My mom's friend was spending the night and he was attempting to "check his email" while she was asleep and he clicked on "something that looked like a gmail login" and now the computer has been compromised. When I got to the computer, there were several abandoned remote access login boxes on the screen as well as a fake Microsoft Security Essentials window up stating that the system was infected with 36 viruses and to call toll free 1-717-401-3166. Last time I checked, all toll free numbers began with an 800, 855, 866, 877 etc. but he called the number anyway and got scammed into trying to purchase a 1 year for $249.99 or a 3 year package for $449.99 to "fix" the computer. Since he allowed this person from India remote access into the computer, I have absolutely no idea what he installed onto this HDD. I had all of the safeguards in place to keep this from happening but obviously a human being sitting in front of the computer can override this. This is all I have to go on. Please help!
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-02-2016
Ran by Susan (administrator) on SUSAN-PC (16-02-2016 19:07:41)
Running from C:\Users\Susan\Desktop
Loaded Profiles: Susan (Available Profiles: Susan)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer SmartBoot\ASLSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
() C:\Program Files\Acer\Acer Office Manager Agent\AgSvc.exe
() C:\Program Files\Acer\Acer Office Manager Console\ConSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avpui.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSaver\PowerSaverTray.exe
() C:\Program Files\Acer\Acer Office Manager Agent\AgStdAlo.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.3\kpm.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
(LG Electronics) C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Smart Solution\bin\Dual Smart Solution.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
() C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Smart Solution\bin\TestDDCCI.exe
(TODO: <Company name>) C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Smart Solution\bin\SmartHookTestApp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSYNC.EXE
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6568.16901.0_x64__8wekyb3d8bbwe\HxMail.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6568.16901.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [402344 2015-12-19] ()
HKLM\...\Run: [Acer PowerSaver] => C:\Program Files\Acer\Acer PowerSaver\PowerSaverTray.exe [547728 2011-12-09] (Acer Incorporated)
HKLM\...\Run: [Acer SmartBoot] => C:\Program Files\Acer\Acer SmartBoot\ASLTray.exe [454800 2012-05-22] (Acer Incorporated)
HKLM\...\Run: [AgStdAlo] => C:\Program Files\Acer\Acer Office Manager Agent\AgStdAlo.exe [109800 2013-10-25] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-25] (Intel Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-16] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-12-22] (Oracle Corporation)
HKU\S-1-5-21-3551703168-3638828205-1618650259-1000\...\Run: [HP Officejet Pro 8610 (NET)] => C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-3551703168-3638828205-1618650259-1000\...\Run: [kpm.exe] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.3\kpm.exe [7473880 2015-07-18] (AO Kaspersky Lab)
HKU\S-1-5-21-3551703168-3638828205-1618650259-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-11-30] (Apple Inc.)
HKU\S-1-5-21-3551703168-3638828205-1618650259-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [103696 2015-11-30] (Apple Inc.)
HKU\S-1-5-21-3551703168-3638828205-1618650259-1000\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [349968 2015-11-30] (Apple Inc.)
HKU\S-1-5-21-3551703168-3638828205-1618650259-1000\...\Run: [Bomgar_Cleanup_ZD38793746819060] => cmd.exe /C rd /S /Q "C:\ProgramData\bomgar-scc-0x56c336a3" & reg.exe delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Bomgar_Cleanup_ZD38793746819060 /f
HKU\S-1-5-21-3551703168-3638828205-1618650259-1000\...\RunOnce: [Uninstall C:\Users\Susan\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Susan\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dual Smart Solution.lnk [2015-10-01]
ShortcutTarget: Dual Smart Solution.lnk -> C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Smart Solution\bin\Dual Smart Solution.exe (LG Electronics)
Startup: C:\Users\Susan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8610.lnk [2016-01-19]
ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8610.lnk -> C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPStatusBL.dll (Hewlett-Packard Development Company, LP)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{541450d4-8fb1-4cff-b280-6bcaecd31d2d}: [DhcpNameServer] 192.168.1.254
Internet Explorer:
==================
HKU\S-1-5-21-3551703168-3638828205-1618650259-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
SearchScopes: HKU\S-1-5-21-3551703168-3638828205-1618650259-1000 -> DefaultScope {FC3BC0B0-8B9F-4CBD-A9C9-40D183B606E7} URL =
SearchScopes: HKU\S-1-5-21-3551703168-3638828205-1618650259-1000 -> {FC3BC0B0-8B9F-4CBD-A9C9-40D183B606E7} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-01-18] (Microsoft Corporation)
BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-11-18] (AO Kaspersky Lab)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-01-17] (Microsoft Corporation)
BHO: Kaspersky Password Manager -> {F710F7E5-A520-471D-989C-F653AC328FB2} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.3\x64\ie_engine.dll [2015-07-18] (AO Kaspersky Lab)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\ssv.dll [2016-01-19] (Oracle Corporation)
BHO-x32: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\IEExt\ie_plugin.dll [2015-11-18] (AO Kaspersky Lab)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\jp2ssv.dll [2016-01-19] (Oracle Corporation)
BHO-x32: Kaspersky Password Manager -> {F710F7E5-A520-471D-989C-F653AC328FB2} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.3\ie_engine.dll [2015-07-18] (AO Kaspersky Lab)
Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-11-18] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\IEExt\ie_plugin.dll [2015-11-18] (AO Kaspersky Lab)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-17] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-17] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-17] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-17] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\2bc0dslk.default
FF NewTab: about:newtab
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Web Search
FF SelectedSearchEngine: Google
FF Homepage: hxxps://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-09] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-09] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-05-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-05-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll [2016-01-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\plugin2\npjp2.dll [2016-01-19] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-04-01] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-01-17] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3551703168-3638828205-1618650259-1000: kaspersky.com/KPMPlugin -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.3\npKPMPlugin.dll [2015-07-18] (Kaspersky Lab)
FF Plugin HKU\S-1-5-21-3551703168-3638828205-1618650259-1000: kpm_add_on@kaspersky -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.3\kpm_add_on@kaspersky [2015-12-29] ()
FF user.js: detected! => C:\Users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\2bc0dslk.default\user.js [2015-12-29]
FF Extension: iCloud Bookmarks - C:\Users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\2bc0dslk.default\Extensions\[email protected] [2015-12-29]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\FFExt\light_plugin_firefox
FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\FFExt\light_plugin_firefox [2015-12-02]
FF HKU\S-1-5-21-3551703168-3638828205-1618650259-1000\...\Firefox\Extensions: [kpm_add_on@kaspersky] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.3\kpm_add_on@kaspersky
FF Extension: Kaspersky Password Manager - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.3\kpm_add_on@kaspersky [2015-12-29]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AgSvc; C:\Program Files\Acer\Acer Office Manager Agent\AgSvc.exe [142056 2013-10-25] ()
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 ASLSvc; C:\Program Files\Acer\Acer SmartBoot\ASLSvc.exe [509584 2012-05-22] (Acer Incorporated)
R2 AVP16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe [194000 2015-11-18] (Kaspersky Lab ZAO)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2772720 2016-01-17] (Microsoft Corporation)
R2 ConSvc; C:\Program Files\Acer\Acer Office Manager Console\ConSvc.exe [281832 2013-10-25] ()
R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [30080 2011-06-13] ()
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [373160 2015-12-19] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-05-16] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-05-16] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
S3 vssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\vssbridge64.exe [144640 2015-07-09] (AO Kaspersky Lab)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-22] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [70512 2015-06-27] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [68280 2015-06-06] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [30328 2015-06-24] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [181640 2015-11-18] (AO Kaspersky Lab)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [227512 2015-11-18] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [934272 2015-12-02] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [39608 2015-06-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [41656 2015-06-06] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [41352 2015-11-18] (AO Kaspersky Lab)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [87944 2015-11-18] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [102584 2015-06-16] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [187056 2015-06-23] (Kaspersky Lab ZAO)
R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [109272 2015-10-05] (Malwarebytes)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-02-16] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
S3 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 idsvc; no ImagePath
U4 klkbdflt2; \SystemRoot\system32\DRIVERS\klkbdflt2.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-02-16 19:07 - 2016-02-16 19:08 - 00021266 _____ C:\Users\Susan\Desktop\FRST.txt
2016-02-16 19:03 - 2016-02-16 19:07 - 00000000 ____D C:\FRST
2016-02-16 19:00 - 2016-02-16 19:03 - 02370560 _____ (Farbar) C:\Users\Susan\Desktop\FRST64.exe
2016-02-16 08:55 - 2016-02-16 08:55 - 00001132 _____ C:\Users\Public\Desktop\SmartPCFixer.lnk
2016-02-16 08:55 - 2016-02-16 08:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartPCFixer
2016-02-16 08:55 - 2014-05-10 09:24 - 00000229 _____ C:\Users\Public\Desktop\LionSea Software.url
2016-02-16 08:54 - 2016-02-16 08:55 - 00000000 ____D C:\Program Files (x86)\SmartPCFixer
2016-02-16 08:54 - 2016-02-16 08:54 - 04759456 _____ (LionSea Software co., ltd ) C:\Users\Susan\Downloads\setup.exe
2016-02-16 08:48 - 2016-02-16 15:18 - 00000000 ____D C:\ProgramData\bomgar-scc-0x56c336a3
2016-02-16 08:48 - 2016-02-08 11:16 - 00023920 _____ C:\ProgramData\Z@!-0569b890-695a-47af-9c1d-81918bf123f8.tmp
2016-02-16 08:48 - 2016-02-08 11:16 - 00022896 _____ C:\ProgramData\Z@S!-d02993d1-0222-4931-9d7e-9a54ed8000cb.tmp
2016-02-15 21:59 - 2016-02-15 21:59 - 00000000 ___HD C:\OneDriveTemp
2016-02-12 18:16 - 2016-02-12 18:16 - 00047189 _____ C:\Users\Susan\Downloads\Invoice #149(2).pdf
2016-02-12 18:15 - 2016-02-12 18:15 - 00865384 _____ C:\Users\Susan\Downloads\AT&T Lease Email.pdf
2016-02-12 18:15 - 2016-02-12 18:15 - 00865384 _____ C:\Users\Susan\Downloads\AT&T Lease Email(1).pdf
2016-02-12 18:08 - 2016-02-12 18:08 - 00865384 _____ C:\Users\Susan\Documents\AT&T Lease Email.pdf
2016-02-09 15:16 - 2016-01-26 23:05 - 19339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-02-09 15:16 - 2016-01-26 23:05 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-02-09 15:16 - 2016-01-26 22:55 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-02-09 15:15 - 2016-01-29 00:57 - 04502352 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-02-09 15:15 - 2016-01-29 00:33 - 04064320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-02-09 15:15 - 2016-01-27 00:15 - 01557776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-02-09 15:15 - 2016-01-27 00:15 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-02-09 15:15 - 2016-01-27 00:01 - 07476064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-02-09 15:15 - 2016-01-27 00:01 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-02-09 15:15 - 2016-01-27 00:01 - 01819720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-02-09 15:15 - 2016-01-26 23:59 - 00304752 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2016-02-09 15:15 - 2016-01-26 23:57 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-02-09 15:15 - 2016-01-26 23:57 - 01824264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-02-09 15:15 - 2016-01-26 23:57 - 00820704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-02-09 15:15 - 2016-01-26 23:56 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-02-09 15:15 - 2016-01-26 23:55 - 05242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-02-09 15:15 - 2016-01-26 23:55 - 00081112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpenWith.exe
2016-02-09 15:15 - 2016-01-26 23:54 - 00295264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-02-09 15:15 - 2016-01-26 23:46 - 02606824 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-02-09 15:15 - 2016-01-26 23:46 - 01270072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-02-09 15:15 - 2016-01-26 23:45 - 22564328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-02-09 15:15 - 2016-01-26 23:45 - 06605544 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-02-09 15:15 - 2016-01-26 23:44 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-02-09 15:15 - 2016-01-26 23:44 - 00085320 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpenWith.exe
2016-02-09 15:15 - 2016-01-26 23:43 - 00359776 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-02-09 15:15 - 2016-01-26 23:37 - 01998176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-02-09 15:15 - 2016-01-26 23:37 - 00576352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-02-09 15:15 - 2016-01-26 23:21 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-02-09 15:15 - 2016-01-26 23:15 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ztrace_maps.dll
2016-02-09 15:15 - 2016-01-26 23:13 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-02-09 15:15 - 2016-01-26 23:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-02-09 15:15 - 2016-01-26 23:11 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-02-09 15:15 - 2016-01-26 23:10 - 22394368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-02-09 15:15 - 2016-01-26 23:10 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2016-02-09 15:15 - 2016-01-26 23:08 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-02-09 15:15 - 2016-01-26 23:08 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ztrace_maps.dll
2016-02-09 15:15 - 2016-01-26 23:07 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iassam.dll
2016-02-09 15:15 - 2016-01-26 23:05 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-02-09 15:15 - 2016-01-26 23:05 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-02-09 15:15 - 2016-01-26 23:04 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-02-09 15:15 - 2016-01-26 23:04 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-02-09 15:15 - 2016-01-26 23:03 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2016-02-09 15:15 - 2016-01-26 23:02 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2016-02-09 15:15 - 2016-01-26 23:01 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-02-09 15:15 - 2016-01-26 22:59 - 00258048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iassam.dll
2016-02-09 15:15 - 2016-01-26 22:58 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-02-09 15:15 - 2016-01-26 22:57 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-02-09 15:15 - 2016-01-26 22:55 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-02-09 15:15 - 2016-01-26 22:54 - 24603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-02-09 15:15 - 2016-01-26 22:52 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-02-09 15:15 - 2016-01-26 22:50 - 02230784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-02-09 15:15 - 2016-01-26 22:50 - 01504768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-02-09 15:15 - 2016-01-26 22:50 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2016-02-09 15:15 - 2016-01-26 22:49 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-02-09 15:15 - 2016-01-26 22:48 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-02-09 15:15 - 2016-01-26 22:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cfgbkend.dll
2016-02-09 15:15 - 2016-01-26 22:42 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-02-09 15:15 - 2016-01-26 22:41 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-02-09 15:15 - 2016-01-26 22:39 - 02275328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-02-09 15:15 - 2016-01-26 22:38 - 07835648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-02-09 15:15 - 2016-01-26 22:38 - 01734656 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-02-09 15:15 - 2016-01-26 22:37 - 04894720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-02-09 15:15 - 2016-01-26 22:36 - 02757120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-02-09 15:15 - 2016-01-26 22:32 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-02-09 15:15 - 2016-01-26 22:31 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\cfgbkend.dll
2016-02-08 17:16 - 2016-02-08 17:16 - 00801057 _____ C:\Users\Susan\Downloads\NewRx.pdf
2016-02-07 12:37 - 2016-02-07 12:37 - 00047189 _____ C:\Users\Susan\Downloads\Invoice #149.pdf
2016-02-07 12:37 - 2016-02-07 12:37 - 00047189 _____ C:\Users\Susan\Downloads\Invoice #149(1).pdf
2016-02-05 14:01 - 2016-02-05 14:01 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\679C0F08.sys
2016-02-04 10:00 - 2016-02-04 10:00 - 00052438 _____ C:\Users\Susan\Downloads\Invoice #148(8).pdf
2016-02-04 10:00 - 2016-02-04 10:00 - 00052438 _____ C:\Users\Susan\Downloads\Invoice #148(7).pdf
2016-02-02 19:00 - 2016-02-02 19:00 - 00052438 _____ C:\Users\Susan\Downloads\Invoice #148(6).pdf
2016-02-02 18:59 - 2016-02-02 18:59 - 00052438 _____ C:\Users\Susan\Downloads\Invoice #148(5).pdf
2016-02-02 18:57 - 2016-02-02 18:57 - 00052438 _____ C:\Users\Susan\Downloads\Invoice #148.pdf
2016-02-02 18:57 - 2016-02-02 18:57 - 00052438 _____ C:\Users\Susan\Downloads\Invoice #148(4).pdf
2016-02-02 18:57 - 2016-02-02 18:57 - 00052438 _____ C:\Users\Susan\Downloads\Invoice #148(3).pdf
2016-02-02 18:57 - 2016-02-02 18:57 - 00052438 _____ C:\Users\Susan\Downloads\Invoice #148(2).pdf
2016-02-02 18:57 - 2016-02-02 18:57 - 00052438 _____ C:\Users\Susan\Downloads\Invoice #148(1).pdf
2016-02-02 17:44 - 2016-02-02 17:44 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2016-02-01 13:59 - 2016-02-01 13:59 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\733F5472.sys
2016-01-31 18:33 - 2016-01-31 18:33 - 00002524 _____ C:\Users\Susan\Downloads\WorkOrder(9).pdf
2016-01-31 18:33 - 2016-01-31 18:33 - 00002524 _____ C:\Users\Susan\Downloads\WorkOrder(8).pdf
2016-01-31 18:33 - 2016-01-31 18:33 - 00002524 _____ C:\Users\Susan\Downloads\WorkOrder(7).pdf
2016-01-31 18:33 - 2016-01-31 18:33 - 00002524 _____ C:\Users\Susan\Downloads\WorkOrder(6).pdf
2016-01-31 18:33 - 2016-01-31 18:33 - 00002524 _____ C:\Users\Susan\Downloads\WorkOrder(5).pdf
2016-01-31 18:33 - 2016-01-31 18:33 - 00002524 _____ C:\Users\Susan\Downloads\WorkOrder(11).pdf
2016-01-31 18:33 - 2016-01-31 18:33 - 00002524 _____ C:\Users\Susan\Downloads\WorkOrder(10).pdf
2016-01-31 18:32 - 2016-01-31 18:32 - 00007046 _____ C:\Users\Susan\Downloads\WorkOrder.pdf
2016-01-31 18:32 - 2016-01-31 18:32 - 00007046 _____ C:\Users\Susan\Downloads\WorkOrder(4).pdf
2016-01-31 18:32 - 2016-01-31 18:32 - 00007046 _____ C:\Users\Susan\Downloads\WorkOrder(3).pdf
2016-01-31 18:32 - 2016-01-31 18:32 - 00007046 _____ C:\Users\Susan\Downloads\WorkOrder(2).pdf
2016-01-31 18:32 - 2016-01-31 18:32 - 00007046 _____ C:\Users\Susan\Downloads\WorkOrder(1).pdf
2016-01-28 11:44 - 2016-01-28 11:45 - 01340755 _____ C:\Users\Susan\Downloads\1745216.Other Lease Agreements. .zip
2016-01-27 13:36 - 2016-01-16 00:37 - 00202472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2016-01-27 13:36 - 2016-01-16 00:36 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-01-27 13:36 - 2016-01-16 00:36 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-01-27 13:36 - 2016-01-16 00:34 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-01-27 13:36 - 2016-01-16 00:24 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2016-01-27 13:36 - 2016-01-16 00:23 - 08728920 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-01-27 13:36 - 2016-01-16 00:23 - 00848160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-01-27 13:36 - 2016-01-16 00:23 - 00785088 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-01-27 13:36 - 2016-01-16 00:23 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-01-27 13:36 - 2016-01-16 00:23 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-01-27 13:36 - 2016-01-16 00:23 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-01-27 13:36 - 2016-01-16 00:21 - 01750440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2016-01-27 13:36 - 2016-01-16 00:20 - 06971752 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-01-27 13:36 - 2016-01-16 00:20 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-01-27 13:36 - 2016-01-16 00:20 - 00431240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2016-01-27 13:36 - 2016-01-16 00:20 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2016-01-27 13:36 - 2016-01-16 00:19 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-01-27 13:36 - 2016-01-16 00:19 - 00405568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-01-27 13:36 - 2016-01-16 00:12 - 01415200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-01-27 13:36 - 2016-01-16 00:09 - 01089880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-01-27 13:36 - 2016-01-16 00:08 - 01174008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-01-27 13:36 - 2016-01-16 00:08 - 00440152 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2016-01-27 13:36 - 2016-01-15 23:46 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-01-27 13:36 - 2016-01-15 23:45 - 16986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-01-27 13:36 - 2016-01-15 23:44 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-01-27 13:36 - 2016-01-15 23:44 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasadhlp.dll
2016-01-27 13:36 - 2016-01-15 23:44 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
2016-01-27 13:36 - 2016-01-15 23:43 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttpcom.dll
2016-01-27 13:36 - 2016-01-15 23:42 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-01-27 13:36 - 2016-01-15 23:42 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscoreext.dll
2016-01-27 13:36 - 2016-01-15 23:41 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-01-27 13:36 - 2016-01-15 23:40 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
2016-01-27 13:36 - 2016-01-15 23:40 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe
2016-01-27 13:36 - 2016-01-15 23:40 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasautou.exe
2016-01-27 13:36 - 2016-01-15 23:39 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll
2016-01-27 13:36 - 2016-01-15 23:38 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-01-27 13:36 - 2016-01-15 23:38 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-01-27 13:36 - 2016-01-15 23:38 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimCfg.dll
2016-01-27 13:36 - 2016-01-15 23:38 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbio.dll
2016-01-27 13:36 - 2016-01-15 23:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-01-27 13:36 - 2016-01-15 23:37 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-01-27 13:36 - 2016-01-15 23:37 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-01-27 13:36 - 2016-01-15 23:37 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2016-01-27 13:36 - 2016-01-15 23:36 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-01-27 13:36 - 2016-01-15 23:36 - 00475648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll
2016-01-27 13:36 - 2016-01-15 23:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-01-27 13:36 - 2016-01-15 23:36 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimAuth.dll
2016-01-27 13:36 - 2016-01-15 23:36 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
2016-01-27 13:36 - 2016-01-15 23:35 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-01-27 13:36 - 2016-01-15 23:35 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-01-27 13:36 - 2016-01-15 23:35 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasadhlp.dll
2016-01-27 13:36 - 2016-01-15 23:34 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2016-01-27 13:36 - 2016-01-15 23:34 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2016-01-27 13:36 - 2016-01-15 23:34 - 00477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2016-01-27 13:36 - 2016-01-15 23:34 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-01-27 13:36 - 2016-01-15 23:34 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttpcom.dll
2016-01-27 13:36 - 2016-01-15 23:33 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2016-01-27 13:36 - 2016-01-15 23:33 - 00574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2016-01-27 13:36 - 2016-01-15 23:33 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-01-27 13:36 - 2016-01-15 23:32 - 00621568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2016-01-27 13:36 - 2016-01-15 23:32 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe
2016-01-27 13:36 - 2016-01-15 23:31 - 00851456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-01-27 13:36 - 2016-01-15 23:31 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-01-27 13:36 - 2016-01-15 23:31 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-01-27 13:36 - 2016-01-15 23:31 - 00343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-01-27 13:36 - 2016-01-15 23:31 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasautou.exe
2016-01-27 13:36 - 2016-01-15 23:30 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-01-27 13:36 - 2016-01-15 23:30 - 01053696 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-01-27 13:36 - 2016-01-15 23:30 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-01-27 13:36 - 2016-01-15 23:30 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimCfg.dll
2016-01-27 13:36 - 2016-01-15 23:30 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winbio.dll
2016-01-27 13:36 - 2016-01-15 23:29 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-01-27 13:36 - 2016-01-15 23:29 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-01-27 13:36 - 2016-01-15 23:28 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-01-27 13:36 - 2016-01-15 23:28 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-01-27 13:36 - 2016-01-15 23:28 - 00884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2016-01-27 13:36 - 2016-01-15 23:28 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimAuth.dll
2016-01-27 13:36 - 2016-01-15 23:27 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-01-27 13:36 - 2016-01-15 23:26 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2016-01-27 13:36 - 2016-01-15 23:26 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-01-27 13:36 - 2016-01-15 23:26 - 00260608 _____ C:\WINDOWS\system32\MTFServer.dll
2016-01-27 13:36 - 2016-01-15 23:26 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-01-27 13:36 - 2016-01-15 23:25 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2016-01-27 13:36 - 2016-01-15 23:25 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-01-27 13:36 - 2016-01-15 23:25 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
2016-01-27 13:36 - 2016-01-15 23:24 - 02057216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-01-27 13:36 - 2016-01-15 23:24 - 00613888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-01-27 13:36 - 2016-01-15 23:24 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-01-27 13:36 - 2016-01-15 23:24 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-01-27 13:36 - 2016-01-15 23:23 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-01-27 13:36 - 2016-01-15 23:23 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-01-27 13:36 - 2016-01-15 23:21 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-01-27 13:36 - 2016-01-15 23:20 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-01-27 13:36 - 2016-01-15 23:20 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-01-27 13:36 - 2016-01-15 23:20 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-01-27 13:36 - 2016-01-15 23:20 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2016-01-27 13:36 - 2016-01-15 23:19 - 00733184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2016-01-27 13:36 - 2016-01-15 23:19 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-01-27 13:36 - 2016-01-15 23:19 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
2016-01-27 13:36 - 2016-01-15 23:19 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-01-27 13:36 - 2016-01-15 23:18 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-01-27 13:36 - 2016-01-15 23:17 - 05503488 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-01-27 13:36 - 2016-01-15 23:16 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-01-27 13:36 - 2016-01-15 23:16 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2016-01-27 13:36 - 2016-01-15 23:15 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-01-27 13:36 - 2016-01-15 23:14 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-01-27 13:36 - 2016-01-15 23:14 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-01-27 13:36 - 2016-01-15 23:11 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2016-01-23 14:04 - 2016-01-23 14:04 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\4898191E.sys
2016-01-20 11:04 - 2016-01-20 11:04 - 00095218 _____ C:\Users\Susan\Downloads\7912 Country meadow comps 1-18-16(1).pdf
2016-01-20 11:03 - 2016-01-20 11:03 - 00095218 _____ C:\Users\Susan\Downloads\7912 Country meadow comps 1-18-16.pdf
2016-01-20 10:36 - 2016-01-20 10:37 - 01625942 _____ C:\Users\Susan\Downloads\Report6125Jan20.pdf
2016-01-20 10:34 - 2016-01-20 10:34 - 00097542 _____ C:\Users\Susan\Downloads\CMA 1 Line7286
2016-01-20 10:34 - 2016-01-20 10:34 - 00097542 _____ C:\Users\Susan\Downloads\CMA 1 Line4728
2016-01-20 10:34 - 2016-01-20 10:34 - 00097542 _____ C:\Users\Susan\Downloads\CMA 1 Line3748
2016-01-19 20:19 - 2016-01-19 20:19 - 00000000 ____D C:\Users\Susan\AppData\Roaming\Sun
2016-01-19 20:19 - 2016-01-19 20:19 - 00000000 ____D C:\Users\Susan\.oracle_jre_usage
2016-01-19 20:18 - 2016-01-19 20:18 - 00000000 ____D C:\Users\Susan\AppData\LocalLow\Oracle
2016-01-19 20:16 - 2016-01-19 20:16 - 00001774 _____ C:\Users\Susan\Desktop\Adobe Reader X.lnk
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-02-16 18:37 - 2013-12-06 06:09 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-02-16 18:23 - 2015-11-18 20:52 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-02-16 18:09 - 2015-05-21 13:11 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-02-16 15:53 - 2015-12-29 15:03 - 00000000 ___RD C:\Backup
2016-02-15 21:59 - 2015-12-29 15:50 - 00000000 ___RD C:\Users\Susan\iCloudDrive
2016-02-15 21:59 - 2015-08-10 11:09 - 00000000 __SHD C:\Users\Susan\IntelGraphicsProfiles
2016-02-15 21:59 - 2015-06-29 11:30 - 00000000 ___RD C:\Users\Susan\OneDrive
2016-02-15 21:58 - 2015-11-14 04:41 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-02-15 18:52 - 2015-11-14 04:45 - 00000000 ____D C:\Users\Susan
2016-02-15 14:51 - 2015-09-14 19:28 - 00004154 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{7812CDFD-0A97-496B-8C93-B6EDBB4F07CB}
2016-02-14 09:49 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-02-13 13:25 - 2015-04-13 17:40 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-02-13 13:23 - 2015-04-13 17:40 - 146614896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-02-12 18:09 - 2015-12-29 15:50 - 00000000 ____D C:\Users\Susan\AppData\Local\AA86540E-1C80-41E8-912F-FCD8B8B6F857.aplzod
2016-02-12 18:05 - 2015-10-30 01:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-02-12 18:05 - 2015-08-10 11:09 - 00000000 ____D C:\Users\Susan\AppData\Local\Packages
2016-02-12 12:21 - 2015-12-29 15:49 - 00003490 _____ C:\WINDOWS\System32\Tasks\Apple Diagnostics
2016-02-12 11:44 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\rescache
2016-02-12 11:10 - 2015-08-10 11:09 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-02-12 03:37 - 2015-11-14 04:44 - 01009692 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-02-12 03:37 - 2015-10-30 01:21 - 00000000 ____D C:\WINDOWS\INF
2016-02-12 03:33 - 2015-11-14 04:55 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-02-12 03:32 - 2015-10-30 00:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-02-12 03:32 - 2015-04-13 15:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-02-12 03:31 - 2015-10-30 03:07 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-11 19:18 - 2015-08-27 14:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-02-11 13:19 - 2015-08-10 11:13 - 00002409 _____ C:\Users\Susan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-02-10 18:07 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-02-10 11:17 - 2015-10-30 01:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-02-03 13:01 - 2015-10-30 01:26 - 00828920 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-02-03 13:01 - 2015-10-30 01:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-31 13:25 - 2015-11-14 04:41 - 00000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2016-01-29 13:37 - 2015-10-30 01:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-01-29 13:35 - 2014-05-08 19:35 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-01-28 03:31 - 2015-10-30 01:24 - 00000000 ___SD C:\WINDOWS\system32\F12
2016-01-28 03:31 - 2015-10-30 01:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-01-28 03:31 - 2015-10-30 01:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-01-28 03:31 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-01-28 03:31 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-01-28 03:31 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-01-28 03:31 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-01-19 20:30 - 2016-01-15 17:57 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-01-19 20:30 - 2015-11-14 04:38 - 00370136 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-01-19 20:20 - 2015-04-13 19:23 - 00000000 ____D C:\ProgramData\Oracle
2016-01-19 20:19 - 2015-04-13 19:24 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-01-19 20:19 - 2015-04-13 19:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-01-19 20:19 - 2015-04-13 19:23 - 00000000 ____D C:\Program Files (x86)\Java
==================== Files in the root of some directories =======
2015-05-21 11:45 - 2015-05-21 11:45 - 0007605 _____ () C:\Users\Susan\AppData\Local\Resmon.ResmonCfg
2015-04-13 19:02 - 2015-04-13 19:02 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-11-14 04:41 - 2015-11-14 04:41 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-02-16 08:48 - 2016-02-08 11:16 - 0023920 _____ () C:\ProgramData\Z@!-0569b890-695a-47af-9c1d-81918bf123f8.tmp
2016-02-16 08:48 - 2016-02-08 11:16 - 0022896 _____ () C:\ProgramData\Z@S!-d02993d1-0222-4931-9d7e-9a54ed8000cb.tmp
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-02-11 13:23
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-02-2016
Ran by Susan (2016-02-16 19:08:30)
Running from C:\Users\Susan\Desktop
Windows 10 Home (X64) (2015-11-14 11:00:41)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3551703168-3638828205-1618650259-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3551703168-3638828205-1618650259-503 - Limited - Disabled)
Guest (S-1-5-21-3551703168-3638828205-1618650259-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3551703168-3638828205-1618650259-1002 - Limited - Enabled)
Susan (S-1-5-21-3551703168-3638828205-1618650259-1000 - Administrator - Enabled) => C:\Users\Susan
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky Total Security (Enabled - Up to date) {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}
AS: Kaspersky Total Security (Enabled - Up to date) {0F7D947C-13CC-4207-47BE-41AC12334EC6}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Total Security (Enabled) {8C27F4BD-7F99-4CD1-5651-D3EB97674300}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3508 - Acer Incorporated)
Acer eSettings Management (HKLM-x32\...\{13D85C14-2B85-419F-AC41-C7F21E68B25D}) (Version: 3.00.5500 - Acer Incorporated)
Acer Framework (HKLM-x32\...\{8F1B6239-FEA0-450A-A950-B05276CE177C}) (Version: 3.00.5500 - Acer Incorporated)
Acer Office Manager Agent (HKLM\...\{3F3EDE05-BE5A-4492-AE55-E823880A207B}) (Version: 1.00.8103 - Acer Incorporated)
Acer Office Manager Console (HKLM\...\{89054479-B94C-41F2-9749-22DB9F9209D0}) (Version: 1.00.8102 - Acer Incorporated)
Acer PowerSaver (HKLM-x32\...\{A1FFD720-0806-40E9-9554-DB22D593FDEF}) (Version: 1.00.3504 - Acer Incorporated)
Acer SmartBoot (HKLM-x32\...\{9E65215B-9DE9-401A-8541-C82FE2D2BC66}) (Version: 1.00.8001 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3502 - Acer Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Dual Smart Solution (HKLM-x32\...\{E61F7C73-277C-44CE-87C4-B574BF0F3803}) (Version: 2.5 - LG Soft India Pvt Ltd)
Evernote v. 4.5.2 (HKLM-x32\...\{F77EF646-19EB-11E1-9A9E-984BE15F174E}) (Version: 4.5.2.5866 - Evernote Corp.)
HP Officejet Pro 8610 Basic Device Software (HKLM\...\{39DA3F40-0B9E-4002-8E01-108FEC9EFE43}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP Officejet Pro 8610 Help (HKLM-x32\...\{F9569D00-4576-46C8-B6C7-207A4FD39745}) (Version: 32.0.0 - Hewlett Packard)
HP Support Solutions Framework (HKLM-x32\...\{F6A11738-3EE4-4573-AEA5-6CD5D491C167}) (Version: 12.0.30.219 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{4B48E22A-2FB0-4EFA-B99E-954B1E50CD69}) (Version: 5.1.0.34 - Apple Inc.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3503 - Acer Incorporated)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.10.1372 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4331 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
Java 8 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218071F0}) (Version: 8.0.710.15 - Oracle Corporation)
Kaspersky Password Manager (HKLM-x32\...\InstallWIX_{C706D102-D77E-4D45-B631-2A43C55F0F01}) (Version: 8.0.3.287 - Kaspersky Lab)
Kaspersky Password Manager (x32 Version: 8.0.3.287 - Kaspersky Lab) Hidden
Kaspersky Total Security (HKLM-x32\...\InstallWIX_{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}) (Version: 16.0.0.614 - Kaspersky Lab)
Kaspersky Total Security (x32 Version: 16.0.0.614 - Kaspersky Lab) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.6366.2062 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 44.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 en-US)) (Version: 44.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6326.1022 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6326.1022 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6326.1022 - Microsoft Corporation) Hidden
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Product Improvement Study for HP Officejet Pro 8610 (HKLM\...\{D2064264-3162-4DB1-AFE0-167BEFBBCD9C}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30166 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.73.618.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.102 - Skype Technologies S.A.)
SmartPCFixer 5.2 (HKLM-x32\...\{2C5927BD-3F65-4207-8FB5-8EDF638A3511}_is1) (Version: 5.2 - LionSea Software co., ltd) <==== ATTENTION
UV Realtime (HKLM-x32\...\{5A4B3F22-A5DF-43D7-89A7-6121F5431F32}) (Version: 1.9.1 - Dan Wilson)
Veriton ControlCenter (HKLM-x32\...\{A78190D6-A513-4C5D-BC20-CFE14F1CD5E3}) (Version: 1.00.3500 - Acer Incorporated)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3507 - Acer Incorporated)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3551703168-3638828205-1618650259-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Susan\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\FileCoAuth.exe (Microsoft Corporation)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {000147C5-DA03-4833-8C58-FEAC58D83486} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {007DB50D-263A-4E45-B37F-037BCF060993} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
Task: {0DD5ED54-D46B-4043-8F98-D9E716CAB544} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {1027813B-0AD5-4C4C-AFFF-304157D44284} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {14107FE0-DF48-4865-878A-12592D3800F9} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {25ABCA8E-66EA-4837-8BB1-22DA329578DD} - System32\Tasks\HPCustParticipation HP Officejet Pro 8610 => C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP)
Task: {2CFD2FC6-DBB2-4FFC-AE4B-2F498071846C} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-01-19] (Microsoft Corporation)
Task: {30202AAF-F616-4645-B103-9E520A7E6D3E} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {308AA495-2F8A-470A-85D5-2919419CB44B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-01-12] (Hewlett-Packard Company)
Task: {32AA001E-7747-4524-9A0A-AFC2CBA2AB23} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {34B0EAD9-FE5C-4652-9346-3798380FEA38} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-01-17] (Microsoft Corporation)
Task: {3571F80D-326F-419D-861F-D9057D1D725A} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {383950DB-BA33-4353-8F59-E00B5679AD8F} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {530F7E45-A958-4E0F-9FE0-EA3EC11F2FD8} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-02-13] (Microsoft Corporation)
Task: {5CDA4EA8-6138-45B8-AFA3-7EC4301AA363} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
Task: {5D2840DB-8CAA-43EE-88AD-39742C7B0081} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {61EF5426-8D79-4A1D-9D11-9A9432781017} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {67CAA856-4D2A-40D3-82AB-673B7073A880} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {68B3FABE-3164-40FA-B91E-D108EAB3BEB2} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2012-04-05] (Acer Incorporated)
Task: {74F656E8-F925-4B94-A809-55DF2AAE1576} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {8A251B4B-652C-4D1E-A160-3B17760DA6BF} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {8BFBEF72-C362-45A9-A332-EA0970D3AE6C} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {94E4D1B8-1104-4880-A21D-889D94310B31} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {96F5D623-98BA-4EB7-B24F-E3AED5A70B2E} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-01-17] (Microsoft Corporation)
Task: {98B0B4CC-5A1B-4A1B-82A7-8CB75CCE9169} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {9BF46398-32DD-4E7E-BD48-3C42C6CF2F68} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {A386F321-D44F-473B-BBA8-936396920D71} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {A8CD3FAE-4EFA-4AE1-B669-53459614312F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {AC422E33-04A2-4665-B199-0C137221337E} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {B71D3A54-B18C-4560-9C42-F4065CFC9D70} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {C1BC3C32-8A2E-49DC-A93D-6EB79E97CECE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {C2591CCC-D971-4272-B5D6-1CCDACA5E845} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {CCA2D5F0-3E5B-4466-B10C-B4D7840268E1} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {D53881F7-0D30-4705-8384-A3F621B567FF} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {DCEB5B10-34A7-49BA-A27F-2C262A8607CB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-09] (Adobe Systems Incorporated)
Task: {E7898195-08EE-41B3-A0C3-2BEA8711C537} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {EBBDEBFC-3A6D-4690-8470-DBC4AC31AA38} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {EDA9F9F1-95F3-402B-8ABB-3CE1F06CF683} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {EE95E42E-FB9A-4DB2-B90C-8789C8564766} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {EF5E1074-EC5A-4C46-8EC4-F5961A702410} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-01-06] (Hewlett-Packard)
Task: {F2172150-4FDE-413A-9957-566BBFB24DD8} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {F2DAA845-48E5-4579-AA88-CCC96D6B8C74} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2015-12-01] (Apple Inc.)
Task: {F6D4A90D-5484-4B15-A12A-74A891236619} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {F792A3AD-21E9-4F39-92AE-0BEB786924E3} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {F9DAFFFB-9CEE-495B-BF8E-AC06ECE2BC97} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {FA63F0A9-4BFA-4CF3-9401-59FEAF5E002D} - System32\Tasks\HP AR Program Upload - d432f310de654d39a1c21d7f21d93dd605c40597a78b43ffa4369f811e27cac8 => C:\Program Files\HP\HP Officejet Pro 8610\bin\HPRewards.exe [2014-07-21] (TODO: <Company name>)
Task: {FC293357-BA5E-4348-8812-175CF6803929} - System32\Tasks\{84AF3C37-D543-41D9-A4AD-ADB914921203} => pcalua.exe -a "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" -d "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller"
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2015-12-04 03:43 - 2016-01-17 14:46 - 00171712 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2015-03-20 17:12 - 2015-03-20 17:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-12-06 06:05 - 2011-06-13 19:59 - 00030080 _____ () C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
2015-11-14 04:46 - 2015-11-14 04:46 - 00038312 _____ () C:\WINDOWS\assembly\GAC_MSIL\Framework.Model.Controller\3.0.5500.0__14bcaafdb44b5951\Framework.Model.Controller.dll
2015-11-14 04:46 - 2015-11-14 04:46 - 00026040 _____ () C:\WINDOWS\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.5500.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
2015-11-14 04:46 - 2015-11-14 04:46 - 00066960 _____ () C:\WINDOWS\assembly\GAC_MSIL\Framework.Library\3.0.5500.0__3036420f80dd6947\Framework.Library.dll
2015-11-14 04:46 - 2015-11-14 04:46 - 00034192 _____ () C:\WINDOWS\assembly\GAC_MSIL\Framework.Host\3.0.5500.0__672b450de5a7e94a\Framework.Host.dll
2015-11-14 04:46 - 2015-11-14 04:46 - 00021920 _____ () C:\WINDOWS\assembly\GAC_MSIL\Framework.PluginInterface\3.0.5500.0__9ecdf03bb2054f94\Framework.PluginInterface.dll
2015-04-13 15:28 - 2011-06-14 11:35 - 00021920 _____ () C:\Program Files\Acer\Empowering Technology\eSettings\eSettings.ServicePlugin.dll
2013-10-25 14:12 - 2013-10-25 14:12 - 00142056 _____ () C:\Program Files\Acer\Acer Office Manager Agent\AgSvc.exe
2013-10-25 14:12 - 2013-10-25 14:12 - 00027368 _____ () C:\Program Files\Acer\Acer Office Manager Agent\MaDis.dll
2013-10-25 14:12 - 2013-10-25 14:12 - 00015080 _____ () C:\Program Files\Acer\Acer Office Manager Agent\LogMgr.dll
2013-10-25 14:12 - 2013-10-25 14:12 - 00137448 _____ () C:\Program Files\Acer\Acer Office Manager Agent\CommLib.dll
2013-10-25 14:12 - 2013-10-25 14:12 - 00067816 _____ () C:\Program Files\Acer\Acer Office Manager Agent\CAComm.dll
2013-10-25 14:12 - 2013-10-25 14:12 - 00014568 _____ () C:\Program Files\Acer\Acer Office Manager Agent\AgRemotObj.dll
2013-10-25 14:12 - 2013-10-25 14:12 - 00123112 _____ () C:\Program Files\Acer\Acer Office Manager Agent\dBAccess.dll
2012-02-22 11:01 - 2012-02-22 11:01 - 01109096 _____ () C:\Program Files\Acer\Acer Office Manager Agent\System.Data.SQLite.dll
2013-10-25 14:13 - 2013-10-25 14:13 - 00074472 _____ () C:\Program Files\Acer\Acer Office Manager Agent\XMLParser.dll
2013-10-25 16:51 - 2013-10-25 16:51 - 00281832 _____ () C:\Program Files\Acer\Acer Office Manager Console\ConSvc.exe
2013-10-25 16:51 - 2013-10-25 16:51 - 00137448 _____ () C:\Program Files\Acer\Acer Office Manager Console\CommLib.dll
2013-10-25 16:51 - 2013-10-25 16:51 - 00015080 _____ () C:\Program Files\Acer\Acer Office Manager Console\LogMgr.dll
2013-10-25 16:51 - 2013-10-25 16:51 - 00074472 _____ () C:\Program Files\Acer\Acer Office Manager Console\XMLParser.dll
2013-10-25 16:51 - 2013-10-25 16:51 - 00123112 _____ () C:\Program Files\Acer\Acer Office Manager Console\dBAccess.dll
2012-02-22 11:01 - 2012-02-22 11:01 - 01102336 _____ () C:\Program Files\Acer\Acer Office Manager Console\System.Data.SQLite.dll
2013-10-25 16:51 - 2013-10-25 16:51 - 00027368 _____ () C:\Program Files\Acer\Acer Office Manager Console\MaDis.dll
2013-10-25 16:51 - 2013-10-25 16:51 - 00015080 _____ () C:\Program Files\Acer\Acer Office Manager Console\ConRemotObj.dll
2013-10-25 16:51 - 2013-10-25 16:51 - 00067816 _____ () C:\Program Files\Acer\Acer Office Manager Console\CAComm.dll
2015-10-30 01:18 - 2015-10-30 01:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-12-03 11:40 - 2015-11-22 04:47 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-03 11:40 - 2015-11-22 04:47 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-01-29 13:33 - 2016-01-17 17:07 - 08913088 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2015-12-18 13:26 - 2015-12-06 22:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-12-18 13:26 - 2015-12-06 22:00 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-01-12 13:48 - 2016-01-04 19:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-12 13:48 - 2016-01-04 19:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-27 13:36 - 2016-01-15 23:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-27 13:36 - 2016-01-15 23:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2013-10-25 14:12 - 2013-10-25 14:12 - 00109800 _____ () C:\Program Files\Acer\Acer Office Manager Agent\AgStdAlo.exe
2013-10-25 14:13 - 2013-10-25 14:13 - 00021736 _____ () C:\Program Files\Acer\Acer Office Manager Agent\ProMgr.dll
2016-02-16 08:48 - 2016-02-08 11:16 - 00023920 _____ () C:\ProgramData\Z@!-0569b890-695a-47af-9c1d-81918bf123f8.tmp
2015-10-01 16:25 - 2012-10-23 14:25 - 00064512 _____ () C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Smart Solution\bin\MouseHook.dll
2015-10-01 16:25 - 2012-10-17 17:52 - 00004608 _____ () C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Smart Solution\bin\EngRes.dll
2015-10-01 16:25 - 2012-12-14 19:10 - 00036864 _____ () C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Smart Solution\bin\TestDDCCI.exe
2016-01-21 13:27 - 2016-01-21 13:27 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-10-30 01:18 - 2015-10-30 01:18 - 00218456 _____ () c:\windows\system32\WerEtw.dll
2015-07-08 23:18 - 2015-07-08 23:18 - 00794920 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\kpcengine.2.3.dll
2014-05-08 19:30 - 2013-05-16 17:06 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2016-02-16 08:48 - 2016-02-08 11:16 - 00022896 _____ () C:\ProgramData\Z@S!-d02993d1-0222-4931-9d7e-9a54ed8000cb.tmp
2015-03-20 17:12 - 2015-03-20 17:12 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 00237328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2015-10-13 05:46 - 2015-10-13 05:46 - 01040144 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-10-01 16:25 - 2012-10-17 17:52 - 00061952 _____ () C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Smart Solution\bin\Proxy32dll.dll
2016-01-21 13:27 - 2016-01-21 13:27 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-01-21 13:27 - 2016-01-21 13:28 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3551703168-3638828205-1618650259-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Susan\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{B82C4DD6-87C4-4D76-9440-37358DF6A0BD}] => (Allow) C:\Users\Susan\AppData\Local\Temp\7zS1227\HPDiagnosticCoreUI.exe
FirewallRules: [{22335203-718C-42D0-8FA4-D9504547F9E1}] => (Allow) C:\Users\Susan\AppData\Local\Temp\7zS1227\HPDiagnosticCoreUI.exe
FirewallRules: [{8E6325CF-E64F-4572-9211-1C3C643FA1FA}] => (Allow) C:\Users\Susan\AppData\Local\Temp\7zS04B0\HPDiagnosticCoreUI.exe
FirewallRules: [{81B26784-FD64-4AEB-9E53-A0EE3269D965}] => (Allow) C:\Users\Susan\AppData\Local\Temp\7zS04B0\HPDiagnosticCoreUI.exe
FirewallRules: [{8D521E7F-77C9-4335-BD2A-AC55081BEB06}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C733EDDC-1FE4-4F13-8CDE-9226A1B3EFC2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7969EEF4-6A5F-4477-A280-3D18D574DEE7}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{108903BF-9B1D-46B4-ACCC-A88D609E19BF}] => (Allow) LPort=5357
FirewallRules: [{09A04195-5DAF-4841-911D-59A4EB2D938E}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\Bin\DeviceSetup.exe
FirewallRules: [{AB5DD5F0-F1F3-48C6-9F90-1412776D412C}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\SendAFax.exe
FirewallRules: [{CA6E8982-E5B8-4FF8-B6E8-9602FDB9C1A2}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\DigitalWizards.exe
FirewallRules: [{03517077-41E6-4B93-AACB-FBC93980B93A}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\FaxApplications.exe
FirewallRules: [{C1C482CB-83FD-45EF-992A-546FD4AF679A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{981D95DA-B0CF-45E1-B3FA-1C1386886FFE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0D1A454A-078C-4820-B6D2-84B97C091D8E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F3A8BC5A-9CE1-4346-A2B6-47B4876D398C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9D23846C-4B82-4B98-81C8-464B41762418}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{ECDD9C48-095A-4B60-A016-FF4F0CDD6AD4}] => (Allow) C:\Program Files\Acer\Acer Office Manager Agent\AgSvc.exe
FirewallRules: [{D51A68D5-CC64-4786-9111-34BB21DA9B1B}] => (Allow) C:\Program Files\Acer\Acer Office Manager Agent\AgSvc.exe
FirewallRules: [{90A2396A-3325-44F0-827B-F6C72ACB4CEA}] => (Allow) C:\Program Files\Acer\Acer Office Manager Console\ConSvc.exe
FirewallRules: [{7E3E7A8D-DEF0-4A5B-B1EE-CEB61B34B63E}] => (Allow) C:\Program Files\Acer\Acer Office Manager Console\ConSvc.exe
FirewallRules: [{91FB0435-699E-4972-B5AC-E4C497C6B3F8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B441AF70-2B48-4E54-9108-BA2DEFB96FEB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BD42B135-52A0-4FCA-AC50-7DA8A9D20406}] => (Allow) C:\Users\Susan\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{467FB7C5-C80E-493D-8D97-5961487DD542}] => (Allow) LPort=1025
FirewallRules: [{A81913C4-EB28-4025-8934-3ADDDD9CF57D}] => (Allow) C:\Users\Susan\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{E0652189-7D4F-4E79-AF7F-78AE58B4B6F9}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{D2B5ABF2-4531-45C4-9FAE-BD38B07B70EC}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
==================== Restore Points =========================
31-01-2016 13:23:14 Windows Update
10-02-2016 11:15:39 Windows Update
13-02-2016 13:23:08 Windows Update
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/16/2016 03:53:29 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040154, Class not registered
.
Operation:
Instantiating VSS server
Error: (02/16/2016 03:53:29 PM) (Source: VSS) (EventID: 22) (User: )
Description: Volume Shadow Copy Service error: A critical component required by the Volume Shadow Copy service is not registered.
This might happened if an error occurred during Windows setup or during installation of a Shadow Copy provider.
The error returned from CoCreateInstance on class with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and Name IVssCoordinatorEx2 is [0x80040154, Class not registered
].
Operation:
Instantiating VSS server
Error: (02/16/2016 08:26:10 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220
Error: (02/16/2016 08:16:12 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SUSAN-PC)
Description: Activation of app Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (02/16/2016 06:16:29 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SUSAN-PC)
Description: Activation of app Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (02/16/2016 04:16:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2344
Error: (02/16/2016 04:16:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2344
Error: (02/16/2016 04:16:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (02/16/2016 04:16:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1156
Error: (02/16/2016 04:16:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1156
System errors:
=============
Error: (02/15/2016 06:52:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_feeb262 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (02/15/2016 06:52:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_feeb262 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (02/15/2016 06:52:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_feeb262 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (02/15/2016 06:52:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_feeb262 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (02/14/2016 09:56:40 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_1a5f96f service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (02/14/2016 09:56:40 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_1a5f96f service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (02/14/2016 09:56:40 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_1a5f96f service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (02/14/2016 09:56:40 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_1a5f96f service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (02/12/2016 11:38:32 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Windows Malicious Software Removal Tool for Windows 8, 8.1, 10 and Windows Server 2012, 2012 R2 x64 Edition - February 2016 (KB890830).
Error: (02/12/2016 11:12:30 AM) (Source: DCOM) (EventID: 10016) (User: SUSAN-PC)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}Susan-PCSusanS-1-5-21-3551703168-3638828205-1618650259-1000LocalHost (Using LRPC)Microsoft.WindowsStore_2016.27.2.0_x64__8wekyb3d8bbweS-1-15-2-1609473798-1231923017-684268153-4268514328-882773646-2760585773-1760938157
CodeIntegrity:
===================================
Date: 2016-02-12 18:10:42.989
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-02-12 18:10:15.491
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-02-12 03:34:14.452
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-02-10 15:43:23.694
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-01-29 13:36:27.118
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-01-28 03:36:40.674
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-01-15 17:25:44.691
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-01-15 16:58:06.898
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-01-14 03:41:14.157
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-01-09 13:29:20.962
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel® Core i3-4130 CPU @ 3.40GHz
Percentage of memory in use: 72%
Total physical RAM: 3967.73 MB
Available physical RAM: 1097.61 MB
Total Virtual: 7935.73 MB
Available Virtual: 3781.48 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:459.08 GB) (Free:385.05 GB) NTFS
Drive d: (DATA) (Fixed) (Total:459.08 GB) (Free:458.94 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: BC71EC6D)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=356 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=459.1 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=459.1 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================