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll

2015-12-09 12:37 - 2015-11-11 09:44 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll

2015-12-09 12:37 - 2015-11-11 09:44 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll

2015-12-09 12:37 - 2015-11-11 09:41 - 20366848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2015-12-09 12:37 - 2015-11-11 09:12 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll

2015-12-09 12:37 - 2015-11-09 18:13 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll

2015-12-09 12:37 - 2015-11-09 18:11 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll

2015-12-09 12:37 - 2015-11-09 18:08 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll

2015-12-09 12:37 - 2015-11-09 18:04 - 00476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll

2015-12-09 12:37 - 2015-11-09 18:02 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll

2015-12-09 12:37 - 2015-11-09 17:46 - 04514816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll

2015-12-09 12:37 - 2015-11-09 17:41 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll

2015-12-09 12:37 - 2015-11-09 17:37 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll

2015-12-09 12:37 - 2015-11-09 17:36 - 02050560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl

2015-12-09 12:37 - 2015-11-09 17:36 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll

2015-12-09 12:37 - 2015-11-09 17:36 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll

2015-12-09 12:37 - 2015-11-09 17:25 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll

2015-12-09 12:37 - 2015-11-09 17:17 - 02011136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll

2015-12-09 12:37 - 2015-11-09 17:14 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll

2015-12-09 12:37 - 2015-11-09 17:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll

2015-12-09 12:37 - 2015-11-08 16:15 - 02887168 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll

2015-12-09 12:37 - 2015-11-08 16:15 - 00571392 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll

2015-12-09 12:37 - 2015-11-08 16:04 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll

2015-12-09 12:37 - 2015-11-08 16:02 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll

2015-12-09 12:37 - 2015-11-08 16:01 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll

2015-12-09 12:37 - 2015-11-08 15:32 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll

2015-12-09 12:37 - 2015-11-08 15:32 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll

2015-12-09 12:37 - 2015-11-08 15:25 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll

2015-12-09 12:37 - 2015-11-08 15:18 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll

2015-12-09 12:37 - 2015-11-08 15:16 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll

2015-12-09 12:37 - 2015-11-08 15:15 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll

2015-12-09 12:37 - 2015-11-08 15:15 - 00718336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe

2015-12-09 12:37 - 2015-11-08 15:14 - 14456832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2015-12-09 12:37 - 2015-11-08 15:13 - 02123264 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl

2015-12-09 12:37 - 2015-11-08 14:53 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll

2015-12-09 12:37 - 2015-11-08 14:53 - 02487808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll

2015-12-09 12:37 - 2015-11-08 14:41 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll

2015-12-09 12:37 - 2015-11-08 14:30 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll

2015-12-09 12:34 - 2015-11-22 00:59 - 07455064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe

2015-12-09 12:34 - 2015-11-22 00:59 - 01735000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll

2015-12-09 12:34 - 2015-11-22 00:59 - 01659568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi

2015-12-09 12:34 - 2015-11-22 00:59 - 01519592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe

2015-12-09 12:34 - 2015-11-22 00:59 - 01487008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi

2015-12-09 12:34 - 2015-11-22 00:59 - 01355848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe

2015-12-09 12:34 - 2015-11-22 00:58 - 01499920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll

2015-12-09 12:34 - 2015-11-21 12:32 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll

2015-12-09 12:34 - 2015-11-21 11:50 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll

2015-12-09 12:34 - 2015-11-21 10:59 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll

2015-12-09 12:34 - 2015-11-21 10:49 - 01344000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll

2015-12-09 12:34 - 2015-11-21 10:47 - 00522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll

2015-12-09 12:34 - 2015-11-21 10:40 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll

2015-12-09 12:34 - 2015-10-22 11:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdgeoqw.dll

2015-12-09 12:34 - 2015-10-22 11:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZST.DLL

2015-12-09 12:34 - 2015-10-22 11:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZEL.DLL

2015-12-09 12:34 - 2015-10-22 11:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZE.DLL

2015-12-09 12:34 - 2015-10-22 10:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbdgeoqw.dll

2015-12-09 12:34 - 2015-10-22 10:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZST.DLL

2015-12-09 12:34 - 2015-10-22 10:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZEL.DLL

2015-12-09 12:34 - 2015-10-22 10:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZE.DLL

2015-12-09 12:34 - 2015-10-22 10:21 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll

2015-12-09 12:34 - 2015-10-22 10:21 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll

2015-12-09 12:34 - 2015-10-22 09:58 - 00868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll

2015-12-09 12:34 - 2015-10-22 09:58 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll

2015-12-09 12:34 - 2015-10-22 08:08 - 00513456 _____ C:\WINDOWS\SysWOW64\locale.nls

2015-12-09 12:34 - 2015-10-22 08:08 - 00513456 _____ C:\WINDOWS\system32\locale.nls

2015-12-09 12:34 - 2015-10-10 11:20 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll

2015-12-09 12:33 - 2015-11-08 18:41 - 01540728 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll

2015-12-09 12:33 - 2015-11-08 16:30 - 04176384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys

2015-12-09 12:33 - 2015-11-08 15:23 - 01994752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll

2015-12-09 12:33 - 2015-11-08 15:13 - 01383936 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll

2015-12-09 12:33 - 2015-11-08 15:01 - 01753600 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll

2015-12-09 12:33 - 2015-11-08 14:52 - 01559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll

2015-12-09 12:33 - 2015-11-08 14:48 - 01376256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll

2015-12-09 12:33 - 2015-11-08 14:42 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll

2015-12-09 12:33 - 2015-10-03 13:41 - 01385280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll

2015-12-09 12:33 - 2015-10-03 13:41 - 01124384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll

2015-12-09 12:32 - 2015-11-20 16:47 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

2015-12-09 12:32 - 2015-11-20 12:18 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll

2015-12-09 12:32 - 2015-11-20 10:58 - 03706880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll

2015-12-09 12:32 - 2015-11-20 10:47 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe

2015-12-09 12:32 - 2015-11-20 10:46 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll

2015-12-09 12:32 - 2015-11-20 10:44 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll

2015-12-09 12:32 - 2015-11-20 10:44 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll

2015-12-09 12:32 - 2015-11-20 10:43 - 00897024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll

2015-12-09 12:32 - 2015-11-20 10:42 - 02243584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll

2015-12-09 12:32 - 2015-11-20 10:30 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe

2015-12-09 12:32 - 2015-11-20 10:29 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll

2015-12-09 12:32 - 2015-11-20 10:28 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll

2015-12-09 12:32 - 2015-11-20 10:27 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll

2015-12-09 12:32 - 2015-10-28 09:49 - 02775552 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll

2015-12-09 12:32 - 2015-10-28 09:29 - 02462720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll

2015-12-09 12:32 - 2015-10-11 00:34 - 00468824 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS

2015-12-09 12:32 - 2015-10-11 00:34 - 00462168 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys

2015-12-09 12:32 - 2015-10-11 00:34 - 00443224 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys

2015-12-09 12:32 - 2015-10-11 00:34 - 00092504 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys

2015-12-09 12:32 - 2015-10-11 00:34 - 00027992 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys

2015-12-09 12:32 - 2015-10-10 12:41 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys

2015-12-09 12:32 - 2015-10-10 12:41 - 00030208 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbohci.sys

2015-12-09 12:32 - 2015-10-10 12:40 - 00078848 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winusb.sys

2015-12-09 12:32 - 2015-10-08 10:11 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll

2015-12-09 12:32 - 2015-10-08 09:50 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll

2015-12-09 12:32 - 2015-10-05 12:28 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe

2015-12-09 12:32 - 2015-10-05 12:25 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-08 12:44 - 2013-08-22 07:36 - 00000000 ____D C:\Windows

2016-01-08 12:42 - 2013-03-14 07:50 - 00000000 ____D C:\Users\Amy Martin\Documents\Outlook Files

2016-01-08 12:42 - 2013-01-10 08:04 - 00000000 ____D C:\ProgramData\Kaspersky Lab

2016-01-08 12:28 - 2014-10-04 16:32 - 00000322 _____ C:\WINDOWS\Tasks\UpdaterEX.job

2016-01-08 12:19 - 2013-07-09 08:41 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2016-01-08 11:47 - 2013-07-09 06:17 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2016-01-08 07:57 - 2014-02-04 12:06 - 00000000 ___DO C:\Users\Amy Martin\SkyDrive

2016-01-08 07:53 - 2013-07-09 06:17 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2016-01-08 07:52 - 2013-08-22 08:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

2016-01-08 07:51 - 2014-02-04 11:38 - 00000000 ____D C:\Users\Amy Martin

2016-01-08 07:51 - 2013-08-22 07:25 - 01572864 ___SH C:\WINDOWS\system32\config\BBI

2016-01-08 07:47 - 2014-02-04 11:38 - 00000000 ____D C:\Users\Kyle Martin

2016-01-08 07:21 - 2014-02-10 20:05 - 00003938 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{93B328E4-267A-466D-B965-502F6F018D4E}

2016-01-08 02:33 - 2013-03-13 17:39 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3873701136-3596577701-2754614134-1001

2016-01-07 12:53 - 2012-07-26 01:59 - 00000000 ____D C:\WINDOWS\CbsTemp

2016-01-07 10:46 - 2013-03-13 17:32 - 00000000 ____D C:\Users\Amy Martin\AppData\Local\VirtualStore

2016-01-05 18:10 - 2015-10-14 17:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2016-01-05 18:10 - 2013-08-22 08:44 - 00501768 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2016-01-02 04:13 - 2015-04-05 10:59 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX

2016-01-02 04:13 - 2015-04-05 10:59 - 00000000 ___SD C:\WINDOWS\system32\GWX

2016-01-01 15:19 - 2013-07-09 08:41 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater

2016-01-01 14:59 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\system32\Sysprep

2016-01-01 14:59 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\Inf

2016-01-01 14:59 - 2013-05-13 16:07 - 00000000 ____D C:\ProgramData\Atheros

2016-01-01 14:59 - 2013-03-22 14:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

2016-01-01 14:55 - 2013-08-22 09:36 - 00000000 ___HD C:\Program Files\WindowsApps

2016-01-01 14:41 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\registration

2016-01-01 14:38 - 2013-11-16 06:42 - 00000000 ____D C:\ProgramData\Real

2016-01-01 14:37 - 2013-03-14 07:09 - 00000000 __RHD C:\MSOCache

2016-01-01 14:29 - 2013-03-15 06:11 - 00000000 ____D C:\Users\Amy Martin\AppData\Local\ElevatedDiagnostics

2015-12-27 06:17 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\NDF

2015-12-26 02:48 - 2015-11-12 06:43 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

2015-12-26 02:48 - 2015-11-12 06:43 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

2015-12-16 17:50 - 2013-07-09 06:20 - 00002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2015-12-12 20:11 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\rescache

2015-12-12 13:18 - 2013-03-22 14:57 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2015-12-12 13:18 - 2013-03-22 14:57 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight

2015-12-10 08:14 - 2013-08-07 12:22 - 00000000 ____D C:\WINDOWS\system32\MRT

2015-12-10 07:54 - 2013-03-14 12:42 - 140158008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2015-12-09 13:03 - 2013-03-14 07:09 - 00000000 ____D C:\ProgramData\Microsoft Help

==================== Files in the root of some directories =======

2014-02-10 20:03 - 2014-06-21 10:32 - 0000004 _____ () C:\Users\Amy Martin\AppData\Roaming\96DA4A

2014-02-10 20:03 - 2014-06-21 10:32 - 0870128 _____ () C:\Users\Amy Martin\AppData\Roaming\mcs.rma

2013-03-19 05:31 - 2013-03-27 14:33 - 0000154 _____ () C:\Users\Amy Martin\AppData\Roaming\Rim.Desktop.Exception.log

2013-03-19 05:30 - 2013-03-19 05:30 - 0001111 _____ () C:\Users\Amy Martin\AppData\Roaming\Rim.Desktop.HttpServerSetup.log

2013-03-19 05:31 - 2013-03-27 14:33 - 0000154 _____ () C:\Users\Amy Martin\AppData\Roaming\Rim.DesktopHelper.Exception.log

2014-10-07 06:28 - 2014-10-07 06:28 - 0000043 _____ () C:\Users\Amy Martin\AppData\Roaming\WB.CFG

2013-05-25 19:56 - 2013-05-25 19:56 - 0007599 _____ () C:\Users\Amy Martin\AppData\Local\Resmon.ResmonCfg

2015-04-12 06:32 - 2015-04-12 06:32 - 0000000 _____ () C:\Users\Amy Martin\AppData\Local\{9D6F7AC6-46F6-4C53-B19A-7F572BCC7F87}

2013-12-01 08:40 - 2013-12-01 08:40 - 0000057 _____ () C:\ProgramData\Ament.ini

2013-03-15 06:13 - 2013-04-01 17:02 - 0002082 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:

====================

C:\Users\Amy Martin\AppData\Local\Temp\GLB1A2B.EXE

C:\Users\Amy Martin\AppData\Local\Temp\GLF2340.tmp.dll

C:\Users\Amy Martin\AppData\Local\Temp\GLF315C.EXE

C:\Users\Amy Martin\AppData\Local\Temp\GLF73A1.EXE

C:\Users\Amy Martin\AppData\Local\Temp\GLF76D.EXE

C:\Users\Amy Martin\AppData\Local\Temp\GLFA497.EXE

C:\Users\Amy Martin\AppData\Local\Temp\GLFBD0F.EXE

C:\Users\Amy Martin\AppData\Local\Temp\GLFC501.EXE

C:\Users\Amy Martin\AppData\Local\Temp\jre-8u51-windows-au.exe

C:\Users\Amy Martin\AppData\Local\Temp\jre-8u65-windows-au.exe

C:\Users\Amy Martin\AppData\Local\Temp\jre-8u66-windows-au.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed

C:\WINDOWS\system32\wininit.exe => File is digitally signed

C:\WINDOWS\explorer.exe => File is digitally signed

C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed

C:\WINDOWS\system32\svchost.exe => File is digitally signed

C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed

C:\WINDOWS\system32\services.exe => File is digitally signed

C:\WINDOWS\system32\User32.dll => File is digitally signed

C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed

C:\WINDOWS\system32\userinit.exe => File is digitally signed

C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed

C:\WINDOWS\system32\rpcss.dll => File is digitally signed

C:\WINDOWS\system32\dnsapi.dll => File is digitally signed

C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-01-08 08:50

==================== End of FRST.txt ============================

Back to Virus, Spyware, Malware Removal · Next Unread Topic →

As Featured On:

Geeks to Go Forum 343,327 topics
Quick Links FAQ Malware Cleaning Guide How it Works
Downloads 2+ million

View New Content

Windows Indexing

#16
RKinner

Posted 07 January 2016 - 08:19 PM

Advertisements

#17
A1RotNBrat

Posted 07 January 2016 - 08:40 PM

#18
A1RotNBrat

Posted 07 January 2016 - 08:41 PM

#19
A1RotNBrat

Posted 07 January 2016 - 08:57 PM

#20
RKinner

Posted 07 January 2016 - 09:27 PM

#21
A1RotNBrat

Posted 08 January 2016 - 08:03 AM

#22
RKinner

Posted 08 January 2016 - 08:13 AM

#23
A1RotNBrat

Posted 08 January 2016 - 08:35 AM

#24
A1RotNBrat

Posted 08 January 2016 - 08:36 AM

#25
A1RotNBrat

Posted 08 January 2016 - 08:39 AM

Advertisements

#26
RKinner

Posted 08 January 2016 - 09:56 AM

#27
Naathim

Posted 08 January 2016 - 09:58 AM

#28
A1RotNBrat

Posted 08 January 2016 - 10:41 AM

#29
RKinner

Posted 08 January 2016 - 11:03 AM

#30
A1RotNBrat

Posted 08 January 2016 - 12:49 PM

Similar Topics

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us

Windows Indexing

#16 RKinner Posted 07 January 2016 - 08:19 PM

Advertisements

#17 A1RotNBrat Posted 07 January 2016 - 08:40 PM

#18 A1RotNBrat Posted 07 January 2016 - 08:41 PM

#19 A1RotNBrat Posted 07 January 2016 - 08:57 PM

#20 RKinner Posted 07 January 2016 - 09:27 PM

#21 A1RotNBrat Posted 08 January 2016 - 08:03 AM

#22 RKinner Posted 08 January 2016 - 08:13 AM

#23 A1RotNBrat Posted 08 January 2016 - 08:35 AM

#24 A1RotNBrat Posted 08 January 2016 - 08:36 AM

#25 A1RotNBrat Posted 08 January 2016 - 08:39 AM

Advertisements

#26 RKinner Posted 08 January 2016 - 09:56 AM

#27 Naathim Posted 08 January 2016 - 09:58 AM

#28 A1RotNBrat Posted 08 January 2016 - 10:41 AM

#29 RKinner Posted 08 January 2016 - 11:03 AM

#30 A1RotNBrat Posted 08 January 2016 - 12:49 PM

Similar Topics

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us

Sign In

#16
RKinner

Posted 07 January 2016 - 08:19 PM

#17
A1RotNBrat

Posted 07 January 2016 - 08:40 PM

#18
A1RotNBrat

Posted 07 January 2016 - 08:41 PM

#19
A1RotNBrat

Posted 07 January 2016 - 08:57 PM

#20
RKinner

Posted 07 January 2016 - 09:27 PM

#21
A1RotNBrat

Posted 08 January 2016 - 08:03 AM

#22
RKinner

Posted 08 January 2016 - 08:13 AM

#23
A1RotNBrat

Posted 08 January 2016 - 08:35 AM

#24
A1RotNBrat

Posted 08 January 2016 - 08:36 AM

#25
A1RotNBrat

Posted 08 January 2016 - 08:39 AM

#26
RKinner

Posted 08 January 2016 - 09:56 AM

#27
Naathim

Posted 08 January 2016 - 09:58 AM

#28
A1RotNBrat

Posted 08 January 2016 - 10:41 AM

#29
RKinner

Posted 08 January 2016 - 11:03 AM

#30
A1RotNBrat

Posted 08 January 2016 - 12:49 PM