[Grubox]

Hello!

 

I would like to ask for your help in determining if there is malware on my machine.

The only problem I have (which I have just experienced right now) is unusual laggy response by my computer (Win 7 64 bit) which I was not experiencing before.

 

I checked Task Manager and saw that memory usage of svchost.exe (netsvc) was very high (see attached screenshot)

 

 

 

FRST logs:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-07-2016
Ran by Don (administrator) on DONASUS (07-07-2016 22:22:18)
Running from C:\Users\Don\Desktop
Loaded Profiles: Don (Available Profiles: Don & Don&Ginnie)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(BitTorrent Inc.) C:\Users\Don\AppData\Roaming\uTorrent\uTorrent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Zhorn Software) C:\Program Files (x86)\Stickies\stickies.exe
(PowerISO Computing, Inc.) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(BitTorrent Inc.) C:\Users\Don\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe
(BitTorrent Inc.) C:\Users\Don\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Slack Technologies) C:\Users\Don\AppData\Local\slack\app-2.1.0\slack.exe
(Slack Technologies) C:\Users\Don\AppData\Local\slack\app-2.1.0\slack.exe
(Slack Technologies) C:\Users\Don\AppData\Local\slack\app-2.1.0\slack.exe
(Slack Technologies) C:\Users\Don\AppData\Local\slack\app-2.1.0\slack.exe
(Slack Technologies) C:\Users\Don\AppData\Local\slack\app-2.1.0\slack.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Slack Technologies) C:\Users\Don\AppData\Local\slack\app-2.1.0\slack.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\lync.exe
(Microsoft Corporation) C:\Windows\System32\perfmon.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\mspaint.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2014-04-24] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-09-17] (Intel Corporation)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [217088 2008-01-20] (PowerISO Computing, Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-1416814142-2601355591-1518902895-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23496872 2016-05-17] (Google)
HKU\S-1-5-21-1416814142-2601355591-1518902895-1000\...\Run: [uTorrent] => C:\Users\Don\AppData\Roaming\uTorrent\uTorrent.exe [2133504 2016-07-07] (BitTorrent Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\PROGRA~2\MICROS~1\Office16\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\PROGRA~2\MICROS~1\Office16\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\PROGRA~2\MICROS~1\Office16\GROOVEEX.DLL No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Stickies.lnk [2016-06-21]
ShortcutTarget: Stickies.lnk -> C:\Program Files (x86)\Stickies\stickies.exe (Zhorn Software)
Startup: C:\Users\Don\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stickies.lnk [2016-06-21]
ShortcutTarget: Stickies.lnk -> C:\Program Files (x86)\Stickies\stickies.exe (Zhorn Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F9959C1E-760E-432D-AADF-B1A15B3F0B3C}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2016-02-17] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office16\URLREDIR.DLL [2016-02-17] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll => No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\PROGRA~2\MICROS~1\Office16\URLREDIR.DLL => No File
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\PROGRA~2\MICROS~1\Office16\GROOVEEX.DLL => No File
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-02-17] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-20] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL [2016-04-20] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-02-17] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Don\AppData\Roaming\Mozilla\Firefox\Profiles\wxn0x88b.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll [2016-06-19] ()
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2016-06-20] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office16\NPSPWRAP.DLL [2016-02-17] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-19] ()
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2016-06-20] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-02-17] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-06-21] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-06-21] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-04-26] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-28] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-02-17] (Microsoft Corporation)
FF Extension: Xmarks - C:\Users\Don\AppData\Roaming\Mozilla\Firefox\Profiles\wxn0x88b.default\extensions\[email protected] [2016-06-24]
FF Extension: Firebug - C:\Users\Don\AppData\Roaming\Mozilla\Firefox\Profiles\wxn0x88b.default\Extensions\[email protected] [2016-06-28]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://google.com/","hxxp://www.google.com","hxxp://www.google.com/"
CHR Profile: C:\Users\Don\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Don\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-06-24]
CHR Extension: (oTranscribe) - C:\Users\Don\AppData\Local\Google\Chrome\User Data\Default\Extensions\agcepnaeajjgbbagpgaihnljdadhhibb [2016-06-24]
CHR Extension: (Xmarks Bookmark Sync) - C:\Users\Don\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2016-06-24]
CHR Extension: (TooManyTabs for Chrome) - C:\Users\Don\AppData\Local\Google\Chrome\User Data\Default\Extensions\amigcgbheognjmfkaieeeadojiibgbdp [2016-06-24]
CHR Extension: (Google Docs) - C:\Users\Don\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-24]
CHR Extension: (Google Drive) - C:\Users\Don\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-24]
CHR Extension: (YouTube) - C:\Users\Don\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-24]
CHR Extension: (Firebug Lite for Google Chrome™) - C:\Users\Don\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmagokdooijbeehmkpknfglimnifench [2016-06-24]
CHR Extension: (Google Sheets) - C:\Users\Don\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-24]
CHR Extension: (Google Docs Offline) - C:\Users\Don\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-28]
CHR Extension: (AdBlock) - C:\Users\Don\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-07-06]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Don\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-06-28]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\Don\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2016-06-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Don\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-24]
CHR Extension: (Gmail) - C:\Users\Don\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-24]
CHR Extension: (Chrome Media Router) - C:\Users\Don\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-06-28]
CHR HKU\S-1-5-21-1416814142-2601355591-1518902895-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3009776 2016-05-27] (Microsoft Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2014-04-24] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319080 2015-01-08] (Intel Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
S3 ffusb2audio; C:\Windows\System32\DRIVERS\ffusb2audio.sys [127280 2013-09-25] (Focusrite Audio Engineering Limited.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-04-24] (Intel Corporation)
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [465624 2014-01-03] (Realsil Semiconductor Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-07 22:22 - 2016-07-07 22:22 - 00015483 _____ C:\Users\Don\Desktop\FRST.txt
2016-07-07 22:20 - 2016-07-07 22:22 - 00000000 ____D C:\FRST
2016-07-07 22:19 - 2016-07-07 22:20 - 02390016 _____ (Farbar) C:\Users\Don\Desktop\FRST64.exe
2016-07-07 22:07 - 2016-07-07 22:11 - 00007609 _____ C:\Users\Don\AppData\Local\Resmon.ResmonCfg
2016-07-07 20:56 - 2016-07-07 22:09 - 00000000 ____D C:\Users\Don\AppData\LocalLow\uTorrent
2016-07-07 12:56 - 2016-07-07 12:56 - 00000000 ____D C:\Windows\en
2016-07-07 12:55 - 2016-07-07 12:55 - 00001374 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2016-07-07 12:55 - 2016-07-07 12:55 - 00001305 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2016-07-07 12:52 - 2016-07-07 12:52 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2016-07-07 12:49 - 2016-07-07 12:52 - 00000000 ____D C:\Program Files (x86)\Windows Live
2016-07-07 12:48 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2016-07-07 12:48 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2016-07-07 12:48 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2016-07-07 12:48 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2016-07-07 12:48 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2016-07-07 12:48 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2016-07-07 12:48 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2016-07-07 12:48 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2016-07-07 12:47 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2016-07-07 12:47 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2016-07-07 12:47 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2016-07-07 12:47 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2016-07-07 12:44 - 2016-07-07 12:56 - 00000000 ____D C:\Users\Don\AppData\Local\Windows Live
2016-07-06 10:51 - 2016-07-06 13:18 - 00000000 ____D C:\Users\Don&Ginnie\AppData\Roaming\foobar2000
2016-07-05 09:28 - 2016-07-05 09:28 - 00000000 ____D C:\Users\Don&Ginnie\AppData\Roaming\Macromedia
2016-07-05 09:28 - 2016-07-05 09:28 - 00000000 ____D C:\Users\Don&Ginnie\AppData\Local\Macromedia
2016-07-04 20:28 - 2016-07-07 20:56 - 00000000 ____D C:\Windows\Minidump
2016-07-04 20:27 - 2016-07-07 20:55 - 465521765 _____ C:\Windows\MEMORY.DMP
2016-06-29 23:16 - 2016-06-29 23:17 - 00000000 ____D C:\Users\Don&Ginnie\Desktop\J7 Pics
2016-06-29 22:18 - 2016-07-06 09:56 - 00000000 ____D C:\Users\Don&Ginnie\Desktop\Honeymoon Pics
2016-06-29 22:09 - 2016-06-29 22:09 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2016-06-28 20:11 - 2016-07-07 22:09 - 00000000 ___SD C:\Users\Don\AppData\LocalLow\Temp
2016-06-28 20:11 - 2016-06-28 20:11 - 00000791 _____ C:\Users\Don\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2016-06-28 20:08 - 2016-07-07 22:19 - 00000000 ____D C:\Users\Don\AppData\Roaming\uTorrent
2016-06-28 16:39 - 2016-07-05 11:14 - 00000000 ____D C:\Users\Don\Documents\REAPER Media
2016-06-26 11:53 - 2016-06-26 11:53 - 00000000 ____D C:\Windows\pss
2016-06-26 11:45 - 2016-07-07 15:47 - 00000000 ____D C:\Users\Don\AppData\Roaming\foobar2000
2016-06-26 11:44 - 2016-06-27 09:47 - 00000000 ____D C:\Program Files (x86)\foobar2000
2016-06-26 11:44 - 2016-06-26 11:44 - 00001117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\foobar2000.lnk
2016-06-26 11:42 - 2016-06-26 11:42 - 00000000 ____D C:\Users\Don\AppData\Roaming\Notepad++
2016-06-25 17:00 - 2016-06-25 17:00 - 00000000 ____D C:\Users\Don\Documents\Custom Office Templates
2016-06-25 15:28 - 2016-07-05 11:57 - 00000000 ____D C:\Users\Don\AppData\Local\CrashDumps
2016-06-25 09:42 - 2016-06-25 15:28 - 00000600 _____ C:\Users\Don\AppData\Roaming\PUTTY.RND
2016-06-25 02:04 - 2016-06-25 02:04 - 00001163 _____ C:\Users\Don&Ginnie\Desktop\Mozilla Firefox.lnk
2016-06-25 01:41 - 2016-06-25 01:41 - 00000000 ____D C:\Users\Don\Tracing
2016-06-25 01:40 - 2016-07-01 13:00 - 00000000 ____D C:\Users\Don\AppData\Roaming\Skype
2016-06-25 01:40 - 2016-06-25 02:02 - 00000000 ____D C:\ProgramData\Skype
2016-06-25 01:40 - 2016-06-25 01:40 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
2016-06-25 01:40 - 2016-06-25 01:40 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-06-25 01:40 - 2016-06-25 01:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-06-25 00:05 - 2016-06-26 11:42 - 00000000 ____D C:\Program Files (x86)\Sublime Text Build 3114 x64 - portable
2016-06-25 00:04 - 2016-06-26 11:41 - 00000000 ____D C:\Program Files (x86)\npp.6.9.2.bin.minimalist - portable
2016-06-24 23:57 - 2016-06-25 15:57 - 00000000 ____D C:\Users\Don\AppData\Roaming\FileZilla
2016-06-24 23:57 - 2016-06-24 23:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2016-06-24 23:57 - 2016-06-24 23:57 - 00000000 ____D C:\Program Files\FileZilla FTP Client
2016-06-24 22:26 - 2016-06-26 08:07 - 00000000 ____D C:\Users\Don\AppData\Local\Spotify
2016-06-24 22:26 - 2016-06-24 22:26 - 00001743 _____ C:\Users\Don\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2016-06-24 22:10 - 2016-06-26 08:12 - 00000000 ____D C:\Users\Don\AppData\Roaming\Spotify
2016-06-24 20:02 - 2016-06-24 20:02 - 00002271 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-24 20:02 - 2016-06-24 20:02 - 00002259 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-24 19:36 - 2016-07-01 18:49 - 00000600 _____ C:\Users\Don\AppData\Local\PUTTY.RND
2016-06-24 19:12 - 2016-06-24 19:12 - 00002406 _____ C:\Users\Don\Desktop\Skype for Business 2015.lnk
2016-06-24 19:08 - 2016-06-24 19:08 - 00002857 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk
2016-06-24 19:08 - 2016-06-24 19:08 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2016-06-24 19:07 - 2016-06-24 19:07 - 00000000 ____D C:\Windows\PCHEALTH
2016-06-24 19:07 - 2016-06-24 19:07 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-06-24 19:06 - 2016-06-24 19:06 - 00000000 ____D C:\Users\Don\AppData\Local\Microsoft Help
2016-06-24 18:38 - 2015-07-18 21:08 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-06-24 18:38 - 2015-07-18 21:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2016-06-24 18:38 - 2015-07-18 21:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-06-24 18:38 - 2015-07-18 21:08 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-06-24 18:38 - 2015-07-18 21:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-06-24 18:38 - 2015-07-18 21:08 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-06-24 18:38 - 2015-07-18 21:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-06-24 18:38 - 2015-07-18 21:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-06-24 18:38 - 2015-07-18 21:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-06-24 18:38 - 2015-07-18 21:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-06-24 18:38 - 2015-07-18 21:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-06-24 18:38 - 2015-07-18 21:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-06-24 18:38 - 2015-07-18 21:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-06-24 18:38 - 2015-07-18 21:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-06-24 18:38 - 2015-07-18 21:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-06-24 18:38 - 2015-07-18 21:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-06-24 18:38 - 2015-07-18 21:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-06-24 18:38 - 2015-07-18 21:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2016-06-24 18:38 - 2015-07-18 21:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-06-24 18:38 - 2015-07-18 21:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-06-24 18:38 - 2015-07-18 21:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-06-24 18:38 - 2015-07-18 21:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-06-24 18:38 - 2015-07-18 21:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-06-24 18:38 - 2015-07-18 21:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-06-24 18:38 - 2015-07-18 21:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-06-24 18:38 - 2015-07-18 21:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-06-24 18:38 - 2015-07-18 21:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-06-24 18:38 - 2015-07-18 21:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-06-24 18:38 - 2015-07-18 21:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-06-24 18:38 - 2015-07-18 21:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-06-24 18:38 - 2015-07-18 21:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-06-24 18:38 - 2015-07-18 21:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2016-06-24 18:38 - 2015-07-18 21:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2016-06-24 18:38 - 2015-07-18 21:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-06-24 18:38 - 2015-07-18 21:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-06-24 18:38 - 2015-07-18 21:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-06-24 18:38 - 2015-07-18 21:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-06-24 18:38 - 2015-07-18 21:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-06-24 18:38 - 2015-07-18 21:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2016-06-24 18:38 - 2015-07-18 21:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2016-06-24 18:38 - 2015-07-18 21:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2016-06-24 18:38 - 2015-07-18 21:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2016-06-24 18:38 - 2015-07-18 21:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2016-06-24 18:38 - 2015-07-18 21:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2016-06-24 18:38 - 2015-07-18 21:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-06-24 18:38 - 2015-07-18 21:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-06-24 18:38 - 2015-07-18 21:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-06-24 18:38 - 2015-07-18 21:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2016-06-24 12:57 - 2016-06-24 12:59 - 03482304 _____ (Microsoft Corporation) C:\Users\Don\Downloads\Setup.X86.en-US_O365ProPlusRetail_08f49607-c0cf-4c2f-9295-3156e7e4d48e_TX_PR_b_64_.exe
2016-06-23 19:24 - 2016-06-23 19:24 - 00000000 ____D C:\Users\Don\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2016-06-23 11:51 - 2016-06-23 11:51 - 00000000 ____D C:\Users\Don\AppData\LocalLow\Adobe
2016-06-23 11:51 - 2016-06-23 11:51 - 00000000 ____D C:\Users\Don\AppData\Local\CEF
2016-06-23 10:55 - 2016-06-23 10:55 - 00000000 ____D C:\Users\Don\AppData\Roaming\Vitzo
2016-06-22 19:51 - 2016-06-22 19:51 - 00000355 _____ C:\Users\Don&Ginnie\Desktop\Computer.lnk
2016-06-22 19:43 - 2016-06-22 19:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
2016-06-22 19:43 - 2016-06-22 19:43 - 00000000 ____D C:\Program Files (x86)\PowerISO
2016-06-22 19:43 - 2008-01-20 16:06 - 00057776 _____ (PowerISO Computing, Inc.) C:\Windows\system32\Drivers\scdemu.sys
2016-06-21 18:23 - 2016-07-07 12:25 - 00000000 ____D C:\Users\Don&Ginnie\AppData\Roaming\stickies
2016-06-21 18:23 - 2016-07-06 10:46 - 00000000 ____D C:\Users\Don&Ginnie\AppData\Local\Google
2016-06-21 16:56 - 2016-06-21 16:56 - 00000000 ____D C:\Users\Don\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MakeMKV
2016-06-21 16:56 - 2016-06-21 16:56 - 00000000 ____D C:\Users\Don\.MakeMKV
2016-06-21 16:56 - 2016-06-21 16:56 - 00000000 ____D C:\Program Files (x86)\MakeMKV
2016-06-21 16:51 - 2016-07-07 22:09 - 00000000 ____D C:\Users\Don\AppData\Roaming\stickies
2016-06-21 16:51 - 2016-06-21 16:51 - 00000517 _____ C:\Windows\uninstallstickies.bat
2016-06-21 16:51 - 2016-06-21 16:51 - 00000000 ____D C:\Program Files (x86)\Stickies
2016-06-21 16:02 - 2016-06-21 16:02 - 00000000 ____D C:\Users\Don\AppData\Roaming\Digiarty
2016-06-21 16:02 - 2016-06-21 16:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digiarty
2016-06-21 16:02 - 2016-06-21 16:02 - 00000000 ____D C:\Program Files (x86)\Digiarty
2016-06-21 15:09 - 2016-06-21 16:03 - 00000000 ____D C:\Users\Don\AppData\Roaming\dvdcss
2016-06-21 13:20 - 2016-07-07 22:09 - 00000000 ___RD C:\Users\Don\Google Drive
2016-06-21 12:53 - 2016-06-21 12:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-06-21 12:36 - 2016-07-07 22:09 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-21 12:36 - 2016-07-07 21:57 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-21 12:36 - 2016-06-24 21:12 - 00000000 ____D C:\Users\Don\AppData\Local\Google
2016-06-21 12:36 - 2016-06-24 20:02 - 00000000 ____D C:\Program Files (x86)\Google
2016-06-21 12:36 - 2016-06-21 13:52 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-06-21 12:36 - 2016-06-21 13:52 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-06-21 11:17 - 2016-06-21 11:17 - 00001163 _____ C:\Users\Don\Desktop\Mozilla Firefox.lnk
2016-06-21 11:17 - 2016-06-21 11:17 - 00000355 _____ C:\Users\Don\Desktop\Computer.lnk
2016-06-20 15:36 - 2016-06-20 15:36 - 00000000 ____D C:\Program Files (x86)\Vitzo
2016-06-20 12:20 - 2016-06-25 17:28 - 00000000 ____D C:\Users\Don\AppData\Local\Free YouTube Downloader
2016-06-20 12:20 - 2016-06-20 15:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free YouTube Downloader
2016-06-20 12:20 - 2016-06-20 15:36 - 00000000 ____D C:\Program Files (x86)\Free YouTube Downloader
2016-06-20 10:06 - 2016-06-23 11:51 - 00000000 ____D C:\Users\Don\AppData\Roaming\Adobe
2016-06-20 10:06 - 2016-06-20 10:06 - 00000000 ____D C:\Users\Don\AppData\Roaming\Macromedia
2016-06-20 10:06 - 2016-06-20 10:06 - 00000000 ____D C:\Users\Don\AppData\Local\Macromedia
2016-06-20 09:57 - 2016-06-20 09:57 - 00000000 ____D C:\Program Files\DIFX
2016-06-20 09:56 - 2016-06-20 09:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Focusrite
2016-06-20 09:56 - 2016-06-20 09:56 - 00000000 ____D C:\Program Files\Focusrite
2016-06-20 09:56 - 2013-09-25 14:41 - 00022832 _____ (Focusrite Audio Engineering Limited.) C:\Windows\system32\ffusb2audio_coinst.dll
2016-06-20 09:56 - 2013-09-25 14:40 - 00127280 _____ (Focusrite Audio Engineering Limited.) C:\Windows\system32\Drivers\ffusb2audio.sys
2016-06-20 09:12 - 2016-06-24 19:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-06-19 08:02 - 2016-06-28 14:42 - 00000000 ____D C:\Users\Don\AppData\Roaming\REAPER
2016-06-19 07:54 - 2016-06-19 07:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REAPER (x64)
2016-06-19 07:54 - 2016-06-19 07:54 - 00000000 ____D C:\Program Files\REAPER (x64)
2016-06-19 07:54 - 2016-06-19 07:54 - 00000000 ____D C:\Program Files\Common Files\Propellerhead Software
2016-06-19 07:44 - 2014-05-15 00:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-06-19 07:44 - 2014-05-15 00:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-06-19 07:44 - 2014-05-15 00:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-06-19 07:44 - 2014-05-15 00:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-06-19 07:44 - 2014-05-15 00:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-06-19 07:44 - 2014-05-15 00:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-06-19 07:44 - 2014-05-15 00:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-06-19 07:44 - 2014-05-15 00:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-06-19 07:44 - 2014-05-15 00:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-06-19 07:44 - 2014-05-15 00:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-06-19 07:44 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-06-19 07:44 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-06-19 07:44 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-06-19 07:44 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-06-18 08:00 - 2016-06-18 08:03 - 00001706 _____ C:\Users\Don&Ginnie\Documents\SOMETHING IN THE WATER.txt
2016-06-17 09:29 - 2016-07-07 12:25 - 00000000 ____D C:\Users\Don&Ginnie\AppData\LocalLow\uTorrent
2016-06-16 20:26 - 2016-07-07 09:25 - 00000000 ___SD C:\Users\Don&Ginnie\AppData\LocalLow\Temp
2016-06-16 18:25 - 2016-06-21 16:32 - 00001162 _____ C:\Users\Don&Ginnie\Desktop\µTorrent.lnk
2016-06-16 18:25 - 2016-06-16 18:25 - 00000798 _____ C:\Users\Don&Ginnie\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2016-06-16 18:24 - 2016-07-07 12:25 - 00000000 ____D C:\Users\Don&Ginnie\AppData\Roaming\uTorrent
2016-06-16 18:22 - 2016-06-16 18:23 - 01959424 _____ (BitTorrent Inc.) C:\Users\Don&Ginnie\Downloads\uTorrent-3-4-6-build-42178.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-07 22:16 - 2009-07-14 13:13 - 00783114 _____ C:\Windows\system32\PerfStringBackup.INI
2016-07-07 22:16 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\inf
2016-07-07 22:10 - 2016-05-17 14:23 - 00000000 ____D C:\Users\Don\AppData\Roaming\Slack
2016-07-07 22:09 - 2016-05-15 13:46 - 00000000 __SHD C:\Users\Don\IntelGraphicsProfiles
2016-07-07 22:09 - 2009-07-14 13:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-07 22:07 - 2009-07-14 13:08 - 00011874 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-07-07 21:55 - 2009-07-14 12:45 - 00020656 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-07 21:55 - 2009-07-14 12:45 - 00020656 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-07 16:20 - 2016-05-17 11:34 - 00000000 ____D C:\Users\Don\AppData\Roaming\vlc
2016-07-07 12:49 - 2009-07-14 11:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-07-07 12:25 - 2016-05-19 18:04 - 00000000 __SHD C:\Users\Don&Ginnie\IntelGraphicsProfiles
2016-07-05 21:01 - 2016-05-17 14:23 - 00002064 _____ C:\Users\Don\Desktop\Slack.lnk
2016-07-05 21:01 - 2016-05-17 14:23 - 00000000 ____D C:\Users\Don\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Slack Technologies
2016-07-05 21:01 - 2016-05-17 14:23 - 00000000 ____D C:\Users\Don\AppData\Local\slack
2016-07-05 21:00 - 2016-05-17 14:23 - 00000000 ____D C:\Users\Don\AppData\Local\SquirrelTemp
2016-07-05 09:28 - 2016-05-20 08:46 - 00000000 ____D C:\Users\Don&Ginnie\AppData\Roaming\Adobe
2016-07-02 01:32 - 2016-05-19 18:09 - 00000000 ____D C:\Users\Don&Ginnie\AppData\Roaming\vlc
2016-06-30 14:44 - 2016-05-17 10:47 - 00000000 ____D C:\Program Files\Microsoft Office
2016-06-25 20:32 - 2009-07-14 12:45 - 00435440 _____ C:\Windows\system32\FNTCACHE.DAT
2016-06-25 02:02 - 2016-05-19 18:06 - 00111520 _____ C:\Users\Don&Ginnie\AppData\Local\GDIPFONTCACHEV1.DAT
2016-06-25 01:41 - 2016-05-15 10:26 - 00000000 ____D C:\Users\Don
2016-06-25 01:19 - 2016-05-15 13:27 - 00111520 _____ C:\Users\Don\AppData\Local\GDIPFONTCACHEV1.DAT
2016-06-24 19:08 - 2016-05-17 10:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-06-23 11:51 - 2016-05-17 10:14 - 00000000 ____D C:\Users\Don\AppData\Local\Adobe
2016-06-22 07:37 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\rescache
2016-06-22 06:40 - 2016-05-17 10:08 - 00000000 ____D C:\Program Files\7-Zip
2016-06-21 16:42 - 2009-07-14 11:20 - 00000000 __RHD C:\Users\Public\Libraries
2016-06-21 11:16 - 2016-05-15 14:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-06-20 07:09 - 2016-05-17 10:19 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-06-19 20:17 - 2016-05-15 14:17 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-06-19 20:17 - 2016-05-15 14:17 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-06-16 18:24 - 2016-05-17 10:24 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

==================== Files in the root of some directories =======

2016-06-25 09:42 - 2016-06-25 15:28 - 0000600 _____ () C:\Users\Don\AppData\Roaming\PUTTY.RND
2016-06-24 19:36 - 2016-07-01 18:49 - 0000600 _____ () C:\Users\Don\AppData\Local\PUTTY.RND
2016-07-07 22:07 - 2016-07-07 22:11 - 0007609 _____ () C:\Users\Don\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
C:\Users\Don\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Don\AppData\Local\Temp\FYDSetup.exe
C:\Users\Don\AppData\Local\Temp\h2q2qvyn.exe
C:\Users\Don\AppData\Local\Temp\xm4o2fge.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-07-07 10:04

==================== End of FRST.txt ============================

Addition logs:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-07-2016
Ran by Don (2016-07-07 22:23:09)
Running from C:\Users\Don\Desktop
Windows 7 Professional Service Pack 1 (X64) (2016-05-15 02:26:37)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1416814142-2601355591-1518902895-500 - Administrator - Disabled)
Don (S-1-5-21-1416814142-2601355591-1518902895-1000 - Administrator - Enabled) => C:\Users\Don
Don&Ginnie (S-1-5-21-1416814142-2601355591-1518902895-1001 - Administrator - Enabled) => C:\Users\Don&Ginnie
Guest (S-1-5-21-1416814142-2601355591-1518902895-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1416814142-2601355591-1518902895-1000\...\uTorrent) (Version: 3.4.7.42330 - BitTorrent Inc.)
7-Zip 16.02 (x64) (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
FileZilla Client 3.18.0 (HKLM-x32\...\FileZilla Client) (Version: 3.18.0 - Tim Kosse)
Focusrite USB 2.0 Audio Driver 2.5.1 (HKLM\...\Focusrite USB 2.0 Audio Driver_is1) (Version: 2.5.1 - Focusrite Audio Engineering Limited.)
foobar2000 v1.3.10 (HKLM-x32\...\foobar2000) (Version: 1.3.10 - Peter Pawlowski)
Free YouTube Downloader 4.1.515 (HKLM-x32\...\{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1) (Version:  - HOW Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.106 - Google Inc.)
Google Drive (HKLM-x32\...\{709316AD-161C-4D5C-9AE7-0B3A822DA271}) (Version: 1.30.2170.0459 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Herramientas de corrección de Microsoft Office 2016: español (Version: 16.0.4351.1001 - Microsoft Corporation) Hidden
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4061 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.4.1000 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.10.255 - Intel Corporation)
MakeMKV v1.9.10 (HKLM-x32\...\MakeMKV) (Version: v1.9.10 - GuinpinSoft inc)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4833.1001 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 47.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 en-US)) (Version: 47.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4833.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4833.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4833.1001 - Microsoft Corporation) Hidden
Outils de vérification linguistique 2016 de Microsoft Office - Français (Version: 16.0.4351.1001 - Microsoft Corporation) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version:  - )
Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 1.2.0.41 - Ralink)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.273.37 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.88.617.2014 - Realtek)
REAPER (x64) (HKLM\...\REAPER) (Version:  - )
Skype for Business Basic 2016 (HKLM\...\Office16.LYNCENTRY) (Version: 16.0.4351.1001 - Microsoft Corporation)
Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
Slack (HKU\S-1-5-21-1416814142-2601355591-1518902895-1000\...\slack) (Version: 2.1.0 - Slack Technologies)
Spotify (HKU\S-1-5-21-1416814142-2601355591-1518902895-1000\...\Spotify) (Version: 1.0.31.56.g526cfefe - Spotify AB)
Stickies 9.0a (HKLM-x32\...\ZhornStickies) (Version:  - Zhorn Software)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.3 - VideoLAN)
Windows Driver Package - Focusrite USB 2.0 Audio Driver (09/25/2013 2.5.128.1) (HKLM\...\CF1FC201D237269A9CD51A3A6B14ADBF67175C32) (Version: 09/25/2013 2.5.128.1 - Focusrite)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinX DVD Ripper Platinum 7.5.15 (HKLM-x32\...\WinX DVD Ripper Platinum_is1) (Version:  - Digiarty Software, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1416814142-2601355591-1518902895-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2EC5DC37-D2FB-48E8-8170-B0073F10E05F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-21] (Google Inc.)
Task: {3032A19E-ECC9-42DB-914C-C021DC8BF988} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {3678732D-E5C5-4A5E-892E-4E0E8D86BCDB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2016-05-17] (Microsoft Corporation)
Task: {4D4734CE-EF2D-4801-91DB-659C369718A7} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx64\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-05-17] (Microsoft Corporation)
Task: {C0DCE41B-44A3-4ECD-A6AD-E1B1A7178943} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-02-18] (Microsoft Corporation)
Task: {D742914F-C50B-401E-A255-D60DE7DE6AFB} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-04-12] (Microsoft Corporation)
Task: {DB3F231E-C079-494A-8FB0-13350D877524} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2016-05-17] (Microsoft Corporation)
Task: {E00ABB24-86AA-416F-B6C5-FEE003765903} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-04-12] (Microsoft Corporation)
Task: {E70BD608-0840-40A1-BA85-7453259C3C54} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-21] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-05-17 10:19 - 2016-04-19 19:26 - 00114888 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2016-05-17 11:02 - 2016-05-17 11:02 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2016-05-27 20:19 - 2016-05-27 20:19 - 00052912 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2016-07-05 21:00 - 2016-07-05 21:00 - 02252800 _____ () C:\Users\Don\AppData\Local\slack\app-2.1.0\ffmpeg.dll
2016-07-05 21:01 - 2016-07-05 21:01 - 00167936 _____ () \\?\C:\Users\Don\AppData\Local\slack\app-2.1.0\resources\app.asar.unpacked\node_modules\nslog\build\Release\nslog.node
2016-07-05 21:01 - 2016-07-05 21:01 - 00104960 _____ () \\?\C:\Users\Don\AppData\Local\slack\app-2.1.0\resources\app.asar.unpacked\node_modules\keytar\build\Release\keytar.node
2016-07-05 21:01 - 2016-07-05 21:01 - 00093184 _____ () \\?\C:\Users\Don\AppData\Local\slack\app-2.1.0\resources\app.asar.unpacked\node_modules\@paulcbetts\gc\build\Release\gc.node
2016-07-05 21:01 - 2016-07-05 21:01 - 00134144 _____ () \\?\C:\Users\Don\AppData\Local\slack\app-2.1.0\resources\app.asar.unpacked\node_modules\ref\build\Release\binding.node
2016-07-05 21:01 - 2016-07-05 21:01 - 00143872 _____ () \\?\C:\Users\Don\AppData\Local\slack\app-2.1.0\resources\app.asar.unpacked\node_modules\ffi\build\Release\ffi_bindings.node
2016-07-05 21:00 - 2016-07-05 21:00 - 02779136 _____ () C:\Users\Don\AppData\Local\slack\app-2.1.0\libglesv2.dll
2016-07-05 21:00 - 2016-07-05 21:00 - 00094208 _____ () C:\Users\Don\AppData\Local\slack\app-2.1.0\libegl.dll
2016-07-05 21:01 - 2016-07-05 21:01 - 00126976 _____ () \\?\C:\Users\Don\AppData\Local\slack\app-2.1.0\resources\app.asar.unpacked\node_modules\keyboard-layout\build\Release\keyboard-layout-observer.node
2016-07-05 21:01 - 2016-07-05 21:01 - 00456704 _____ () \\?\C:\Users\Don\AppData\Local\slack\app-2.1.0\resources\app.asar.unpacked\node_modules\spellchecker\build\Release\spellchecker.node
2016-07-05 21:01 - 2016-07-05 21:01 - 00154624 _____ () \\?\C:\Users\Don\AppData\Local\slack\app-2.1.0\resources\app.asar.unpacked\node_modules\edge-atom-shell\build\Release\edge.node
2016-07-05 21:01 - 2016-07-05 21:01 - 00003584 _____ () C:\Users\Don\AppData\Local\slack\app-2.1.0\resources\app.asar.unpacked\src\csx\clear-notifications.dll
2016-07-05 21:01 - 2016-07-05 21:01 - 00093696 _____ () \\?\C:\Users\Don\AppData\Local\slack\app-2.1.0\resources\app.asar.unpacked\node_modules\@paulcbetts\system-idle-time\build\Release\system_idle_time.node
2016-07-05 21:01 - 2016-07-05 21:01 - 00104960 _____ () \\?\C:\Users\Don\AppData\Local\slack\app-2.1.0\resources\app.asar.unpacked\node_modules\@paulcbetts\slack-calls\build\Release\slack-calls.node
2016-07-05 21:01 - 2016-07-05 21:01 - 06795776 _____ () \\?\C:\Users\Don\AppData\Local\slack\app-2.1.0\resources\app.asar.unpacked\node_modules\@paulcbetts\slack-calls\build\Release\CallsCore.dll
2016-07-05 21:01 - 2016-07-05 21:01 - 00220160 _____ () \\?\C:\Users\Don\AppData\Local\slack\app-2.1.0\resources\app.asar.unpacked\node_modules\@paulcbetts\slack-calls\build\Release\protobuf_lite.dll
2016-07-05 21:01 - 2016-07-05 21:01 - 01409024 _____ () \\?\C:\Users\Don\AppData\Local\slack\app-2.1.0\resources\app.asar.unpacked\node_modules\@paulcbetts\slack-calls\build\Release\boringssl.dll
2016-05-17 10:22 - 2016-05-17 10:22 - 00402624 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream64.dll
2016-05-17 10:23 - 2016-05-17 10:50 - 02210480 _____ () C:\Program Files\Microsoft Office 15\root\office15\tmpod.dll
2016-05-17 10:23 - 2016-05-17 10:34 - 00027304 _____ () C:\Program Files\Microsoft Office 15\root\office15\lynchtmlconvpxy.dll
2016-07-07 22:09 - 2016-07-07 22:09 - 00098816 ____R () C:\Users\Don\AppData\Local\Temp\_MEI21082\win32api.pyd
2016-07-07 22:09 - 2016-07-07 22:09 - 00110080 ____R () C:\Users\Don\AppData\Local\Temp\_MEI21082\pywintypes27.dll
2016-07-07 22:09 - 2016-07-07 22:09 - 00364544 ____R () C:\Users\Don\AppData\Local\Temp\_MEI21082\pythoncom27.dll
2016-07-07 22:09 - 2016-07-07 22:09 - 00320512 ____R () C:\Users\Don\AppData\Local\Temp\_MEI21082\win32com.shell.shell.pyd
2016-07-07 22:09 - 2016-07-07 22:09 - 00776704 ____R () C:\Users\Don\AppData\Local\Temp\_MEI21082\_hashlib.pyd
2016-07-07 22:09 - 2016-07-07 22:09 - 01176576 ____R () C:\Users\Don\AppData\Local\Temp\_MEI21082\wx._core_.pyd
2016-07-07 22:09 - 2016-07-07 22:09 - 00806400 ____R () C:\Users\Don\AppData\Local\Temp\_MEI21082\wx._gdi_.pyd
2016-07-07 22:09 - 2016-07-07 22:09 - 00816128 ____R () C:\Users\Don\AppData\Local\Temp\_MEI21082\wx._windows_.pyd
2016-07-07 22:09 - 2016-07-07 22:09 - 01067008 ____R () C:\Users\Don\AppData\Local\Temp\_MEI21082\wx._controls_.pyd
2016-07-07 22:09 - 2016-07-07 22:09 - 00733184 ____R () C:\Users\Don\AppData\Local\Temp\_MEI21082\wx._misc_.pyd
2016-07-07 22:09 - 2016-07-07 22:09 - 00682496 ____R () C:\Users\Don\AppData\Local\Temp\_MEI21082\pysqlite2._sqlite.pyd
2016-07-07 22:09 - 2016-07-07 22:09 - 00088064 ____R () C:\Users\Don\AppData\Local\Temp\_MEI21082\_ctypes.pyd
2016-07-07 22:09 - 2016-07-07 22:09 - 00119808 ____R () C:\Users\Don\AppData\Local\Temp\_MEI21082\win32file.pyd
2016-07-07 22:09 - 2016-07-07 22:09 - 00108544 ____R () C:\Users\Don\AppData\Local\Temp\_MEI21082\win32security.pyd
2016-07-07 22:09 - 2016-07-07 22:09 - 00007168 ____R () C:\Users\Don\AppData\Local\Temp\_MEI21082\hashobjs_ext.pyd
2016-07-07 22:09 - 2016-07-07 22:09 - 00017920 ____R () C:\Users\Don\AppData\Local\Temp\_MEI21082\thumbnails_ext.pyd
2016-07-07 22:09 - 2016-07-07 22:09 - 00088064 ____R () C:\Users\Don\AppData\Local\Temp\_MEI21082\usb_ext.pyd
2016-07-07 22:09 - 2016-07-07 22:09 - 00012288 ____R () C:\Users\Don\AppData\Local\Temp\_MEI21082\common.time34.pyd
2016-07-07 22:09 - 2016-07-07 22:09 - 00018432 ____R () C:\Users\Don\AppData\Local\Temp\_MEI21082\win32event.pyd
2016-07-07 22:09 - 2016-07-07 22:09 - 00167936 ____R () C:\Users\Don\AppData\Local\Temp\_MEI21082\win32gui.pyd
2016-07-07 22:09 - 2016-07-07 22:09 - 00046080 ____R () C:\Users\Don\AppData\Local\Temp\_MEI21082\_socket.pyd
2016-07-07 22:09 - 2016-07-07 22:09 - 01208320 ____R () C:\Users\Don\AppData\Local\Temp\_MEI21082\_ssl.pyd
2016-07-07 22:09 - 2016-07-07 22:09 - 00128512 ____R () C:\Users\Don\AppData\Local\Temp\_MEI21082\_elementtree.pyd
2016-07-07 22:09 - 2016-07-07 22:09 - 00127488 ____R () C:\Users\Don\AppData\Local\Temp\_MEI21082\pyexpat.pyd
2016-07-07 22:09 - 2016-07-07 22:09 - 00038912 ____R () C:\Users\Don\AppData\Local\Temp\_MEI21082\win32inet.pyd
2016-07-07 22:09 - 2016-07-07 22:09 - 00036864 ____R () C:\Users\Don\AppData\Local\Temp\_MEI21082\_psutil_windows.pyd
2016-07-07 22:09 - 2016-07-07 22:09 - 00525208 ____R () C:\Users\Don\AppData\Local\Temp\_MEI21082\windows._lib_cacheinvalidation.pyd
2016-07-07 22:09 - 2016-07-07 22:09 - 00011264 ____R () C:\Users\Don\AppData\Local\Temp\_MEI21082\win32crypt.pyd
2016-07-07 22:09 - 2016-07-07 22:09 - 00077312 ____R () C:\Users\Don\AppData\Local\Temp\_MEI21082\wx._html2.pyd
2016-07-07 22:09 - 2016-07-07 22:09 - 00027136 ____R () C:\Users\Don\AppData\Local\Temp\_MEI21082\_multiprocessing.pyd
2016-07-07 22:09 - 2016-07-07 22:09 - 00020480 ____R () C:\Users\Don\AppData\Local\Temp\_MEI21082\_yappi.pyd
2016-07-07 22:09 - 2016-07-07 22:09 - 00035840 ____R () C:\Users\Don\AppData\Local\Temp\_MEI21082\win32process.pyd
2016-07-07 22:09 - 2016-07-07 22:09 - 00686080 ____R () C:\Users\Don\AppData\Local\Temp\_MEI21082\unicodedata.pyd
2016-07-07 22:09 - 2016-07-07 22:09 - 00078848 ____R () C:\Users\Don\AppData\Local\Temp\_MEI21082\wx._animate.pyd
2016-07-07 22:09 - 2016-07-07 22:09 - 00123392 ____R () C:\Users\Don\AppData\Local\Temp\_MEI21082\wx._wizard.pyd
2016-07-07 22:09 - 2016-07-07 22:09 - 00024064 ____R () C:\Users\Don\AppData\Local\Temp\_MEI21082\win32pipe.pyd
2016-07-07 22:09 - 2016-07-07 22:09 - 00010240 ____R () C:\Users\Don\AppData\Local\Temp\_MEI21082\select.pyd
2016-07-07 22:09 - 2016-07-07 22:09 - 00025600 ____R () C:\Users\Don\AppData\Local\Temp\_MEI21082\win32pdh.pyd
2016-07-07 22:09 - 2016-07-07 22:09 - 00017408 ____R () C:\Users\Don\AppData\Local\Temp\_MEI21082\win32profile.pyd
2016-07-07 22:09 - 2016-07-07 22:09 - 00022528 ____R () C:\Users\Don\AppData\Local\Temp\_MEI21082\win32ts.pyd

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 10:34 - 2009-06-11 05:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1416814142-2601355591-1518902895-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Don^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Slack.lnk => C:\Windows\pss\Slack.lnk.Startup
MSCONFIG\startupreg: Lync => "C:\Program Files\Microsoft Office 15\root\office15\lync.exe" /fromrunkey
MSCONFIG\startupreg: Spotify => "C:\Users\Don\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Don\AppData\Roaming\Spotify\SpotifyWebHelper.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{88A6BDB8-E2E6-413C-A1F3-F187769B5007}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5EFF3ADF-0D52-4282-8D7A-5BFA05E8FB83}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{45AA1A46-A40C-41B7-8B5A-0B80FC22C2C9}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{1B721945-2DA7-4B77-8C74-9E4DF6033E5D}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{9F489D16-2D3A-46DD-A5C7-E7919CC9F14D}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{EE688E61-474C-45EF-B87D-353196F3EC5C}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{F48075AD-1FD9-4134-AFAD-73056977EBD2}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{F4D7C34E-3E3E-48FF-8E20-B5DEC2EB6FCD}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [{A2D60C2D-110D-42E7-B3F5-0A61B1A659A9}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [{939631CF-C135-43B1-B4B6-9685AC52C64D}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{2596DC52-DCE4-43E2-9C3C-1DA667944AF8}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{E24598D6-41CE-48DF-8452-60C927A6D7DD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{3CC6FF0E-BCE8-4A5E-9FC7-4B7E61D96021}C:\users\don\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\don\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{B1B0FC71-AD22-48B1-8942-C2D2751B5A83}C:\users\don\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\don\appdata\roaming\spotify\spotify.exe
FirewallRules: [{48599E8E-B526-41F3-9763-C0571262228A}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{CC08B262-9257-498E-A770-F08F1792B1B4}] => (Allow) C:\Users\Don\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{DF9838BE-EA41-4851-90FE-FD018CFEEC6F}] => (Allow) C:\Users\Don\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{13177C88-7F6E-41E6-A64F-E8F5A5A3C42C}C:\users\don&ginnie\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\don&ginnie\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{6E19F22E-D599-479B-9DE1-9938E21DBAAB}C:\users\don&ginnie\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\don&ginnie\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{D4B66E14-3FD2-4D25-B424-ECAC462D412B}] => (Block) C:\users\don&ginnie\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{1CD9DEE8-349F-4582-B4E4-5B34E111DAB3}] => (Block) C:\users\don&ginnie\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{08C0B8FD-928D-4C89-90C5-5EE9F907B734}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{C0C6A055-9922-4FF4-ABDA-6FCFD8A28250}] => (Allow) LPort=2869
FirewallRules: [{83E48AB3-5E8B-4726-9A75-643D6104FF25}] => (Allow) LPort=1900

==================== Restore Points =========================

07-07-2016 12:48:32 Installed DirectX
07-07-2016 12:50:02 WLSetup

==================== Faulty Device Manager Devices =============

Name: Bluetooth Controller
Description: Bluetooth Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/07/2016 10:10:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/07/2016 09:57:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/07/2016 09:49:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 47.0.0.5999 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: b80

Start Time: 01d1d84f1a486020

Termination Time: 5939

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: 9e1f3e7b-4449-11e6-bc19-10c37bb21ca2

Error: (07/07/2016 08:57:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/07/2016 08:36:19 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/06/2016 06:21:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/06/2016 01:14:18 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220

Error: (07/05/2016 02:44:11 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/05/2016 11:57:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: OfficeC2RClient.exe, version: 15.0.4823.1000, time stamp: 0x570cff28
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2bcac
Exception code: 0x40000015
Fault offset: 0x00000000000761c9
Faulting process id: 0x10cc
Faulting application start time: 0xOfficeC2RClient.exe0
Faulting application path: OfficeC2RClient.exe1
Faulting module path: OfficeC2RClient.exe2
Report Id: OfficeC2RClient.exe3

Error: (07/05/2016 11:27:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: OfficeC2RClient.exe, version: 15.0.4823.1000, time stamp: 0x570cff28
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2bcac
Exception code: 0x40000015
Fault offset: 0x00000000000761c9
Faulting process id: 0x1190
Faulting application start time: 0xOfficeC2RClient.exe0
Faulting application path: OfficeC2RClient.exe1
Faulting module path: OfficeC2RClient.exe2
Report Id: OfficeC2RClient.exe3


System errors:
=============
Error: (07/07/2016 10:08:24 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Update service terminated with the following error:
%%-2147467243 = The class is configured to run as a security id different from the caller


Error: (07/07/2016 10:08:13 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error:
%%1056 = An instance of the service is already running.


Error: (07/07/2016 10:07:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Update service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (07/07/2016 10:07:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Management Instrumentation service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (07/07/2016 10:07:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Themes service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (07/07/2016 10:07:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Shell Hardware Detection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (07/07/2016 10:07:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The System Event Notification Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (07/07/2016 10:07:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Task Scheduler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (07/07/2016 10:07:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Profile Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (07/07/2016 10:07:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Server service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.


==================== Memory info ===========================

Processor: Intel® Core™ i3-3217U CPU @ 1.80GHz
Percentage of memory in use: 80%
Total physical RAM: 3981.89 MB
Available physical RAM: 782.89 MB
Total Virtual: 7961.97 MB
Available Virtual: 4226.79 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:48.73 GB) (Free:4.11 GB) NTFS
Drive d: () (Fixed) (Total:416.93 GB) (Free:274.97 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 55BE6344)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=48.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=416.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

[Advertisements]

Hi. My name is Brian, and I would be happy to look into your issue.
 

- General Instructions -

• Please read all instructions and fixes thoroughly. Read the ENTIRE post BEFORE performing any steps so you understand all that needs to be done.
• I would advise printing any instructions for easy reference as some of the fixes may require you to boot in Safe mode. Access to these instructions may not be available in Safe Mode.
• Any fixes provided by myself are for this log file only and should not be used on any other systems.
• Do not run any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
• It's very likely that part of our cleanup will include emptying your recycle bin. If you use your recycle bin as an archive and do not wish this to be emptied, please let me know.
• It is also likely during our cleaning process that your internet browsing history will be removed. Your favorites will be untouched. If you don't want this to happen you need to let me know before running any steps so I can adjust my fixes accordingly.
• You have 4 days to reply to each post or the topic will be closed. You will be able to request that the topic be re-opened by sending me a PM (Personal Message) or PM a moderator.
• Please feel free to ask any questions, especially if you are having problems with my instructions.

- Save ALL Tools to your Desktop-

 

All tools that I have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.
 
Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
Google Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
Mozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.
Internet Explorer - Click the Tools menu in the upper right-corner of the browser. Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
 

- Finally Before We Start-

 
Removing malware is a complicated multiple step process, Please stay with me until I have declared your system clean. I strongly recommend you backup your personal files and folders. Although rare, attempting to remove malware can render your machine unbootable or cause data loss. Having backups of your data is your responsibility. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

 

 

I'd be happy to review your logs.

 

1. Can you tell me if you are still experiencing the lag issue?

2. If you are, can you tell me which services are a part of the SVCHost that is consuming all that memory? Instructions to do so are here.

3. Are you aware that you are not running any Antivirus software?

[BrianDrab]

Hi. My name is Brian, and I would be happy to look into your issue.
 

- General Instructions -

• Please read all instructions and fixes thoroughly. Read the ENTIRE post BEFORE performing any steps so you understand all that needs to be done.
• I would advise printing any instructions for easy reference as some of the fixes may require you to boot in Safe mode. Access to these instructions may not be available in Safe Mode.
• Any fixes provided by myself are for this log file only and should not be used on any other systems.
• Do not run any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
• It's very likely that part of our cleanup will include emptying your recycle bin. If you use your recycle bin as an archive and do not wish this to be emptied, please let me know.
• It is also likely during our cleaning process that your internet browsing history will be removed. Your favorites will be untouched. If you don't want this to happen you need to let me know before running any steps so I can adjust my fixes accordingly.
• You have 4 days to reply to each post or the topic will be closed. You will be able to request that the topic be re-opened by sending me a PM (Personal Message) or PM a moderator.
• Please feel free to ask any questions, especially if you are having problems with my instructions.

- Save ALL Tools to your Desktop-

 

All tools that I have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.
 
Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
Google Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
Mozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.
Internet Explorer - Click the Tools menu in the upper right-corner of the browser. Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
 

- Finally Before We Start-

 
Removing malware is a complicated multiple step process, Please stay with me until I have declared your system clean. I strongly recommend you backup your personal files and folders. Although rare, attempting to remove malware can render your machine unbootable or cause data loss. Having backups of your data is your responsibility. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

 

 

I'd be happy to review your logs.

 

1. Can you tell me if you are still experiencing the lag issue?

2. If you are, can you tell me which services are a part of the SVCHost that is consuming all that memory? Instructions to do so are here.

3. Are you aware that you are not running any Antivirus software?

[Grubox]

I think this was caused by Windows Update. I can no longer confirm because it no longer occurs. Also, there is an "install updates" icon shown beside the Shutdown button which just appeared. When the memory usage was high, it wasn't there. Now that the icon is here, memory usage is back to normal.  I think we can close this.

 

I forgot to install an AV for this after a reformat. Thanks for reminding me. What AV is recommended by this community?

[BrianDrab]

OK, no problem, Thanks for letting me know. The issue you were experiencing is a known issue with a resolution. You can read more about this here.

 

As far as what Antivirus to use. I prefer to stick with Microsoft Security Essentials as it's light on resources and provides sufficient protection (in my opinion). If you are looking for an alternate free software I would recommend Avira. If you are looking for a paid version I would recommend ESET.

 

If you want to do your own research and determine what you may think is best, the following are great websites to look into. They are third parties that review AVs periodically to see how they perform.

https://www.av-test....s/home-windows/

http://www.av-compar...atives-reviews/

[BrianDrab]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.