Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Laptop runs slow

Started by John Aukerman , May 11 2016 08:21 AM

  • This topic is locked This topic is locked

#31
zep516
Posted 22 May 2016 - 01:09 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts
I'd like to see one more frst log, FRST,txt and additions.txt

Finally I think we have things working here, I have also had problem with my computer. I keep an old windows 7 desktop running.

Delete any frst logs that are currently on the desktop.

Then

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

  • 0

Advertisements

#32
John Aukerman
Posted 23 May 2016 - 07:44 AM

John Aukerman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 284 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:22-05-2016 01
Ran by Acer Owner (administrator) on ASPIRE-5517 (23-05-2016 09:10:07)
Running from C:\Users\Acer Owner\Desktop
Loaded Profiles: Acer Owner (Available Profiles: Acer Owner)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
() C:\Windows\SysWOW64\PSIService.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_242.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_242.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-28] (Realtek Semiconductor)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [828960 2009-08-06] (Acer Incorporated)
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-08-06] (Egis Technology Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1808168 2009-06-18] (Synaptics Incorporated)
HKLM\...\Run: [Corel Photo Downloader] => C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe [531272 2007-09-12] (Corel, Inc.)
HKLM-x32\...\Run: [EgisTecLiveUpdate] => C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-04] (Egis Technology Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Acer Assist Launcher] => C:\Program Files (x86)\Acer\Acer Assist\launcher.exe [1261568 2007-11-19] ()
HKLM-x32\...\Run: [RemoteControl8] => C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD8LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [128232 2009-02-04] (CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [PdxRegCl] => c:\Program Files (x86)\Corel\Paradox\Programs\PdxRegCl.exe [54632 2010-03-10] (Corel Corporation)
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe [244208 2008-05-14] (Sonic Solutions)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
HKLM-x32\...\Run: [Adobe Photo Downloader] => "C:\Program Files (x86)\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7400576 2016-05-12] (AVAST Software)
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.jse <====== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
HKLM Group Policy restriction on software: bcdedit.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.js <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.js <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.js <====== ATTENTION
HKLM Group Policy restriction on software: ** <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles(x86)%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.js <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.js <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\cryptopreventsetup.exe <====== ATTENTION
HKU\S-1-5-21-256707101-2596442264-1035872815-1000\...\Run: [Global Registration] => "C:\Program Files (x86)\Acer\Registration\GREG.exe" BOOT
HKU\S-1-5-21-256707101-2596442264-1035872815-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23484296 2016-04-25] (Google)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-03-25] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [iCloud] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-04-25] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-04-25] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-04-25] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-05-11] (AVAST Software)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\psdprotect.dll [2009-08-06] (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\psdprotect.dll [2009-08-06] (Egis Technology Inc.)
Startup: C:\Users\Acer Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Firefox.lnk [2015-05-20]
ShortcutTarget: Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{2539EDCB-3B65-45A6-A8D1-FFB335216F52}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{D3D2E87F-7419-4B3D-9F3E-DA6AB638F12A}: [DhcpNameServer] 192.168.200.2

Internet Explorer:
==================
HKU\S-1-5-21-256707101-2596442264-1035872815-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5517&r=27360315f735l03e4z155t48j2x228
HKU\S-1-5-21-256707101-2596442264-1035872815-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5517&r=27360315f735l03e4z155t48j2x228
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-04-22] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-04-22] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-09-23] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Acer Owner\AppData\Roaming\Mozilla\Firefox\Profiles\n3oox4og.default-1452173319833
FF DefaultSearchEngine.US: Google
FF Homepage: hxxps://www.facebook.com/?ref=logo
hxxps://mail.google.com/mail/u/0/#inbox
hxxps://calendar.google.com/calendar/render?tab=mc#main_7
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-13] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-08-26] (Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-03] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-03] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-05-11]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-05-11]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF

Chrome:
=======
CHR Profile: C:\Users\Acer Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Acer Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-02]
CHR Extension: (Google Drive) - C:\Users\Acer Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-02]
CHR Extension: (YouTube) - C:\Users\Acer Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-02]
CHR Extension: (Google Search) - C:\Users\Acer Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-04-02]
CHR Extension: (Google Docs Offline) - C:\Users\Acer Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Acer Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-03-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Acer Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-02]
CHR Extension: (Gmail) - C:\Users\Acer Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-02]
CHR HKU\S-1-5-21-256707101-2596442264-1035872815-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2016-04-22]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-04-22]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-05-11] (AVAST Software)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [311592 2009-08-06] (Egis Technology Inc.)
R2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [177704 2007-06-05] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-05-11] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-05-11] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-05-11] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-05-11] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-05-11] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-05-11] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-05-11] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-05-11] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287528 2016-05-11] (AVAST Software)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-04-22] (Malwarebytes)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-23 09:10 - 2016-05-23 09:10 - 00047519 _____ C:\Users\Acer Owner\Desktop\FRST.txt
2016-05-23 09:09 - 2016-05-23 09:09 - 00000000 ____D C:\Users\Acer Owner\Desktop\FRST-OlderVersion
2016-05-23 09:00 - 2016-05-23 09:00 - 00000000 ___RD C:\Users\Acer Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
2016-05-15 22:41 - 2016-05-15 22:42 - 00000000 ___SD C:\ComboFix
2016-05-15 17:34 - 2016-05-15 22:41 - 00000000 ____D C:\Qoobox
2016-05-15 17:31 - 2016-05-15 17:31 - 00000000 ____D C:\Windows\erdnt
2016-05-15 17:27 - 2016-05-15 17:27 - 05658358 ____R (Swearware) C:\Users\Acer Owner\Desktop\ComboFix.exe
2016-05-15 17:26 - 2016-05-15 17:26 - 00000000 ____D C:\0c8b2379cf4b9ac95189f50605
2016-05-15 13:03 - 2016-04-14 09:49 - 00603648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2016-05-15 13:03 - 2016-04-14 09:21 - 00647680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-05-15 13:02 - 2016-04-09 01:49 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-05-15 13:01 - 2016-04-09 03:01 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-05-15 13:01 - 2016-04-09 03:01 - 00264936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-05-15 13:01 - 2016-04-09 02:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-05-15 13:01 - 2016-04-09 02:57 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2016-05-15 13:01 - 2016-04-09 02:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-05-15 13:00 - 2016-04-09 02:57 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-05-15 13:00 - 2016-04-09 02:54 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-05-15 12:59 - 2016-04-06 11:27 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-05-15 12:57 - 2016-04-23 13:08 - 00394960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-05-15 12:57 - 2016-04-23 12:24 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-05-15 12:57 - 2016-04-23 01:25 - 25816064 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-05-15 12:57 - 2016-04-23 01:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-05-15 12:57 - 2016-04-23 01:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-05-15 12:57 - 2016-04-23 01:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-05-15 12:57 - 2016-04-23 01:00 - 02893312 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-05-15 12:57 - 2016-04-23 01:00 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-05-15 12:57 - 2016-04-23 01:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-05-15 12:57 - 2016-04-23 01:00 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-05-15 12:57 - 2016-04-23 01:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-05-15 12:57 - 2016-04-23 00:52 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-05-15 12:57 - 2016-04-23 00:51 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-05-15 12:57 - 2016-04-23 00:48 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-05-15 12:57 - 2016-04-23 00:47 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-05-15 12:57 - 2016-04-23 00:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-05-15 12:57 - 2016-04-23 00:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-05-15 12:57 - 2016-04-23 00:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-05-15 12:57 - 2016-04-23 00:46 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-05-15 12:57 - 2016-04-23 00:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-05-15 12:57 - 2016-04-23 00:36 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-05-15 12:57 - 2016-04-23 00:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-05-15 12:57 - 2016-04-23 00:27 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-05-15 12:57 - 2016-04-23 00:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-05-15 12:57 - 2016-04-23 00:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-05-15 12:57 - 2016-04-23 00:21 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-05-15 12:57 - 2016-04-23 00:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-05-15 12:57 - 2016-04-23 00:20 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-05-15 12:57 - 2016-04-23 00:11 - 20350464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-05-15 12:57 - 2016-04-23 00:09 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-05-15 12:57 - 2016-04-23 00:08 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-05-15 12:57 - 2016-04-23 00:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-05-15 12:57 - 2016-04-23 00:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-05-15 12:57 - 2016-04-23 00:07 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-05-15 12:57 - 2016-04-23 00:07 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-05-15 12:57 - 2016-04-23 00:07 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-05-15 12:57 - 2016-04-23 00:06 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-05-15 12:57 - 2016-04-23 00:06 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-05-15 12:57 - 2016-04-23 00:05 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-05-15 12:57 - 2016-04-23 00:04 - 02285568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-05-15 12:57 - 2016-04-23 00:02 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-05-15 12:57 - 2016-04-23 00:01 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-05-15 12:57 - 2016-04-23 00:00 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-05-15 12:57 - 2016-04-22 23:59 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-05-15 12:57 - 2016-04-22 23:58 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-05-15 12:57 - 2016-04-22 23:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-05-15 12:57 - 2016-04-22 23:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-05-15 12:57 - 2016-04-22 23:51 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-05-15 12:57 - 2016-04-22 23:50 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-05-15 12:57 - 2016-04-22 23:45 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-05-15 12:57 - 2016-04-22 23:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-05-15 12:57 - 2016-04-22 23:43 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-05-15 12:57 - 2016-04-22 23:41 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-05-15 12:57 - 2016-04-22 23:40 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-05-15 12:57 - 2016-04-22 23:39 - 01547776 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-05-15 12:57 - 2016-04-22 23:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-05-15 12:57 - 2016-04-22 23:36 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-05-15 12:57 - 2016-04-22 23:33 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-05-15 12:57 - 2016-04-22 23:31 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-05-15 12:57 - 2016-04-22 23:30 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-05-15 12:57 - 2016-04-22 23:30 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-05-15 12:57 - 2016-04-22 23:28 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-05-15 12:57 - 2016-04-22 23:26 - 13811200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-05-15 12:57 - 2016-04-22 23:12 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-05-15 12:57 - 2016-04-22 23:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-05-15 12:57 - 2016-04-22 23:07 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-05-15 12:54 - 2016-04-09 03:02 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-05-15 12:54 - 2016-04-09 03:01 - 05546216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-05-15 12:54 - 2016-04-09 02:59 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-05-15 12:54 - 2016-04-09 02:59 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-05-15 12:54 - 2016-04-09 02:59 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-05-15 12:54 - 2016-04-09 02:58 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-05-15 12:54 - 2016-04-09 02:57 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-05-15 12:54 - 2016-04-09 02:57 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-05-15 12:54 - 2016-04-09 02:57 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-05-15 12:54 - 2016-04-09 02:54 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-05-15 12:53 - 2016-04-09 03:01 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-05-15 12:53 - 2016-04-09 03:01 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-05-15 12:53 - 2016-04-09 03:01 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-05-15 12:53 - 2016-04-09 02:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-05-15 12:53 - 2016-04-09 02:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-05-15 12:53 - 2016-04-09 02:58 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-05-15 12:53 - 2016-04-09 02:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-05-15 12:53 - 2016-04-09 02:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-05-15 12:53 - 2016-04-09 02:58 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-05-15 12:53 - 2016-04-09 02:58 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-05-15 12:53 - 2016-04-09 02:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-05-15 12:53 - 2016-04-09 02:58 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-05-15 12:53 - 2016-04-09 02:58 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-05-15 12:53 - 2016-04-09 02:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-05-15 12:53 - 2016-04-09 02:58 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-05-15 12:53 - 2016-04-09 02:58 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-05-15 12:53 - 2016-04-09 02:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-05-15 12:53 - 2016-04-09 02:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-05-15 12:53 - 2016-04-09 02:57 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-05-15 12:53 - 2016-04-09 02:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-05-15 12:53 - 2016-04-09 02:57 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-05-15 12:53 - 2016-04-09 02:57 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-05-15 12:53 - 2016-04-09 02:57 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-05-15 12:53 - 2016-04-09 02:57 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-05-15 12:53 - 2016-04-09 02:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-05-15 12:53 - 2016-04-09 02:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-05-15 12:53 - 2016-04-09 02:57 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-05-15 12:53 - 2016-04-09 02:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-05-15 12:53 - 2016-04-09 02:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-05-15 12:53 - 2016-04-09 02:57 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-05-15 12:53 - 2016-04-09 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-05-15 12:53 - 2016-04-09 02:57 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-05-15 12:53 - 2016-04-09 02:57 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-05-15 12:53 - 2016-04-09 02:57 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-05-15 12:53 - 2016-04-09 02:57 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-05-15 12:53 - 2016-04-09 02:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-15 12:53 - 2016-04-09 02:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-15 12:53 - 2016-04-09 02:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-15 12:53 - 2016-04-09 02:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-05-15 12:53 - 2016-04-09 02:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-15 12:53 - 2016-04-09 02:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-05-15 12:53 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-15 12:53 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-15 12:53 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-15 12:53 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-05-15 12:53 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-05-15 12:53 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-15 12:53 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-05-15 12:53 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-05-15 12:53 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-05-15 12:53 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-05-15 12:53 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-05-15 12:53 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-05-15 12:53 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-15 12:53 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-05-15 12:53 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-05-15 12:53 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-15 12:53 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-05-15 12:53 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-05-15 12:53 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-05-15 12:53 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-05-15 12:53 - 2016-04-09 02:54 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-05-15 12:53 - 2016-04-09 02:54 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-05-15 12:53 - 2016-04-09 02:54 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-05-15 12:53 - 2016-04-09 02:54 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-05-15 12:53 - 2016-04-09 02:54 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-05-15 12:53 - 2016-04-09 02:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-05-15 12:53 - 2016-04-09 02:54 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-05-15 12:53 - 2016-04-09 02:54 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-05-15 12:53 - 2016-04-09 02:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-05-15 12:53 - 2016-04-09 02:54 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-05-15 12:53 - 2016-04-09 02:54 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-05-15 12:53 - 2016-04-09 02:54 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-05-15 12:53 - 2016-04-09 02:54 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-05-15 12:53 - 2016-04-09 02:54 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-05-15 12:53 - 2016-04-09 02:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-05-15 12:53 - 2016-04-09 02:54 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-05-15 12:53 - 2016-04-09 02:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-05-15 12:53 - 2016-04-09 02:54 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-05-15 12:53 - 2016-04-09 02:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-05-15 12:53 - 2016-04-09 02:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-05-15 12:53 - 2016-04-09 02:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-05-15 12:53 - 2016-04-09 02:54 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-05-15 12:53 - 2016-04-09 02:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-15 12:53 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-15 12:53 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-05-15 12:53 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-05-15 12:53 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-15 12:53 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-05-15 12:53 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-15 12:53 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-15 12:53 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-05-15 12:53 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-15 12:53 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-15 12:53 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-05-15 12:53 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-05-15 12:53 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-15 12:53 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-05-15 12:53 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-05-15 12:53 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-05-15 12:53 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-05-15 12:53 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-15 12:53 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-05-15 12:53 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-05-15 12:53 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-05-15 12:53 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-05-15 12:53 - 2016-04-09 01:52 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-05-15 12:53 - 2016-04-09 01:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-05-15 12:53 - 2016-04-09 01:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-05-15 12:53 - 2016-04-09 01:51 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-05-15 12:53 - 2016-04-09 01:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-05-15 12:53 - 2016-04-09 01:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-05-15 12:53 - 2016-04-09 01:44 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-05-15 12:53 - 2016-04-09 01:44 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-05-15 12:53 - 2016-04-09 01:44 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-05-15 12:53 - 2016-04-09 01:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-05-15 12:53 - 2016-04-09 01:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-05-15 12:53 - 2016-04-09 01:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-05-15 12:53 - 2016-04-09 01:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-05-15 12:53 - 2016-04-09 01:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-05-15 12:53 - 2016-04-09 01:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-05-15 12:53 - 2016-04-09 01:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-05-15 12:53 - 2016-04-09 01:37 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-05-15 12:53 - 2016-04-09 01:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-05-15 12:53 - 2016-04-09 01:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-15 12:53 - 2016-04-09 01:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-05-15 12:53 - 2016-04-09 01:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-05-15 12:53 - 2016-04-09 00:20 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2016-05-15 12:53 - 2016-04-08 23:52 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2016-05-13 07:55 - 2016-05-13 07:58 - 01610816 _____ (Malwarebytes) C:\Users\Acer Owner\Desktop\JRT.exe
2016-05-12 21:10 - 2016-05-13 07:09 - 00000000 ____D C:\AdwCleaner
2016-05-12 21:08 - 2016-05-12 21:09 - 03640384 _____ C:\Users\Acer Owner\Desktop\adwcleaner_5.116.exe
2016-05-11 20:43 - 2016-05-23 09:10 - 00000000 ____D C:\FRST
2016-05-11 20:40 - 2016-05-23 09:09 - 02383360 _____ (Farbar) C:\Users\Acer Owner\Desktop\FRST64.exe
2016-05-11 10:23 - 2016-05-11 16:01 - 00000000 ____D C:\Program Files\Intel
2016-05-11 10:12 - 2016-05-11 10:12 - 00000000 ____D C:\ProgramData\Package Cache
2016-05-11 10:11 - 2016-05-11 10:10 - 00398152 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-05-11 10:08 - 2016-05-11 10:08 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-04-23 06:32 - 2016-04-23 06:32 - 00053248 _____ C:\Windows\SysWOW64\zlib.dll
2016-04-23 06:32 - 2016-04-23 06:32 - 00001176 _____ C:\Users\Acer Owner\CryptoPrevent.lnk
2016-04-23 06:32 - 2016-04-23 06:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foolish IT
2016-04-23 06:32 - 2016-04-23 06:32 - 00000000 ____D C:\ProgramData\Foolish IT
2016-04-23 06:32 - 2016-04-23 06:32 - 00000000 ____D C:\Program Files (x86)\Foolish IT

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-23 09:10 - 2009-07-14 00:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-23 09:10 - 2009-07-14 00:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-23 09:03 - 2016-04-22 18:33 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-05-23 09:00 - 2016-01-08 12:30 - 00000354 _____ C:\Windows\Tasks\Acer Registration Data Sending.job
2016-05-23 09:00 - 2016-01-07 09:52 - 00000000 ___RD C:\Users\Acer Owner\Google Drive
2016-05-23 09:00 - 2015-10-05 13:28 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-23 08:59 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-22 11:30 - 2016-01-08 12:30 - 00003368 _____ C:\Windows\System32\Tasks\Acer Registration Data Sending
2016-05-22 10:57 - 2016-01-07 10:18 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-05-22 10:51 - 2015-10-05 13:28 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-22 08:33 - 2015-10-05 13:38 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-05-22 08:29 - 2009-07-14 01:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-22 08:29 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-05-16 07:20 - 2015-10-05 13:38 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-05-16 05:09 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2016-05-16 03:55 - 2009-07-14 00:45 - 00487544 _____ C:\Windows\system32\FNTCACHE.DAT
2016-05-16 03:53 - 2016-04-22 16:53 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-05-16 03:53 - 2016-04-22 16:53 - 00000000 ___SD C:\Windows\system32\GWX
2016-05-16 03:53 - 2015-03-25 19:11 - 00000000 ____D C:\Windows\system32\appraiser
2016-05-16 03:53 - 2009-07-14 03:45 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-16 03:19 - 2015-03-25 18:38 - 00000000 ____D C:\Windows\system32\MRT
2016-05-16 03:01 - 2015-03-25 18:38 - 139319312 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-05-15 17:28 - 2015-10-21 14:37 - 00000000 ____D C:\Users\Acer Owner\AppData\Local\CrashDumps
2016-05-15 15:21 - 2015-10-05 13:28 - 00002159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-14 18:37 - 2016-01-07 09:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-05-13 20:09 - 2016-01-07 10:18 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-05-13 20:07 - 2016-01-07 10:17 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-05-13 20:07 - 2016-01-07 10:17 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-12 20:48 - 2015-03-25 14:56 - 00000000 ____D C:\Users\Acer Owner
2016-05-11 15:58 - 2015-03-25 18:48 - 00000000 ____D C:\Users\Acer Owner\AppData\Roaming\Skype
2016-05-11 12:03 - 2016-04-21 15:38 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-05-11 12:00 - 2015-03-25 18:47 - 00000000 ____D C:\ProgramData\Skype
2016-05-11 11:55 - 2015-05-20 12:55 - 00001163 _____ C:\Users\Acer Owner\Desktop\Mozilla Firefox.lnk
2016-05-11 11:54 - 2016-04-12 06:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-05-11 10:34 - 2016-04-22 18:38 - 00003896 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1461364672
2016-05-11 10:10 - 2016-04-22 18:33 - 00465792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-05-11 10:10 - 2016-04-22 18:33 - 00287528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-05-11 10:10 - 2016-04-22 18:33 - 00166432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-05-11 10:10 - 2016-04-22 18:33 - 00107792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-05-11 10:10 - 2016-04-22 18:33 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-05-11 10:10 - 2016-04-22 18:33 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-05-11 10:10 - 2016-04-22 18:33 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-05-11 10:07 - 2016-04-22 18:33 - 01070904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-05-11 10:06 - 2016-04-22 18:37 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-04-23 06:40 - 2016-04-22 18:34 - 00000000 ____D C:\Program Files\Common Files\AV
2016-04-23 06:29 - 2015-10-05 13:29 - 00000000 ____D C:\Users\Acer Owner\AppData\Local\Adobe

==================== Files in the root of some directories =======

2016-04-02 08:41 - 2016-04-02 08:41 - 0007602 _____ () C:\Users\Acer Owner\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


ATTENTION: ==> Could not access BCD.


LastRegBack: 2016-05-18 07:38

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:22-05-2016 01
Ran by Acer Owner (2016-05-23 09:11:48)
Running from C:\Users\Acer Owner\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2015-03-25 18:56:13)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Acer Owner (S-1-5-21-256707101-2596442264-1035872815-1000 - Administrator - Enabled) => C:\Users\Acer Owner
Administrator (S-1-5-21-256707101-2596442264-1035872815-500 - Administrator - Disabled)
Guest (S-1-5-21-256707101-2596442264-1035872815-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Assist (HKLM-x32\...\Acer Assist) (Version:  - Acer Incorporated)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.05.3002 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3003 - Acer Incorporated)
Acer GridVista (HKLM-x32\...\GridVista) (Version: 3.01.0730 - Acer Inc.)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.02.3004 - Acer Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20041 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.10 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{ACCA82EB-7088-919E-5E1C-100A24F11CCF}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.2.2262 - AVAST Software)
ccc-core-static (x32 Version: 2009.0729.2227.38498 - ATI) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Corel Paint Shop Pro Photo X2 (HKLM-x32\...\{64E72FB1-2343-4977-B4A8-262CD53D0BD3}) (Version: 12.001.0000 - Corel Corporation)
Corel WordPerfect Office - iFilter 64 Bit (HKLM\...\{1B45B85C-99E8-4523-8FB3-0248B3DECFC8}) (Version: 1.01.000 - Corel Corporation)
CryptoPrevent (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version:  - Foolish IT LLC)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - Acro Software Inc.)
CyberLink PowerDVD 8 (HKLM-x32\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.2815m.50 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DirectXInstallService (x32 Version: 9.0.2 - Roxio) Hidden
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version:  - DVD Shrink)
EMCGadgets64 (Version: 1.1.501 - Sonic) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
Google Chrome (HKLM-x32\...\{01EF2457-B546-3A54-8F9A-065EA5221A9C}) (Version: 66.101.32869 - Google, Inc.)
Google Drive (HKLM-x32\...\{D7269C20-B3CE-4CD0-8E88-3D307D3BD41A}) (Version: 1.29.2074.1528 - Google, Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3001 - Acer Incorporated)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{67E03279-F703-408F-B4BF-46B5FC8D70CD}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 46.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 en-US)) (Version: 46.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.2.5941 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyWinLocker (HKLM-x32\...\{68301905-2DEA-41CE-A4D4-E8B443B099BA}) (Version: 3.1.72.0 - Egis Technology Inc.)
NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.627 - NewTech Infosystems)
NTI Backup Now Standard (x32 Version: 5.1.2.627 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6619 - NewTech Infosystems)
NTI Media Maker 8 (x32 Version: 8.0.12.6619 - NewTech Infosystems) Hidden
paint.net (HKLM\...\{DF3A46D9-67B3-44B2-9D01-25C8BA772C8A}) (Version: 4.0.6 - dotPDN LLC)
Paradox (HKLM-x32\...\_{B568643E-076D-48A2-B5C3-7F0144D668D8}) (Version:  - Corel Corporation)
Paradox (x32 Version: 11.4 - Corel Corporation) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.140.248 - Google, Inc.)
PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.2.5024 - CyberLink Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5904 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30102 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.42 - Piriform)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Roxio Creator Premier (HKLM-x32\...\{469EF13B-4AD0-48D7-AF89-6B92278293E2}) (Version: 10.1 - Roxio)
SafeZone Stable 1.48.2066.101 (x32 Version: 1.48.2066.101 - Avast Software) Hidden
Skype™ 7.23 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.23.105 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.2.0 - Synaptics Incorporated)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.00.3005 - Acer Incorporated)
Windows Installer Clean Up (HKLM-x32\...\{121634B0-2F4A-11D3-ADA3-00C04F52DD53}) (Version: 2.05.00.0000 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}) (Version: 14.0.8064.206 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-256707101-2596442264-1035872815-1000_Classes\CLSID\{0C3BA0B1-BC14-4B55-98DC-F1E913C1DA10}\InprocServer32 -> C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\ActiveX64.ocx (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-256707101-2596442264-1035872815-1000_Classes\CLSID\{6FFA7438-3E00-4176-9717-B3BBE2E704AB}\InprocServer32 -> C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\ActiveX64.ocx (TODO: <Company name>)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {003803FB-952D-4488-9EDD-D7AB6203CB15} - System32\Tasks\{A0317D07-F00C-4A9E-B226-EA883032474A} => pcalua.exe -a "C:\Users\Acer Owner\Desktop\jre-8u91-windows-i586-iftw.exe" -d "C:\Users\Acer Owner\Desktop"
Task: {08BEA3DD-51AD-4EF2-B641-7FF78C831407} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {267BD7A8-BFC0-41F8-A059-77B47D4E95DB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-13] (Adobe Systems Incorporated)
Task: {5D4A3ED6-C92C-4DE1-9EF7-484ECCA8DE3F} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\Notification.exe [2009-07-09] (Acer)
Task: {71A834CF-3F8F-4626-A70B-69FDE3010F14} - System32\Tasks\Acer Registration Data Sending => C:\Program Files (x86)\Acer\Registration\GREG.exe [2009-07-31] (Acer Incorporated)
Task: {7E98DD19-668D-47CA-9673-E6152B2F12CD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-05] (Google Inc.)
Task: {87111CE7-0280-4567-BC24-A28BD81178D3} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-04-22] (AVAST Software)
Task: {D18CAA4C-A361-48AC-AF73-BCCFE84E5057} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-05] (Google Inc.)
Task: {F345BD9C-83BF-4D68-A429-50E0C54BE130} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-05-11] (AVAST Software)
Task: {FB51EED6-51F1-4680-95AB-BC67EA980558} - System32\Tasks\SafeZone scheduled Autoupdate 1461364672 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-04-15] (Avast Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Acer Registration Data Sending.job => C:\Program Files (x86)\Acer\Registration\GREG.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-05 13:35 - 2013-10-23 15:24 - 00087600 _____ () C:\Windows\System32\cpwmon64.dll
2007-06-05 13:20 - 2007-06-05 13:20 - 00177704 _____ () C:\Windows\SysWOW64\PSIService.exe
2009-07-07 17:09 - 2009-07-07 17:09 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2015-03-25 14:59 - 2015-03-25 14:59 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2016-05-11 10:08 - 2016-05-11 10:08 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-05-11 10:08 - 2016-05-11 10:08 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-05-22 08:26 - 2016-05-22 08:26 - 02975840 _____ () C:\Program Files\AVAST Software\Avast\defs\16052200\algo.dll
2016-05-11 10:08 - 2016-05-11 10:08 - 00479680 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-05-11 10:08 - 2016-05-11 10:08 - 00309912 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll
2016-05-23 09:03 - 2016-05-23 09:03 - 02975840 _____ () C:\Program Files\AVAST Software\Avast\defs\16052300\algo.dll
2016-05-23 08:59 - 2016-05-23 08:59 - 00098816 ____R () C:\Users\Acer Owner\AppData\Local\Temp\_MEI18082\win32api.pyd
2016-05-23 08:59 - 2016-05-23 08:59 - 00110080 ____R () C:\Users\Acer Owner\AppData\Local\Temp\_MEI18082\pywintypes27.dll
2016-05-23 08:59 - 2016-05-23 08:59 - 00364544 ____R () C:\Users\Acer Owner\AppData\Local\Temp\_MEI18082\pythoncom27.dll
2016-05-23 08:59 - 2016-05-23 08:59 - 00320512 ____R () C:\Users\Acer Owner\AppData\Local\Temp\_MEI18082\win32com.shell.shell.pyd
2016-05-23 08:59 - 2016-05-23 08:59 - 00776704 ____R () C:\Users\Acer Owner\AppData\Local\Temp\_MEI18082\_hashlib.pyd
2016-05-23 09:00 - 2016-05-23 09:00 - 01176576 ____R () C:\Users\Acer Owner\AppData\Local\Temp\_MEI18082\wx._core_.pyd
2016-05-23 09:00 - 2016-05-23 09:00 - 00806400 ____R () C:\Users\Acer Owner\AppData\Local\Temp\_MEI18082\wx._gdi_.pyd
2016-05-23 09:00 - 2016-05-23 09:00 - 00816128 ____R () C:\Users\Acer Owner\AppData\Local\Temp\_MEI18082\wx._windows_.pyd
2016-05-23 09:00 - 2016-05-23 09:00 - 01067008 ____R () C:\Users\Acer Owner\AppData\Local\Temp\_MEI18082\wx._controls_.pyd
2016-05-23 09:00 - 2016-05-23 09:00 - 00733184 ____R () C:\Users\Acer Owner\AppData\Local\Temp\_MEI18082\wx._misc_.pyd
2016-05-23 08:59 - 2016-05-23 08:59 - 00682496 ____R () C:\Users\Acer Owner\AppData\Local\Temp\_MEI18082\pysqlite2._sqlite.pyd
2016-05-23 08:59 - 2016-05-23 08:59 - 00088064 ____R () C:\Users\Acer Owner\AppData\Local\Temp\_MEI18082\_ctypes.pyd
2016-05-23 08:59 - 2016-05-23 08:59 - 00119808 ____R () C:\Users\Acer Owner\AppData\Local\Temp\_MEI18082\win32file.pyd
2016-05-23 08:59 - 2016-05-23 08:59 - 00108544 ____R () C:\Users\Acer Owner\AppData\Local\Temp\_MEI18082\win32security.pyd
2016-05-23 08:59 - 2016-05-23 08:59 - 00007168 ____R () C:\Users\Acer Owner\AppData\Local\Temp\_MEI18082\hashobjs_ext.pyd
2016-05-23 08:59 - 2016-05-23 08:59 - 00017920 ____R () C:\Users\Acer Owner\AppData\Local\Temp\_MEI18082\thumbnails_ext.pyd
2016-05-23 08:59 - 2016-05-23 08:59 - 00088064 ____R () C:\Users\Acer Owner\AppData\Local\Temp\_MEI18082\usb_ext.pyd
2016-05-23 08:59 - 2016-05-23 08:59 - 00167936 ____R () C:\Users\Acer Owner\AppData\Local\Temp\_MEI18082\win32gui.pyd
2016-05-23 08:59 - 2016-05-23 08:59 - 00018432 ____R () C:\Users\Acer Owner\AppData\Local\Temp\_MEI18082\win32event.pyd
2016-05-23 08:59 - 2016-05-23 08:59 - 00046080 ____R () C:\Users\Acer Owner\AppData\Local\Temp\_MEI18082\_socket.pyd
2016-05-23 08:59 - 2016-05-23 08:59 - 01208320 ____R () C:\Users\Acer Owner\AppData\Local\Temp\_MEI18082\_ssl.pyd
2016-05-23 08:59 - 2016-05-23 08:59 - 00128512 ____R () C:\Users\Acer Owner\AppData\Local\Temp\_MEI18082\_elementtree.pyd
2016-05-23 08:59 - 2016-05-23 08:59 - 00127488 ____R () C:\Users\Acer Owner\AppData\Local\Temp\_MEI18082\pyexpat.pyd
2016-05-23 08:59 - 2016-05-23 08:59 - 00012288 ____R () C:\Users\Acer Owner\AppData\Local\Temp\_MEI18082\common.time34.pyd
2016-05-23 08:59 - 2016-05-23 08:59 - 00038912 ____R () C:\Users\Acer Owner\AppData\Local\Temp\_MEI18082\win32inet.pyd
2016-05-23 08:59 - 2016-05-23 08:59 - 00036864 ____R () C:\Users\Acer Owner\AppData\Local\Temp\_MEI18082\_psutil_windows.pyd
2016-05-23 08:59 - 2016-05-23 08:59 - 00525208 ____R () C:\Users\Acer Owner\AppData\Local\Temp\_MEI18082\windows._lib_cacheinvalidation.pyd
2016-05-23 08:59 - 2016-05-23 08:59 - 00011264 ____R () C:\Users\Acer Owner\AppData\Local\Temp\_MEI18082\win32crypt.pyd
2016-05-23 09:00 - 2016-05-23 09:00 - 00077312 ____R () C:\Users\Acer Owner\AppData\Local\Temp\_MEI18082\wx._html2.pyd
2016-05-23 08:59 - 2016-05-23 08:59 - 00027136 ____R () C:\Users\Acer Owner\AppData\Local\Temp\_MEI18082\_multiprocessing.pyd
2016-05-23 08:59 - 2016-05-23 08:59 - 00020480 ____R () C:\Users\Acer Owner\AppData\Local\Temp\_MEI18082\_yappi.pyd
2016-05-23 08:59 - 2016-05-23 08:59 - 00035840 ____R () C:\Users\Acer Owner\AppData\Local\Temp\_MEI18082\win32process.pyd
2016-05-23 08:59 - 2016-05-23 08:59 - 00686080 ____R () C:\Users\Acer Owner\AppData\Local\Temp\_MEI18082\unicodedata.pyd
2016-05-23 09:00 - 2016-05-23 09:00 - 00078848 ____R () C:\Users\Acer Owner\AppData\Local\Temp\_MEI18082\wx._animate.pyd
2016-05-23 09:00 - 2016-05-23 09:00 - 00123392 ____R () C:\Users\Acer Owner\AppData\Local\Temp\_MEI18082\wx._wizard.pyd
2016-05-23 08:59 - 2016-05-23 08:59 - 00024064 ____R () C:\Users\Acer Owner\AppData\Local\Temp\_MEI18082\win32pipe.pyd
2016-05-23 08:59 - 2016-05-23 08:59 - 00010240 ____R () C:\Users\Acer Owner\AppData\Local\Temp\_MEI18082\select.pyd
2016-05-23 08:59 - 2016-05-23 08:59 - 00025600 ____R () C:\Users\Acer Owner\AppData\Local\Temp\_MEI18082\win32pdh.pyd
2016-05-23 08:59 - 2016-05-23 08:59 - 00017408 ____R () C:\Users\Acer Owner\AppData\Local\Temp\_MEI18082\win32profile.pyd
2016-05-23 08:59 - 2016-05-23 08:59 - 00022528 ____R () C:\Users\Acer Owner\AppData\Local\Temp\_MEI18082\win32ts.pyd
2016-04-22 18:33 - 2016-04-22 18:33 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-05-13 20:07 - 2016-05-13 20:07 - 19427520 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKLM\...\.scr: CryptoPreventSCR => "C:\Program Files (x86)\Foolish IT\CryptoPrevent\CryptoPreventFilterMod.CryptoPreventEXEC" "%1" /S %* <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2016-01-07 10:29 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-256707101-2596442264-1035872815-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Acer Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{77EA6C8F-5739-48FF-B14B-58F7E0DF9DCA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C2CC16AD-4EA2-4862-849C-5F968A6D4631}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B46768F3-DB4E-45FF-9013-098BE94FBFA3}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{E2D3D435-0A25-47F5-BCB3-2AEC9EBA0C67}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

18-05-2016 10:27:33 Scheduled Checkpoint
22-05-2016 08:29:41 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/16/2016 03:57:19 AM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "System, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies .  The error returned was Error: The specified assembly is not installed.
.

Error: (05/16/2016 03:24:26 AM) (Source: MsiInstaller) (EventID: 11704) (User: NT AUTHORITY)
Description: Product: Microsoft Office Enterprise 2007 -- Error 1704.An installation for Microsoft .NET Framework 4.6.1 is currently suspended.  You must undo the changes made by that installation to continue.  Do you want to undo those changes?

Error: (05/15/2016 05:27:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.19135, time stamp: 0x56a1bbe2
Faulting module name: wucltux.dll, version: 7.6.7601.19161, time stamp: 0x56be29ef
Exception code: 0xc0000005
Fault offset: 0x000000000007abc4
Faulting process id: 0x5ac
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (05/14/2016 06:57:45 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {6d88f9d5-b5fb-41b8-98f4-dfb1ba695ca7}

Error: (05/13/2016 07:31:58 AM) (Source: ESENT) (EventID: 439) (User: )
Description: Windows (3960) Windows: Unable to write a shadowed header for file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk. Error -1032.

Error: (05/13/2016 07:31:58 AM) (Source: ESENT) (EventID: 490) (User: )
Description: Windows (3960) Windows: An attempt to open the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (05/12/2016 08:43:09 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {11dcc20f-05a9-48e7-988c-1f9543a6be8e}

Error: (05/12/2016 09:17:28 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 9.5.2016.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 13ac

Start Time: 01d1abe732f541bc

Termination Time: 74

Application Path: C:\Users\Acer Owner\Desktop\FRST64.exe

Report Id:

Error: (05/11/2016 10:33:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Mcafee.TrueKey.InstallerService.exe, version: 3.9.142.0, time stamp: 0x5702e1f0
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x002c7366
Faulting process id: 0x51c
Faulting application start time: 0xMcafee.TrueKey.InstallerService.exe0
Faulting application path: Mcafee.TrueKey.InstallerService.exe1
Faulting module path: Mcafee.TrueKey.InstallerService.exe2
Report Id: Mcafee.TrueKey.InstallerService.exe3

Error: (05/11/2016 10:33:34 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Mcafee.TrueKey.InstallerService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
   at Mcafee.TrueKey.InstallerService.InstallerSvc.OnStop()
   at System.ServiceProcess.ServiceBase.DeferredStop()
   at Mcafee.TrueKey.InstallerService.InstallerSvc.RemoveTrueKeyInstaller()
   at Mcafee.TrueKey.InstallerService.InstallerSvc.AutoResetMethod()
   at System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ThreadHelper.ThreadStart()


System errors:
=============
Error: (05/23/2016 09:01:14 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 10 service to connect.

Error: (05/23/2016 08:59:41 AM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (05/23/2016 08:59:41 AM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (05/22/2016 08:19:20 AM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (05/22/2016 08:19:20 AM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (05/18/2016 09:47:56 AM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (05/18/2016 09:47:56 AM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (05/18/2016 09:48:00 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:45:57 AM on ‎5/‎18/‎2016 was unexpected.

Error: (05/18/2016 09:45:07 AM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (05/18/2016 09:45:07 AM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter


==================== Memory info ===========================

Processor: AMD Athlon™ Processor TF-20
Percentage of memory in use: 39%
Total physical RAM: 3836.05 MB
Available physical RAM: 2304.1 MB
Total Virtual: 7670.29 MB
Available Virtual: 5792.64 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:136.95 GB) (Free:45.05 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: A79E6F45)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=102 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=136.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


  • 0

#33
zep516
Posted 24 May 2016 - 01:31 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts
Hello,

I see signs of Combofix, lets remove it.

Uninstall Combofix
  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and paste the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.

    Let me know when that is done.

  • 0

#34
John Aukerman
Posted 25 May 2016 - 03:57 AM

John Aukerman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 284 posts

ComboFix /Uninstall  is done


  • 0

#35
zep516
Posted 25 May 2016 - 06:57 AM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts
The following procedures will implement some cleanup procedures to remove these tools we used. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).


Why we need to remove some of our tools:
Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight. They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.



Download DelFix by Xplode and save it to your desktop.
  • Run the tool by right click on the 51a5ce45263de-delfix.png icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run.
  • The program will run for a few seconds and display a notepad report.
    Paste it for my review.

  • 0

#36
John Aukerman
Posted 25 May 2016 - 10:02 AM

John Aukerman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 284 posts

# DelFix v1.013 - Logfile created 25/05/2016 at 11:58:50
# Updated 17/04/2016 by Xplode
# Username : Acer Owner - ASPIRE-5517
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\32788R22FWJFW
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Acer Owner\Desktop\FRST-OlderVersion
Deleted : C:\Users\Acer Owner\Desktop\adwcleaner_5.116.exe
Deleted : C:\Users\Acer Owner\Desktop\FRST64.exe
Deleted : C:\Users\Acer Owner\Desktop\JRT.exe
Deleted : HKLM\SOFTWARE\Swearware

~ Cleaning system restore ...

Deleted : RP #95 [Scheduled Checkpoint | 05/18/2016 14:27:33]
Deleted : RP #96 [Windows Update | 05/22/2016 12:29:41]
Deleted : RP #97 [ComboFix created restore point | 05/25/2016 09:57:20]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########
 


  • 0

#37
zep516
Posted 25 May 2016 - 06:45 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts
Sorry for slow replies, I have neck an shoulder pain as a direct result from being on the computer.

Download Security Check by screen317 from http://www.geekstogo...d/securitycheck
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.
  • 0

#38
John Aukerman
Posted 26 May 2016 - 04:37 AM

John Aukerman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 284 posts

I clicked the link twice, and each time got a screen that says Sorry we couldn't find that!


  • 0

#39
zep516
Posted 26 May 2016 - 06:11 AM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts
Funny link is ok for me. Try this one

http://www.bleepingc.../securitycheck/
  • 0

#40
John Aukerman
Posted 26 May 2016 - 04:02 PM

John Aukerman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 284 posts

  Results of screen317's Security Check version 1.014 --- 12/23/15  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Flash Player 21.0.0.242  
 Mozilla Firefox (46.0.1)
 Google Chrome (49.0.2623.112)
 Google Chrome (50.0.2661.102)
 Google Chrome (SetupMetrics.pma..)
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast avastui.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````
 


  • 0

Advertisements

#41
zep516
Posted 26 May 2016 - 04:27 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts
avast! Antivirus
Antivirus up to date! (On Access scanning disabled!)

Can you re-in able-> On access scanning for Avast, everything else seems fine.
  • 0

#42
John Aukerman
Posted 27 May 2016 - 04:25 AM

John Aukerman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 284 posts

Avast says all scanning is active. I can't find "On Access Scanning" in the controls.


  • 0

#43
John Aukerman
Posted 27 May 2016 - 04:29 AM

John Aukerman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 284 posts

It's running slow again. Task manager is showing high CPU usage, with only Mozilla Firefox running. It fluctuates between 53% and 100%.


  • 0

#44
zep516
Posted 27 May 2016 - 06:36 AM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts
  • Open an elevated command prompt by right clicking on the command prompt and choosing Run as administrator.
  • In the elevated command prompt, type sfc /scannow and press Enter. Please note the space between sfc /
  • This may take a little bit of time to finish so your patience will be needed.
  • When the scan is complete, open another elevated command prompt and copy and paste the following command, then press Enter.

    findstr /c:"[SR]" %windir%\Logs\CBS\CBS.log >"%userprofile%\Desktop\sfcdetails.txt"

    This will place a sfcdetails.txt file on your desktop with only the SFC scan result details from the CBS.LOG in it.
    Please copy and paste the results in your next reply.

  • 0

#45
John Aukerman
Posted 27 May 2016 - 08:30 AM

John Aukerman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 284 posts

2016-05-27 09:04:37, Info                  CSI    00000009 [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:04:37, Info                  CSI    0000000a [SR] Beginning Verify and Repair transaction
2016-05-27 09:04:40, Info                  CSI    0000000c [SR] Verify complete
2016-05-27 09:04:41, Info                  CSI    0000000d [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:04:41, Info                  CSI    0000000e [SR] Beginning Verify and Repair transaction
2016-05-27 09:04:44, Info                  CSI    00000010 [SR] Verify complete
2016-05-27 09:04:46, Info                  CSI    00000011 [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:04:46, Info                  CSI    00000012 [SR] Beginning Verify and Repair transaction
2016-05-27 09:04:48, Info                  CSI    00000014 [SR] Verify complete
2016-05-27 09:04:50, Info                  CSI    00000015 [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:04:50, Info                  CSI    00000016 [SR] Beginning Verify and Repair transaction
2016-05-27 09:04:52, Info                  CSI    00000018 [SR] Verify complete
2016-05-27 09:04:53, Info                  CSI    00000019 [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:04:53, Info                  CSI    0000001a [SR] Beginning Verify and Repair transaction
2016-05-27 09:04:56, Info                  CSI    0000001c [SR] Verify complete
2016-05-27 09:04:57, Info                  CSI    0000001d [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:04:57, Info                  CSI    0000001e [SR] Beginning Verify and Repair transaction
2016-05-27 09:05:00, Info                  CSI    00000020 [SR] Verify complete
2016-05-27 09:05:01, Info                  CSI    00000021 [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:05:01, Info                  CSI    00000022 [SR] Beginning Verify and Repair transaction
2016-05-27 09:05:03, Info                  CSI    00000024 [SR] Verify complete
2016-05-27 09:05:04, Info                  CSI    00000025 [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:05:04, Info                  CSI    00000026 [SR] Beginning Verify and Repair transaction
2016-05-27 09:05:07, Info                  CSI    00000028 [SR] Verify complete
2016-05-27 09:05:08, Info                  CSI    00000029 [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:05:08, Info                  CSI    0000002a [SR] Beginning Verify and Repair transaction
2016-05-27 09:05:11, Info                  CSI    0000002c [SR] Verify complete
2016-05-27 09:05:12, Info                  CSI    0000002d [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:05:12, Info                  CSI    0000002e [SR] Beginning Verify and Repair transaction
2016-05-27 09:05:14, Info                  CSI    00000030 [SR] Verify complete
2016-05-27 09:05:16, Info                  CSI    00000031 [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:05:16, Info                  CSI    00000032 [SR] Beginning Verify and Repair transaction
2016-05-27 09:05:18, Info                  CSI    00000034 [SR] Verify complete
2016-05-27 09:05:19, Info                  CSI    00000035 [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:05:19, Info                  CSI    00000036 [SR] Beginning Verify and Repair transaction
2016-05-27 09:05:21, Info                  CSI    00000038 [SR] Verify complete
2016-05-27 09:05:22, Info                  CSI    00000039 [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:05:22, Info                  CSI    0000003a [SR] Beginning Verify and Repair transaction
2016-05-27 09:05:26, Info                  CSI    0000003c [SR] Verify complete
2016-05-27 09:05:27, Info                  CSI    0000003d [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:05:27, Info                  CSI    0000003e [SR] Beginning Verify and Repair transaction
2016-05-27 09:05:31, Info                  CSI    00000040 [SR] Verify complete
2016-05-27 09:05:32, Info                  CSI    00000041 [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:05:32, Info                  CSI    00000042 [SR] Beginning Verify and Repair transaction
2016-05-27 09:05:35, Info                  CSI    00000044 [SR] Verify complete
2016-05-27 09:05:36, Info                  CSI    00000045 [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:05:36, Info                  CSI    00000046 [SR] Beginning Verify and Repair transaction
2016-05-27 09:05:39, Info                  CSI    00000048 [SR] Verify complete
2016-05-27 09:05:40, Info                  CSI    00000049 [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:05:40, Info                  CSI    0000004a [SR] Beginning Verify and Repair transaction
2016-05-27 09:05:43, Info                  CSI    0000004c [SR] Verify complete
2016-05-27 09:05:44, Info                  CSI    0000004d [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:05:44, Info                  CSI    0000004e [SR] Beginning Verify and Repair transaction
2016-05-27 09:05:47, Info                  CSI    00000050 [SR] Verify complete
2016-05-27 09:05:48, Info                  CSI    00000051 [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:05:48, Info                  CSI    00000052 [SR] Beginning Verify and Repair transaction
2016-05-27 09:05:51, Info                  CSI    00000054 [SR] Verify complete
2016-05-27 09:05:52, Info                  CSI    00000055 [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:05:52, Info                  CSI    00000056 [SR] Beginning Verify and Repair transaction
2016-05-27 09:05:54, Info                  CSI    00000058 [SR] Verify complete
2016-05-27 09:05:55, Info                  CSI    00000059 [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:05:55, Info                  CSI    0000005a [SR] Beginning Verify and Repair transaction
2016-05-27 09:06:00, Info                  CSI    0000005c [SR] Verify complete
2016-05-27 09:06:01, Info                  CSI    0000005d [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:06:01, Info                  CSI    0000005e [SR] Beginning Verify and Repair transaction
2016-05-27 09:06:06, Info                  CSI    00000060 [SR] Verify complete
2016-05-27 09:06:07, Info                  CSI    00000061 [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:06:07, Info                  CSI    00000062 [SR] Beginning Verify and Repair transaction
2016-05-27 09:06:10, Info                  CSI    00000064 [SR] Verify complete
2016-05-27 09:06:11, Info                  CSI    00000065 [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:06:11, Info                  CSI    00000066 [SR] Beginning Verify and Repair transaction
2016-05-27 09:06:17, Info                  CSI    00000068 [SR] Verify complete
2016-05-27 09:06:18, Info                  CSI    00000069 [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:06:18, Info                  CSI    0000006a [SR] Beginning Verify and Repair transaction
2016-05-27 09:06:26, Info                  CSI    0000006c [SR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:18{9}]"aeinv.mof" from store
2016-05-27 09:06:28, Info                  CSI    0000006e [SR] Verify complete
2016-05-27 09:06:29, Info                  CSI    0000006f [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:06:29, Info                  CSI    00000070 [SR] Beginning Verify and Repair transaction
2016-05-27 09:06:36, Info                  CSI    00000075 [SR] Verify complete
2016-05-27 09:06:36, Info                  CSI    00000076 [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:06:36, Info                  CSI    00000077 [SR] Beginning Verify and Repair transaction
2016-05-27 09:06:43, Info                  CSI    0000007a [SR] Verify complete
2016-05-27 09:06:44, Info                  CSI    0000007b [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:06:44, Info                  CSI    0000007c [SR] Beginning Verify and Repair transaction
2016-05-27 09:06:51, Info                  CSI    0000007e [SR] Verify complete
2016-05-27 09:06:52, Info                  CSI    0000007f [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:06:52, Info                  CSI    00000080 [SR] Beginning Verify and Repair transaction
2016-05-27 09:07:04, Info                  CSI    000000a2 [SR] Verify complete
2016-05-27 09:07:05, Info                  CSI    000000a3 [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:07:05, Info                  CSI    000000a4 [SR] Beginning Verify and Repair transaction
2016-05-27 09:07:12, Info                  CSI    000000a9 [SR] Verify complete
2016-05-27 09:07:13, Info                  CSI    000000aa [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:07:13, Info                  CSI    000000ab [SR] Beginning Verify and Repair transaction
2016-05-27 09:07:22, Info                  CSI    000000ad [SR] Verify complete
2016-05-27 09:07:23, Info                  CSI    000000ae [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:07:23, Info                  CSI    000000af [SR] Beginning Verify and Repair transaction
2016-05-27 09:07:29, Info                  CSI    000000b1 [SR] Verify complete
2016-05-27 09:07:30, Info                  CSI    000000b2 [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:07:30, Info                  CSI    000000b3 [SR] Beginning Verify and Repair transaction
2016-05-27 09:07:38, Info                  CSI    000000b5 [SR] Verify complete
2016-05-27 09:07:38, Info                  CSI    000000b6 [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:07:38, Info                  CSI    000000b7 [SR] Beginning Verify and Repair transaction
2016-05-27 09:07:45, Info                  CSI    000000b9 [SR] Verify complete
2016-05-27 09:07:46, Info                  CSI    000000ba [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:07:46, Info                  CSI    000000bb [SR] Beginning Verify and Repair transaction
2016-05-27 09:07:54, Info                  CSI    000000bd [SR] Verify complete
2016-05-27 09:07:55, Info                  CSI    000000be [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:07:55, Info                  CSI    000000bf [SR] Beginning Verify and Repair transaction
2016-05-27 09:08:07, Info                  CSI    000000e2 [SR] Verify complete
2016-05-27 09:08:08, Info                  CSI    000000e3 [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:08:08, Info                  CSI    000000e4 [SR] Beginning Verify and Repair transaction
2016-05-27 09:08:18, Info                  CSI    000000e6 [SR] Verify complete
2016-05-27 09:08:19, Info                  CSI    000000e7 [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:08:19, Info                  CSI    000000e8 [SR] Beginning Verify and Repair transaction
2016-05-27 09:08:37, Info                  CSI    000000ea [SR] Verify complete
2016-05-27 09:08:38, Info                  CSI    000000eb [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:08:38, Info                  CSI    000000ec [SR] Beginning Verify and Repair transaction
2016-05-27 09:08:47, Info                  CSI    000000f0 [SR] Verify complete
2016-05-27 09:08:48, Info                  CSI    000000f1 [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:08:48, Info                  CSI    000000f2 [SR] Beginning Verify and Repair transaction
2016-05-27 09:08:50, Info                  CSI    000000f4 [SR] Verify complete
2016-05-27 09:08:51, Info                  CSI    000000f5 [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:08:51, Info                  CSI    000000f6 [SR] Beginning Verify and Repair transaction
2016-05-27 09:08:53, Info                  CSI    000000f8 [SR] Verify complete
2016-05-27 09:08:54, Info                  CSI    000000f9 [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:08:54, Info                  CSI    000000fa [SR] Beginning Verify and Repair transaction
2016-05-27 09:09:03, Info                  CSI    000000ff [SR] Verify complete
2016-05-27 09:09:04, Info                  CSI    00000100 [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:09:04, Info                  CSI    00000101 [SR] Beginning Verify and Repair transaction
2016-05-27 09:09:12, Info                  CSI    00000111 [SR] Verify complete
2016-05-27 09:09:12, Info                  CSI    00000112 [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:09:12, Info                  CSI    00000113 [SR] Beginning Verify and Repair transaction
2016-05-27 09:09:16, Info                  CSI    00000115 [SR] Verify complete
2016-05-27 09:09:16, Info                  CSI    00000116 [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:09:16, Info                  CSI    00000117 [SR] Beginning Verify and Repair transaction
2016-05-27 09:09:21, Info                  CSI    00000119 [SR] Verify complete
2016-05-27 09:09:22, Info                  CSI    0000011a [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:09:22, Info                  CSI    0000011b [SR] Beginning Verify and Repair transaction
2016-05-27 09:09:26, Info                  CSI    0000011d [SR] Verify complete
2016-05-27 09:09:27, Info                  CSI    0000011e [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:09:27, Info                  CSI    0000011f [SR] Beginning Verify and Repair transaction
2016-05-27 09:09:38, Info                  CSI    00000122 [SR] Verify complete
2016-05-27 09:09:38, Info                  CSI    00000123 [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:09:38, Info                  CSI    00000124 [SR] Beginning Verify and Repair transaction
2016-05-27 09:09:49, Info                  CSI    00000127 [SR] Verify complete
2016-05-27 09:09:49, Info                  CSI    00000128 [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:09:49, Info                  CSI    00000129 [SR] Beginning Verify and Repair transaction
2016-05-27 09:09:53, Info                  CSI    0000012b [SR] Verify complete
2016-05-27 09:09:53, Info                  CSI    0000012c [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:09:53, Info                  CSI    0000012d [SR] Beginning Verify and Repair transaction
2016-05-27 09:09:56, Info                  CSI    0000012f [SR] Verify complete
2016-05-27 09:09:57, Info                  CSI    00000130 [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:09:57, Info                  CSI    00000131 [SR] Beginning Verify and Repair transaction
2016-05-27 09:10:08, Info                  CSI    00000133 [SR] Verify complete
2016-05-27 09:10:09, Info                  CSI    00000134 [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:10:09, Info                  CSI    00000135 [SR] Beginning Verify and Repair transaction
2016-05-27 09:10:18, Info                  CSI    00000137 [SR] Verify complete
2016-05-27 09:10:18, Info                  CSI    00000138 [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:10:18, Info                  CSI    00000139 [SR] Beginning Verify and Repair transaction
2016-05-27 09:10:29, Info                  CSI    0000013b [SR] Verify complete
2016-05-27 09:10:30, Info                  CSI    0000013c [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:10:30, Info                  CSI    0000013d [SR] Beginning Verify and Repair transaction
2016-05-27 09:10:45, Info                  CSI    00000155 [SR] Verify complete
2016-05-27 09:10:46, Info                  CSI    00000156 [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:10:46, Info                  CSI    00000157 [SR] Beginning Verify and Repair transaction
2016-05-27 09:10:54, Info                  CSI    00000159 [SR] Verify complete
2016-05-27 09:10:55, Info                  CSI    0000015a [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:10:55, Info                  CSI    0000015b [SR] Beginning Verify and Repair transaction
2016-05-27 09:11:16, Info                  CSI    0000015d [SR] Verify complete
2016-05-27 09:11:16, Info                  CSI    0000015e [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:11:16, Info                  CSI    0000015f [SR] Beginning Verify and Repair transaction
2016-05-27 09:11:30, Info                  CSI    00000162 [SR] Verify complete
2016-05-27 09:11:32, Info                  CSI    00000163 [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:11:32, Info                  CSI    00000164 [SR] Beginning Verify and Repair transaction
2016-05-27 09:11:41, Info                  CSI    00000166 [SR] Verify complete
2016-05-27 09:11:41, Info                  CSI    00000167 [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:11:41, Info                  CSI    00000168 [SR] Beginning Verify and Repair transaction
2016-05-27 09:11:51, Info                  CSI    0000016a [SR] Verify complete
2016-05-27 09:11:53, Info                  CSI    0000016b [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:11:53, Info                  CSI    0000016c [SR] Beginning Verify and Repair transaction
2016-05-27 09:12:01, Info                  CSI    0000016e [SR] Verify complete
2016-05-27 09:12:02, Info                  CSI    0000016f [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:12:02, Info                  CSI    00000170 [SR] Beginning Verify and Repair transaction
2016-05-27 09:12:07, Info                  CSI    00000172 [SR] Verify complete
2016-05-27 09:12:08, Info                  CSI    00000173 [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:12:08, Info                  CSI    00000174 [SR] Beginning Verify and Repair transaction
2016-05-27 09:12:15, Info                  CSI    00000178 [SR] Verify complete
2016-05-27 09:12:15, Info                  CSI    00000179 [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:12:15, Info                  CSI    0000017a [SR] Beginning Verify and Repair transaction
2016-05-27 09:12:35, Info                  CSI    0000017c [SR] Verify complete
2016-05-27 09:12:36, Info                  CSI    0000017d [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:12:36, Info                  CSI    0000017e [SR] Beginning Verify and Repair transaction
2016-05-27 09:12:47, Info                  CSI    00000181 [SR] Verify complete
2016-05-27 09:12:48, Info                  CSI    00000182 [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:12:48, Info                  CSI    00000183 [SR] Beginning Verify and Repair transaction
2016-05-27 09:12:54, Info                  CSI    00000185 [SR] Verify complete
2016-05-27 09:12:55, Info                  CSI    00000186 [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:12:55, Info                  CSI    00000187 [SR] Beginning Verify and Repair transaction
2016-05-27 09:13:03, Info                  CSI    0000018a [SR] Verify complete
2016-05-27 09:13:04, Info                  CSI    0000018b [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:13:04, Info                  CSI    0000018c [SR] Beginning Verify and Repair transaction
2016-05-27 09:13:22, Info                  CSI    0000018f [SR] Verify complete
2016-05-27 09:13:22, Info                  CSI    00000190 [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:13:22, Info                  CSI    00000191 [SR] Beginning Verify and Repair transaction
2016-05-27 09:13:30, Info                  CSI    00000193 [SR] Verify complete
2016-05-27 09:13:30, Info                  CSI    00000194 [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:13:30, Info                  CSI    00000195 [SR] Beginning Verify and Repair transaction
2016-05-27 09:13:37, Info                  CSI    00000197 [SR] Verify complete
2016-05-27 09:13:38, Info                  CSI    00000198 [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:13:38, Info                  CSI    00000199 [SR] Beginning Verify and Repair transaction
2016-05-27 09:13:45, Info                  CSI    0000019b [SR] Verify complete
2016-05-27 09:13:45, Info                  CSI    0000019c [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:13:45, Info                  CSI    0000019d [SR] Beginning Verify and Repair transaction
2016-05-27 09:13:56, Info                  CSI    000001a0 [SR] Verify complete
2016-05-27 09:13:56, Info                  CSI    000001a1 [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:13:56, Info                  CSI    000001a2 [SR] Beginning Verify and Repair transaction
2016-05-27 09:14:03, Info                  CSI    000001a5 [SR] Verify complete
2016-05-27 09:14:03, Info                  CSI    000001a6 [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:14:03, Info                  CSI    000001a7 [SR] Beginning Verify and Repair transaction
2016-05-27 09:14:09, Info                  CSI    000001a9 [SR] Verify complete
2016-05-27 09:14:10, Info                  CSI    000001aa [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:14:10, Info                  CSI    000001ab [SR] Beginning Verify and Repair transaction
2016-05-27 09:14:18, Info                  CSI    000001ae [SR] Verify complete
2016-05-27 09:14:19, Info                  CSI    000001af [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:14:19, Info                  CSI    000001b0 [SR] Beginning Verify and Repair transaction
2016-05-27 09:14:28, Info                  CSI    000001b4 [SR] Verify complete
2016-05-27 09:14:29, Info                  CSI    000001b5 [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:14:29, Info                  CSI    000001b6 [SR] Beginning Verify and Repair transaction
2016-05-27 09:14:38, Info                  CSI    000001b8 [SR] Verify complete
2016-05-27 09:14:39, Info                  CSI    000001b9 [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:14:39, Info                  CSI    000001ba [SR] Beginning Verify and Repair transaction
2016-05-27 09:14:48, Info                  CSI    000001bd [SR] Verify complete
2016-05-27 09:14:49, Info                  CSI    000001be [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:14:49, Info                  CSI    000001bf [SR] Beginning Verify and Repair transaction
2016-05-27 09:14:59, Info                  CSI    000001c1 [SR] Verify complete
2016-05-27 09:15:00, Info                  CSI    000001c2 [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:15:00, Info                  CSI    000001c3 [SR] Beginning Verify and Repair transaction
2016-05-27 09:15:04, Info                  CSI    000001c5 [SR] Verify complete
2016-05-27 09:15:04, Info                  CSI    000001c6 [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:15:04, Info                  CSI    000001c7 [SR] Beginning Verify and Repair transaction
2016-05-27 09:15:14, Info                  CSI    000001c9 [SR] Verify complete
2016-05-27 09:15:15, Info                  CSI    000001ca [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:15:15, Info                  CSI    000001cb [SR] Beginning Verify and Repair transaction
2016-05-27 09:15:21, Info                  CSI    000001cd [SR] Verify complete
2016-05-27 09:15:22, Info                  CSI    000001ce [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:15:22, Info                  CSI    000001cf [SR] Beginning Verify and Repair transaction
2016-05-27 09:15:31, Info                  CSI    000001d1 [SR] Verify complete
2016-05-27 09:15:32, Info                  CSI    000001d2 [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:15:32, Info                  CSI    000001d3 [SR] Beginning Verify and Repair transaction
2016-05-27 09:15:38, Info                  CSI    000001d5 [SR] Verify complete
2016-05-27 09:15:39, Info                  CSI    000001d6 [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:15:39, Info                  CSI    000001d7 [SR] Beginning Verify and Repair transaction
2016-05-27 09:15:44, Info                  CSI    000001d9 [SR] Verify complete
2016-05-27 09:15:44, Info                  CSI    000001da [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:15:44, Info                  CSI    000001db [SR] Beginning Verify and Repair transaction
2016-05-27 09:16:01, Info                  CSI    000001dd [SR] Verify complete
2016-05-27 09:16:02, Info                  CSI    000001de [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:16:02, Info                  CSI    000001df [SR] Beginning Verify and Repair transaction
2016-05-27 09:16:35, Info                  CSI    000001e1 [SR] Verify complete
2016-05-27 09:16:36, Info                  CSI    000001e2 [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:16:36, Info                  CSI    000001e3 [SR] Beginning Verify and Repair transaction
2016-05-27 09:16:45, Info                  CSI    000001e5 [SR] Verify complete
2016-05-27 09:16:46, Info                  CSI    000001e6 [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:16:46, Info                  CSI    000001e7 [SR] Beginning Verify and Repair transaction
2016-05-27 09:16:56, Info                  CSI    000001e9 [SR] Verify complete
2016-05-27 09:16:56, Info                  CSI    000001ea [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:16:56, Info                  CSI    000001eb [SR] Beginning Verify and Repair transaction
2016-05-27 09:16:59, Info                  CSI    000001ed [SR] Verify complete
2016-05-27 09:16:59, Info                  CSI    000001ee [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:16:59, Info                  CSI    000001ef [SR] Beginning Verify and Repair transaction
2016-05-27 09:17:06, Info                  CSI    000001f1 [SR] Verify complete
2016-05-27 09:17:07, Info                  CSI    000001f2 [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:17:07, Info                  CSI    000001f3 [SR] Beginning Verify and Repair transaction
2016-05-27 09:17:13, Info                  CSI    000001f5 [SR] Verify complete
2016-05-27 09:17:13, Info                  CSI    000001f6 [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:17:13, Info                  CSI    000001f7 [SR] Beginning Verify and Repair transaction
2016-05-27 09:17:18, Info                  CSI    000001f9 [SR] Verify complete
2016-05-27 09:17:19, Info                  CSI    000001fa [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:17:19, Info                  CSI    000001fb [SR] Beginning Verify and Repair transaction
2016-05-27 09:17:20, Info                  CSI    000001fd [SR] Verify complete
2016-05-27 09:17:21, Info                  CSI    000001fe [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:17:21, Info                  CSI    000001ff [SR] Beginning Verify and Repair transaction
2016-05-27 09:17:27, Info                  CSI    00000207 [SR] Verify complete
2016-05-27 09:17:28, Info                  CSI    00000208 [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:17:28, Info                  CSI    00000209 [SR] Beginning Verify and Repair transaction
2016-05-27 09:17:33, Info                  CSI    0000020b [SR] Verify complete
2016-05-27 09:17:34, Info                  CSI    0000020c [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:17:34, Info                  CSI    0000020d [SR] Beginning Verify and Repair transaction
2016-05-27 09:17:39, Info                  CSI    0000020f [SR] Verify complete
2016-05-27 09:17:40, Info                  CSI    00000210 [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:17:40, Info                  CSI    00000211 [SR] Beginning Verify and Repair transaction
2016-05-27 09:17:44, Info                  CSI    00000213 [SR] Verify complete
2016-05-27 09:17:45, Info                  CSI    00000214 [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:17:45, Info                  CSI    00000215 [SR] Beginning Verify and Repair transaction
2016-05-27 09:17:52, Info                  CSI    00000217 [SR] Verify complete
2016-05-27 09:17:53, Info                  CSI    00000218 [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:17:53, Info                  CSI    00000219 [SR] Beginning Verify and Repair transaction
2016-05-27 09:18:02, Info                  CSI    0000021c [SR] Verify complete
2016-05-27 09:18:02, Info                  CSI    0000021d [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:18:02, Info                  CSI    0000021e [SR] Beginning Verify and Repair transaction
2016-05-27 09:18:09, Info                  CSI    00000220 [SR] Verify complete
2016-05-27 09:18:10, Info                  CSI    00000221 [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:18:10, Info                  CSI    00000222 [SR] Beginning Verify and Repair transaction
2016-05-27 09:18:13, Info                  CSI    00000224 [SR] Verify complete
2016-05-27 09:18:13, Info                  CSI    00000225 [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:18:13, Info                  CSI    00000226 [SR] Beginning Verify and Repair transaction
2016-05-27 09:18:24, Info                  CSI    00000229 [SR] Verify complete
2016-05-27 09:18:25, Info                  CSI    0000022a [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:18:25, Info                  CSI    0000022b [SR] Beginning Verify and Repair transaction
2016-05-27 09:18:40, Info                  CSI    0000022f [SR] Verify complete
2016-05-27 09:18:41, Info                  CSI    00000230 [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:18:41, Info                  CSI    00000231 [SR] Beginning Verify and Repair transaction
2016-05-27 09:18:51, Info                  CSI    00000236 [SR] Verify complete
2016-05-27 09:18:52, Info                  CSI    00000237 [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:18:52, Info                  CSI    00000238 [SR] Beginning Verify and Repair transaction
2016-05-27 09:19:02, Info                  CSI    0000023e [SR] Verify complete
2016-05-27 09:19:03, Info                  CSI    0000023f [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:19:03, Info                  CSI    00000240 [SR] Beginning Verify and Repair transaction
2016-05-27 09:19:13, Info                  CSI    0000024b [SR] Verify complete
2016-05-27 09:19:14, Info                  CSI    0000024c [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:19:14, Info                  CSI    0000024d [SR] Beginning Verify and Repair transaction
2016-05-27 09:19:21, Info                  CSI    00000252 [SR] Verify complete
2016-05-27 09:19:22, Info                  CSI    00000253 [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:19:22, Info                  CSI    00000254 [SR] Beginning Verify and Repair transaction
2016-05-27 09:19:28, Info                  CSI    00000258 [SR] Verify complete
2016-05-27 09:19:30, Info                  CSI    00000259 [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:19:30, Info                  CSI    0000025a [SR] Beginning Verify and Repair transaction
2016-05-27 09:19:37, Info                  CSI    0000025c [SR] Verify complete
2016-05-27 09:19:38, Info                  CSI    0000025d [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:19:38, Info                  CSI    0000025e [SR] Beginning Verify and Repair transaction
2016-05-27 09:19:46, Info                  CSI    0000027b [SR] Verify complete
2016-05-27 09:19:47, Info                  CSI    0000027c [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:19:47, Info                  CSI    0000027d [SR] Beginning Verify and Repair transaction
2016-05-27 09:19:53, Info                  CSI    00000287 [SR] Verify complete
2016-05-27 09:19:53, Info                  CSI    00000288 [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:19:53, Info                  CSI    00000289 [SR] Beginning Verify and Repair transaction
2016-05-27 09:19:59, Info                  CSI    0000028b [SR] Verify complete
2016-05-27 09:20:00, Info                  CSI    0000028c [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:20:00, Info                  CSI    0000028d [SR] Beginning Verify and Repair transaction
2016-05-27 09:20:07, Info                  CSI    0000028f [SR] Verify complete
2016-05-27 09:20:08, Info                  CSI    00000290 [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:20:08, Info                  CSI    00000291 [SR] Beginning Verify and Repair transaction
2016-05-27 09:20:11, Info                  CSI    00000293 [SR] Verify complete
2016-05-27 09:20:12, Info                  CSI    00000294 [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:20:12, Info                  CSI    00000295 [SR] Beginning Verify and Repair transaction
2016-05-27 09:20:18, Info                  CSI    000002a3 [SR] Verify complete
2016-05-27 09:20:18, Info                  CSI    000002a4 [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:20:18, Info                  CSI    000002a5 [SR] Beginning Verify and Repair transaction
2016-05-27 09:20:27, Info                  CSI    000002ab [SR] Verify complete
2016-05-27 09:20:28, Info                  CSI    000002ac [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:20:28, Info                  CSI    000002ad [SR] Beginning Verify and Repair transaction
2016-05-27 09:20:35, Info                  CSI    000002b7 [SR] Verify complete
2016-05-27 09:20:36, Info                  CSI    000002b8 [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:20:36, Info                  CSI    000002b9 [SR] Beginning Verify and Repair transaction
2016-05-27 09:20:38, Info                  CSI    000002bb [SR] Verify complete
2016-05-27 09:20:39, Info                  CSI    000002bc [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:20:39, Info                  CSI    000002bd [SR] Beginning Verify and Repair transaction
2016-05-27 09:20:48, Info                  CSI    000002c0 [SR] Verify complete
2016-05-27 09:20:49, Info                  CSI    000002c1 [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:20:49, Info                  CSI    000002c2 [SR] Beginning Verify and Repair transaction
2016-05-27 09:20:51, Info                  CSI    000002c4 [SR] Verify complete
2016-05-27 09:20:52, Info                  CSI    000002c5 [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:20:52, Info                  CSI    000002c6 [SR] Beginning Verify and Repair transaction
2016-05-27 09:21:00, Info                  CSI    000002c8 [SR] Verify complete
2016-05-27 09:21:01, Info                  CSI    000002c9 [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:21:01, Info                  CSI    000002ca [SR] Beginning Verify and Repair transaction
2016-05-27 09:21:09, Info                  CSI    000002cc [SR] Verify complete
2016-05-27 09:21:09, Info                  CSI    000002cd [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:21:09, Info                  CSI    000002ce [SR] Beginning Verify and Repair transaction
2016-05-27 09:21:15, Info                  CSI    000002d0 [SR] Verify complete
2016-05-27 09:21:15, Info                  CSI    000002d1 [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:21:15, Info                  CSI    000002d2 [SR] Beginning Verify and Repair transaction
2016-05-27 09:21:27, Info                  CSI    000002ec [SR] Verify complete
2016-05-27 09:21:27, Info                  CSI    000002ed [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:21:27, Info                  CSI    000002ee [SR] Beginning Verify and Repair transaction
2016-05-27 09:21:49, Info                  CSI    000002f0 [SR] Verify complete
2016-05-27 09:21:49, Info                  CSI    000002f1 [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:21:49, Info                  CSI    000002f2 [SR] Beginning Verify and Repair transaction
2016-05-27 09:21:55, Info                  CSI    000002f4 [SR] Verify complete
2016-05-27 09:21:56, Info                  CSI    000002f5 [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:21:56, Info                  CSI    000002f6 [SR] Beginning Verify and Repair transaction
2016-05-27 09:22:01, Info                  CSI    000002f8 [SR] Verify complete
2016-05-27 09:22:01, Info                  CSI    000002f9 [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:22:01, Info                  CSI    000002fa [SR] Beginning Verify and Repair transaction
2016-05-27 09:22:05, Info                  CSI    000002fe [SR] Verify complete
2016-05-27 09:22:06, Info                  CSI    000002ff [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:22:06, Info                  CSI    00000300 [SR] Beginning Verify and Repair transaction
2016-05-27 09:22:11, Info                  CSI    00000302 [SR] Verify complete
2016-05-27 09:22:12, Info                  CSI    00000303 [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:22:12, Info                  CSI    00000304 [SR] Beginning Verify and Repair transaction
2016-05-27 09:22:17, Info                  CSI    00000306 [SR] Verify complete
2016-05-27 09:22:18, Info                  CSI    00000307 [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:22:18, Info                  CSI    00000308 [SR] Beginning Verify and Repair transaction
2016-05-27 09:22:23, Info                  CSI    0000030a [SR] Verify complete
2016-05-27 09:22:24, Info                  CSI    0000030b [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:22:24, Info                  CSI    0000030c [SR] Beginning Verify and Repair transaction
2016-05-27 09:22:30, Info                  CSI    0000030f [SR] Verify complete
2016-05-27 09:22:31, Info                  CSI    00000310 [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:22:31, Info                  CSI    00000311 [SR] Beginning Verify and Repair transaction
2016-05-27 09:22:36, Info                  CSI    00000313 [SR] Verify complete
2016-05-27 09:22:36, Info                  CSI    00000314 [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:22:36, Info                  CSI    00000315 [SR] Beginning Verify and Repair transaction
2016-05-27 09:22:42, Info                  CSI    00000317 [SR] Verify complete
2016-05-27 09:22:42, Info                  CSI    00000318 [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:22:42, Info                  CSI    00000319 [SR] Beginning Verify and Repair transaction
2016-05-27 09:22:48, Info                  CSI    0000031b [SR] Verify complete
2016-05-27 09:22:49, Info                  CSI    0000031c [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:22:49, Info                  CSI    0000031d [SR] Beginning Verify and Repair transaction
2016-05-27 09:22:54, Info                  CSI    00000320 [SR] Verify complete
2016-05-27 09:22:55, Info                  CSI    00000321 [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:22:55, Info                  CSI    00000322 [SR] Beginning Verify and Repair transaction
2016-05-27 09:23:01, Info                  CSI    00000324 [SR] Verify complete
2016-05-27 09:23:02, Info                  CSI    00000325 [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:23:02, Info                  CSI    00000326 [SR] Beginning Verify and Repair transaction
2016-05-27 09:23:09, Info                  CSI    00000328 [SR] Verify complete
2016-05-27 09:23:09, Info                  CSI    00000329 [SR] Verifying 100 (0x0000000000000064) components
2016-05-27 09:23:09, Info                  CSI    0000032a [SR] Beginning Verify and Repair transaction
2016-05-27 09:23:15, Info                  CSI    0000032c [SR] Verify complete
2016-05-27 09:23:16, Info                  CSI    0000032d [SR] Verifying 90 (0x000000000000005a) components
2016-05-27 09:23:16, Info                  CSI    0000032e [SR] Beginning Verify and Repair transaction
2016-05-27 09:23:21, Info                  CSI    00000330 [SR] Verify complete
2016-05-27 09:23:21, Info                  CSI    00000331 [SR] Repairing 1 components
2016-05-27 09:23:21, Info                  CSI    00000332 [SR] Beginning Verify and Repair transaction
2016-05-27 09:23:22, Info                  CSI    00000333 [SR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:18{9}]"aeinv.mof" from store
2016-05-27 09:23:22, Info                  CSI    00000335 [SR] Repair complete
2016-05-27 09:23:22, Info                  CSI    00000336 [SR] Committing transaction
2016-05-27 09:23:22, Info                  CSI    0000033a [SR] Verify and Repair Transaction completed. All files and registry keys listed in this transaction  have been successfully repaired
 

 

CPU usage is low again.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP