I have a new-to-me Alienware that I got from a computer repair friend here locally. Recently, I had a run-in with "Zeus" virus.
I've run CC Cleaner and a purchased version of Malwarebytes. Everything either got cleaned or came up clean.
Yet, the computer is still running very slow. Pages occasionally freeze altogether. May be something still lurking there, may be something else entirely.
------------------------------------------------------------------------------------------------------
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-06-2017 01
Ran by admin1 (administrator) on ADMIN (21-06-2017 16:50:44)
Running from C:\Users\admin1\Desktop
Loaded Profiles: admin1 (Available Profiles: admin1 & admin new)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CtHdaSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionService.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\CTJckCfg.exe
() C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionController.exe
(PC-Doctor, Inc.) C:\Program Files\AlienAutopsy\uaclauncher.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1804432 2015-09-11] (NVIDIA Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [Command Center Controllers] => C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [12656 2012-07-24] (Alienware)
HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe
HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-14] (Synaptics Incorporated)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-05-09] (Apple Inc.)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Sound Blaster Recon3Di Control Panel] => c:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe [886272 2012-05-09] (Creative Technology Ltd)
HKLM-x32\...\Run: [AlienwareOn-ScreenDisplay] => C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe [1546576 2013-01-21] ()
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [102928 2012-10-23] (CyberLink Corp.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX2] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe [270912 2015-06-17] (CANON INC.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1314432 2016-06-09] (CANON INC.)
HKU\S-1-5-21-4125187598-2613234932-3738395790-1002\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23819304 2017-03-21] (Google)
HKU\S-1-5-21-4125187598-2613234932-3738395790-1002\...\Run: [GoogleChromeAutoLaunch_975EBB33C7229661C9C0DA4A2B75A4FE] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1143640 2017-05-09] (Google Inc.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [187152 2015-09-11] (NVIDIA Corporation)
AppInit_DLLs: ,C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [187152 2015-09-11] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [165528 2015-09-11] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 208.180.42.68 208.180.42.100 192.168.1.1
Tcpip\..\Interfaces\{993D39E3-0B1C-4005-AA94-16E56E99D8CB}: [DhcpNameServer] 208.180.42.68 208.180.42.100 192.168.1.1
Tcpip\..\Interfaces\{F2A67AD3-E95F-4878-8AB4-0AF5EE50C50F}: [DhcpNameServer] 172.20.10.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-4125187598-2613234932-3738395790-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell13.msn.com/
HKU\S-1-5-21-4125187598-2613234932-3738395790-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com
SearchScopes: HKU\S-1-5-21-4125187598-2613234932-3738395790-1002 -> DefaultScope {3D354F82-4671-4B84-8209-5271B8C3AA4C} URL =
SearchScopes: HKU\S-1-5-21-4125187598-2613234932-3738395790-1002 -> {3D354F82-4671-4B84-8209-5271B8C3AA4C} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2017-04-11] (Microsoft Corporation)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (CANON INC.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll => No File
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2017-03-14] (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (CANON INC.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-01-26] (Microsoft Corporation)
FireFox:
========
FF HKLM-x32\...\Thunderbird\Extensions: [
[email protected]] - C:\Program Files\McAfee\MSK => not found
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2017-01-26] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-08-07] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-08-07] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4125187598-2613234932-3738395790-1002: @zoom.us/ZoomVideoPlugin -> C:\Users\admin1\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2017-01-25] (Zoom Video Communications, Inc.)
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://essentialoilfare.com/wp-admin/","hxxps://sr11.supercp.com:2083/cpsess8049136517/frontend/paper_lantern/index.html?login=1&post_login=94321420609820","hxxps://mail.google.com/mail/u/0/#inbox","hxxps://mg.mail.yahoo.com/neo/launch?.partner=vz-acs&.rand=chka8i1cc4j8f","hxxps://www.mydoterra.com/","hxxp://forecast.weather.gov/MapClick.php?lat=30.589424670713072&lon=-96.30792859932467#.WTXWt-vyt0x","hxxps://www.facebook.com/"
CHR Profile: C:\Users\admin1\AppData\Local\Google\Chrome\User Data\Default [2017-06-21]
CHR Extension: (Google Slides) - C:\Users\admin1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-01-16]
CHR Extension: (Google Docs) - C:\Users\admin1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-16]
CHR Extension: (Google Drive) - C:\Users\admin1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-16]
CHR Extension: (ColorZilla) - C:\Users\admin1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhlhnicpbhignbdhedgjhgdocnmhomnp [2017-01-16]
CHR Extension: (YouTube) - C:\Users\admin1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-16]
CHR Extension: (Google Sheets) - C:\Users\admin1\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-01-16]
CHR Extension: (Google Docs Offline) - C:\Users\admin1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-16]
CHR Extension: (Pinterest Save Button) - C:\Users\admin1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2017-04-22]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\admin1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-02-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\admin1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\admin1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-16]
CHR Extension: (Chrome Media Router) - C:\Users\admin1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-16]
CHR HKU\S-1-5-21-4125187598-2613234932-3738395790-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3042544 2017-03-14] (Microsoft Corporation)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2013-06-01] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-06-01] (Creative Labs) [File not signed]
R2 CTAudSvcService; c:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2011-10-19] (Creative Technology Ltd) [File not signed]
R2 CtHdaSvc; C:\WINDOWS\sysWow64\CtHdaSvc.exe [122880 2012-06-20] (Creative Technology Ltd)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [3046688 2016-12-16] (IObit)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-09-24] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [1153840 2012-09-24] (Intel® Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 cthda; C:\WINDOWS\system32\drivers\cthda.sys [1055360 2012-06-20] (Creative Technology Ltd)
S3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
R0 EMSC; C:\WINDOWS\System32\drivers\EMSC.SYS [17720 2012-07-10] ()
R0 EMSC; C:\Windows\SysWOW64\drivers\EMSC.SYS [15160 2012-07-10] ()
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77376 2017-06-20] ()
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-02-15] (REALiX)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [188312 2017-06-20] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [113592 2017-06-20] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [44960 2017-06-20] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [252832 2017-06-20] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [93600 2017-06-21] (Malwarebytes)
R1 MpKsl438bbea6; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4B5AEE33-E7CB-44B6-94E2-4C49E725C55B}\MpKsl438bbea6.sys [44928 2017-06-20] (Microsoft Corporation)
R3 NETwNe64; C:\WINDOWS\system32\DRIVERS\NETwew00.sys [3345376 2013-09-04] (Intel Corporation)
R1 nvkflt; C:\WINDOWS\system32\DRIVERS\nvkflt.sys [309888 2015-09-11] (NVIDIA Corporation)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-14] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-14] (Synaptics Incorporated)
R3 ST_Accel; C:\WINDOWS\system32\DRIVERS\ST_Accel.sys [71832 2012-07-13] (STMicroelectronics)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
U0 aswVmm; no ImagePath
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]
R1 ZAM_Guard; \??\C:\WINDOWS\System32\drivers\zamguard64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-06-21 16:50 - 2017-06-21 16:50 - 00021025 _____ C:\Users\admin1\Desktop\FRST.txt
2017-06-21 16:48 - 2017-06-21 16:50 - 00000000 ____D C:\FRST
2017-06-21 16:47 - 2017-06-21 16:47 - 02439680 _____ (Farbar) C:\Users\admin1\Desktop\FRST64.exe
2017-06-20 18:16 - 2017-06-20 18:24 - 00000000 ____D C:\Users\admin1\AppData\Roaming\Apple Computer
2017-06-20 18:16 - 2017-06-20 18:16 - 00001767 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-06-20 18:16 - 2017-06-20 18:16 - 00000000 ____D C:\Users\admin1\AppData\Local\Apple Computer
2017-06-20 18:16 - 2017-06-20 18:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-06-20 18:14 - 2017-06-20 18:16 - 00000000 ____D C:\Program Files\iTunes
2017-06-20 18:14 - 2017-06-20 18:14 - 00000000 ____D C:\ProgramData\Apple Computer
2017-06-20 18:14 - 2017-06-20 18:14 - 00000000 ____D C:\Program Files\iPod
2017-06-20 18:13 - 2017-06-20 18:13 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-06-20 18:13 - 2017-06-20 18:13 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2017-06-20 18:13 - 2017-06-20 18:13 - 00000000 ____D C:\Users\admin1\AppData\Local\Apple
2017-06-20 18:13 - 2017-06-20 18:13 - 00000000 ____D C:\Program Files\Bonjour
2017-06-20 18:13 - 2017-06-20 18:13 - 00000000 ____D C:\Program Files (x86)\Bonjour
2017-06-20 18:13 - 2017-06-20 18:13 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2017-06-20 18:12 - 2017-06-20 18:13 - 00000000 ____D C:\ProgramData\Apple
2017-06-20 18:12 - 2017-06-20 18:13 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-06-20 18:09 - 2017-06-20 18:11 - 259195720 _____ (Apple Inc.) C:\Users\admin1\Desktop\iTunes64Setup.exe
2017-06-20 11:53 - 2017-06-21 16:50 - 00093600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-06-20 11:53 - 2017-06-20 18:18 - 00113592 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-06-20 11:53 - 2017-06-20 18:18 - 00044960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-06-20 11:53 - 2017-06-20 11:53 - 00188312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-06-20 11:52 - 2017-06-20 18:18 - 00252832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-06-20 11:52 - 2017-06-20 11:52 - 00001885 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-06-20 11:52 - 2017-06-20 11:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-06-20 11:51 - 2017-06-20 12:00 - 00077376 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-06-20 11:51 - 2017-06-20 11:51 - 00000000 ____D C:\Program Files\Malwarebytes
2017-06-20 11:49 - 2017-06-20 11:50 - 64025992 _____ (Malwarebytes ) C:\Users\admin1\Desktop\mb3-setup-cb.NT-3.1.2.1733-10139.exe
2017-06-16 08:33 - 2017-06-16 08:33 - 00000000 ____D C:\Users\admin1\AppData\LocalLow\Adobe
2017-06-16 08:31 - 2017-06-16 08:31 - 00004476 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-06-16 08:30 - 2017-06-16 08:34 - 00000000 ____D C:\ProgramData\Adobe
2017-06-16 08:30 - 2017-06-16 08:30 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-06-16 08:30 - 2017-06-16 08:30 - 00002069 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2017-06-16 08:30 - 2017-06-16 08:30 - 00000000 ____D C:\Program Files (x86)\Adobe
2017-06-14 06:34 - 2017-06-02 07:15 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2017-06-14 06:34 - 2017-06-02 07:12 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2017-06-14 06:34 - 2017-06-02 07:12 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
2017-06-14 06:34 - 2017-06-02 07:06 - 01001984 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-06-14 06:34 - 2017-06-02 07:01 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2017-06-14 06:34 - 2017-06-02 06:30 - 03635200 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-06-14 06:34 - 2017-06-02 06:03 - 00903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-06-14 06:34 - 2017-06-02 05:58 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-06-14 06:34 - 2017-06-02 05:25 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2017-06-14 06:34 - 2017-06-02 05:24 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2017-06-14 06:34 - 2017-06-02 05:17 - 00699392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2017-06-14 06:34 - 2017-06-02 05:02 - 02751488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-06-14 06:34 - 2017-06-02 04:43 - 01920000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-06-14 06:34 - 2017-06-02 04:43 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-06-14 06:34 - 2017-05-15 14:58 - 00121184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2017-06-14 06:34 - 2017-05-14 15:44 - 04170240 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-06-14 06:34 - 2017-05-14 15:42 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-06-14 06:34 - 2017-05-14 15:26 - 00576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-06-14 06:34 - 2017-05-14 15:19 - 25738752 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-06-14 06:34 - 2017-05-14 15:19 - 01364040 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2017-06-14 06:34 - 2017-05-14 15:10 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-06-14 06:34 - 2017-05-14 14:55 - 05975040 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-06-14 06:34 - 2017-05-14 14:32 - 07077376 _____ (Microsoft Corporation) C:\WINDOWS\system32\glcndFilter.dll
2017-06-14 06:34 - 2017-05-14 14:31 - 01033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2017-06-14 06:34 - 2017-05-14 14:22 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-06-14 06:34 - 2017-05-14 14:19 - 00806912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-06-14 06:34 - 2017-05-14 14:11 - 20274688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-06-14 06:34 - 2017-05-14 14:10 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-06-14 06:34 - 2017-05-14 14:04 - 00315224 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-06-14 06:34 - 2017-05-14 14:03 - 00373080 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-06-14 06:34 - 2017-05-14 13:54 - 15252992 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-06-14 06:34 - 2017-05-14 13:52 - 03240960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-06-14 06:34 - 2017-05-14 13:48 - 05274112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\glcndFilter.dll
2017-06-14 06:34 - 2017-05-14 13:46 - 00880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2017-06-14 06:34 - 2017-05-14 13:44 - 04549120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-06-14 06:34 - 2017-05-14 13:40 - 00693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-06-14 06:34 - 2017-05-14 13:38 - 07796736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-06-14 06:34 - 2017-05-14 13:37 - 01544704 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-06-14 06:34 - 2017-05-14 13:30 - 13664768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-06-14 06:34 - 2017-05-14 13:27 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-06-14 06:34 - 2017-05-14 13:16 - 05268992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-06-14 06:34 - 2017-05-14 13:15 - 02767872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-06-14 06:34 - 2017-05-14 13:13 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2017-06-14 06:34 - 2017-05-14 13:11 - 01314816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-06-14 06:34 - 2017-05-14 13:11 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-06-14 06:34 - 2017-05-14 13:06 - 07441240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-06-14 06:34 - 2017-05-14 13:06 - 01737600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-06-14 06:34 - 2017-05-14 13:06 - 01502000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-06-14 06:34 - 2017-05-12 12:05 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-06-14 06:34 - 2017-05-12 11:16 - 01084928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-06-14 06:34 - 2017-05-12 11:13 - 01559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-06-14 06:34 - 2017-05-12 10:51 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2017-06-14 06:34 - 2017-05-12 10:50 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2017-06-14 06:34 - 2017-05-12 10:48 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-06-14 06:34 - 2017-05-12 10:47 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-06-14 06:34 - 2017-05-11 23:10 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-06-14 06:34 - 2017-05-11 21:58 - 01985536 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-06-14 06:34 - 2017-05-11 21:48 - 01377792 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-06-14 06:34 - 2017-05-11 21:18 - 03714560 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-06-14 06:34 - 2017-05-11 21:11 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2017-06-14 06:34 - 2017-05-11 21:10 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2017-06-14 06:34 - 2017-05-11 21:07 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2017-06-14 06:34 - 2017-05-11 21:06 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-06-14 06:34 - 2017-05-11 21:04 - 00897024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-06-14 06:34 - 2017-05-11 21:00 - 02240512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2017-06-14 06:34 - 2017-05-11 18:36 - 22361848 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-06-14 06:34 - 2017-05-11 18:32 - 19788672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-06-14 06:34 - 2017-05-10 13:19 - 00101720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2017-06-14 06:34 - 2017-05-06 11:05 - 01094656 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-06-14 06:34 - 2017-05-06 11:04 - 00865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-06-14 06:34 - 2017-04-06 12:37 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-06-14 06:34 - 2017-04-06 12:16 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpd_ci.dll
2017-06-14 06:34 - 2017-04-06 11:50 - 01436672 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-06-14 06:34 - 2017-04-06 11:46 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2017-06-14 06:34 - 2017-04-06 11:46 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2017-06-14 06:34 - 2017-04-06 11:35 - 01362432 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2017-06-14 06:34 - 2017-04-06 11:15 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2017-06-14 06:34 - 2017-04-06 10:44 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2017-06-14 06:34 - 2017-04-02 09:49 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2017-06-14 06:34 - 2017-04-02 08:40 - 02013016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-06-06 18:02 - 2017-06-06 18:02 - 00000000 ____D C:\Users\admin1\Desktop\FB English 101 Class
2017-06-05 18:29 - 2017-06-05 18:29 - 00002786 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2017-06-05 18:29 - 2017-06-05 18:29 - 00000836 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-06-05 18:29 - 2017-06-05 18:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-06-05 18:29 - 2017-06-05 18:29 - 00000000 ____D C:\Program Files\CCleaner
2017-06-05 18:28 - 2017-06-05 18:28 - 09551280 _____ (Piriform Ltd) C:\Users\admin1\Desktop\ccsetup530.exe
2017-06-05 17:33 - 2017-06-05 17:33 - 00012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2017-06-05 17:18 - 2017-06-05 17:34 - 00000000 ____D C:\ProgramData\HitmanPro
2017-06-05 17:17 - 2017-06-05 17:17 - 11584088 _____ (SurfRight B.V.) C:\Users\admin1\Desktop\hitmanpro_x64.exe
2017-06-05 16:27 - 2017-06-21 16:50 - 00111035 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-06-05 16:27 - 2017-06-20 18:21 - 00057128 _____ C:\WINDOWS\ZAM.krnl.trace
2017-06-05 16:27 - 2017-06-20 18:21 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-06-05 16:26 - 2017-06-05 16:26 - 05774688 _____ (Zemana Ltd. ) C:\Users\admin1\Desktop\Zemana.AntiMalware.Setup.exe
2017-06-05 16:26 - 2017-06-05 16:26 - 00000000 ____D C:\Users\admin1\AppData\Local\Zemana
2017-05-27 18:46 - 2017-06-19 09:02 - 00004470 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-05-27 18:46 - 2017-06-19 09:02 - 00004324 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-05-27 18:45 - 2017-06-16 08:33 - 00000000 ____D C:\Users\admin1\AppData\Local\Adobe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-06-21 16:24 - 2016-12-25 00:06 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4125187598-2613234932-3738395790-1002
2017-06-21 16:19 - 2017-01-28 11:25 - 00003168 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-06-21 16:19 - 2017-01-28 11:25 - 00002307 _____ C:\Users\admin1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2017-06-21 16:19 - 2017-01-26 16:07 - 00003176 _____ C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-4125187598-2613234932-3738395790-1002
2017-06-21 15:37 - 2017-01-11 11:42 - 00003918 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{D93671C3-3939-4FAD-9323-18149092C452}
2017-06-21 09:21 - 2017-02-25 17:03 - 00000000 ___RD C:\Users\admin1\Google Drive
2017-06-21 09:21 - 2016-12-25 10:22 - 00000000 __SHD C:\Users\admin1\IntelGraphicsProfiles
2017-06-20 18:18 - 2016-12-25 02:45 - 00000000 ____D C:\ProgramData\NVIDIA
2017-06-20 18:18 - 2013-08-22 09:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-06-20 18:17 - 2013-08-22 08:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2017-06-20 18:15 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\Inf
2017-06-20 11:51 - 2017-01-16 18:49 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-06-20 11:23 - 2017-01-26 16:01 - 00000000 ____D C:\Program Files\Microsoft Office 15
2017-06-20 11:23 - 2013-08-22 10:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-06-20 11:12 - 2017-02-15 09:50 - 00000000 ____D C:\ProgramData\ProductData
2017-06-19 10:14 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\rescache
2017-06-19 09:12 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-06-19 09:01 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-06-19 09:01 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-06-19 08:55 - 2016-12-25 02:53 - 00000000 ____D C:\Users\admin1
2017-06-19 08:51 - 2013-08-22 09:44 - 00403880 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-06-16 10:19 - 2013-08-22 10:36 - 00000000 ___RD C:\WINDOWS\ToastData
2017-06-16 08:33 - 2016-12-24 16:47 - 00000000 ____D C:\Users\admin1\AppData\Roaming\Adobe
2017-06-16 08:20 - 2013-08-22 10:36 - 00000000 ___HD C:\Program Files\WindowsApps
2017-06-16 08:18 - 2012-07-26 02:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-06-16 08:17 - 2016-12-24 21:38 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-06-16 08:14 - 2016-12-24 21:38 - 133627792 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-06-14 06:27 - 2017-04-11 12:37 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2017-06-14 06:27 - 2017-04-11 12:37 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-06-14 06:27 - 2017-04-11 12:37 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-06-13 20:35 - 2017-04-10 10:04 - 00000000 ____D C:\Users\admin1\AppData\LocalLow\Mozilla
2017-06-06 18:59 - 2017-01-16 19:05 - 00000000 ____D C:\Users\admin1\Desktop\doTERRA
2017-06-06 18:11 - 2014-11-21 03:44 - 00865408 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-06-06 18:08 - 2016-12-24 16:46 - 00000000 ____D C:\Users\admin1\AppData\Local\Packages
2017-06-06 17:41 - 2017-01-16 19:05 - 00000000 ____D C:\Users\admin1\Desktop\Memes
2017-06-06 07:24 - 2017-04-10 10:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-06-05 18:32 - 2016-12-25 04:40 - 00000000 ___DC C:\WINDOWS\Panther
2017-06-05 17:40 - 2017-03-05 21:12 - 00000000 ____D C:\Users\admin1\AppData\Local\Microsoft Help
2017-06-05 12:19 - 2017-04-10 10:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2017-06-02 21:31 - 2017-05-10 07:09 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-06-02 21:31 - 2017-05-10 07:09 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-06-01 19:21 - 2017-02-25 16:06 - 00000000 ____D C:\Users\admin1\AppData\Local\ElevatedDiagnostics
2017-05-30 15:45 - 2017-02-15 10:01 - 00565416 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
==================== Files in the root of some directories =======
2017-02-11 17:33 - 2017-02-11 17:33 - 0003584 _____ () C:\Users\admin1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-01 15:45 - 2013-06-01 15:45 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2013-06-01 15:42 - 2013-06-01 15:42 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2013-06-01 15:42 - 2013-06-01 15:43 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2013-06-01 15:41 - 2013-06-01 15:41 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2013-06-01 15:43 - 2013-06-01 15:45 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-06-20 11:48
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-06-2017 01
Ran by admin1 (21-06-2017 16:51:28)
Running from C:\Users\admin1\Desktop
Windows 8.1 (Update) (X64) (2016-12-25 15:22:11)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
admin new (S-1-5-21-4125187598-2613234932-3738395790-1003 - Administrator - Enabled) => C:\Users\admin new
admin1 (S-1-5-21-4125187598-2613234932-3738395790-1002 - Administrator - Enabled) => C:\Users\admin1
Administrator (S-1-5-21-4125187598-2613234932-3738395790-500 - Administrator - Disabled)
Guest (S-1-5-21-4125187598-2613234932-3738395790-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Flash Player 26 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated)
AlienAutopsy (HKLM\...\PC-Doctor for Windows) (Version: 3.2.6032.125 - PC-Doctor, Inc.)
AlienRespawn - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.0.0.6 - Alienware)
AlienRespawn (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.0.0.6 - Alienware)
Alienware Command Center (HKLM-x32\...\InstallShield_{F5BC7030-7BC1-4D2B-A75C-6528B7AE2A22}) (Version: 2.8.10.0 - Alienware Corp.)
Alienware Command Center (Version: 2.8.10.0 - Alienware Corp.) Hidden
Alienware Digital Delivery (HKLM-x32\...\{4B3230C5-F069-416B-9169-1B84A216ED6A}) (Version: 2.5.1400.0 - Dell Products, LP)
Alienware On-Screen Display (HKLM-x32\...\InstallShield_{0D69462F-99CC-4F8D-942E-666E21CE59F8}) (Version: 0.32.1.4C - )
Alienware On-Screen Display (x32 Version: 0.32.1.4C - ) Hidden
Alienware Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.16.1 - Dell Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{E92BB800-BCC5-4C25-8102-AC2C3B7C7C1E}) (Version: 5.5 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9C912B1E-06DD-43EF-BB2B-45CB2C88BAAE}) (Version: 5.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.7.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX2 (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX2) (Version: 2.0.0.19 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.3.1.4 - Canon Inc.)
Canon MG3000 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3000_series) (Version: 1.02 - Canon Inc.)
Canon MG3000 series On-screen Manual (HKLM-x32\...\Canon MG3000 series On-screen Manual) (Version: 1.2.0 - Canon Inc.)
Canon MG3000 series User Registration (HKLM-x32\...\Canon MG3000 series User Registration) (Version: - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.7.1 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.30 - Piriform)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
DSC/AA Factory Installer (Version: 3.2.6032.125 - PC-Doctor, Inc.) Hidden
EMSC (x32 Version: 0.0.0.24C - Compal Electronics, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
Google Drive (HKLM-x32\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel® PROSet/Wireless for Bluetooth® + High Speed (HKLM\...\{E77289CF-12B9-4CAB-A49E-FEAE947F4D95}) (Version: 15.5.4.0423 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{7854AA22-A2F0-4F29-A2E9-D0C5A2B685E7}) (Version: 2.5.0.0248 - Motorola Solutions, Inc)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.7.0.1013 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{1593C708-5535-47A4-8C0F-F8D4BE2B4560}) (Version: 15.05.6000.1620 - Intel Corporation)
IrfanView 4.44 (32-bit) (HKLM-x32\...\IrfanView) (Version: 4.44 - Irfan Skiljan)
iTunes (HKLM\...\{F0C7385A-9D20-45F3-8101-05D383885180}) (Version: 12.6.1.25 - Apple Inc.)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4937.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4125187598-2613234932-3738395790-1002\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.1.1.6338 - Mozilla)
Mozilla Thunderbird 52.1.1 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 52.1.1 (x86 en-US)) (Version: 52.1.1 - Mozilla)
NVIDIA 3D Vision Driver 353.84 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 353.84 - NVIDIA Corporation)
NVIDIA Graphics Driver 353.84 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.84 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4937.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4937.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4937.1000 - Microsoft Corporation) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Sound Blaster Recon3Di (HKLM-x32\...\{FEF74F43-9C01-46CC-8A28-43BBBBB8C6B2}) (Version: 1.00.15 - Creative Technology Limited)
Sound Blaster Recon3Di Extras (HKLM-x32\...\{C45E715E-442E-4D82-BD46-A08A0870957C}) (Version: 1.0 - Creative Technology Limited)
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.12.0028 - ST Microelectronics)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.3 - Synaptics Incorporated)
TrojanHunter 6.2 (HKLM-x32\...\TrojanHunter_is1) (Version: 6.2 - Bytelayer AB)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Zoom (HKU\S-1-5-21-4125187598-2613234932-3738395790-1002\...\ZoomUMX) (Version: 4.0 - Zoom Video Communications, Inc.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-4125187598-2613234932-3738395790-1002_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\admin1\AppData\Local\Microsoft\OneDrive\17.3.6917.0607\amd64\FileCoAuthLib64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4125187598-2613234932-3738395790-1002_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {3024F6E8-8AC0-4A76-95CA-B0558C4BB4CD} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-12-03] (CyberLink Corp.)
Task: {322E1A29-9531-420A-ADAC-6AE59486D300} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-01-27] (AVAST Software)
Task: {3EA6440B-03BC-4EDA-8FAB-346E7E90EF97} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-16] (Google Inc.)
Task: {44215963-0317-40BF-AB9E-476C2E263735} - System32\Tasks\Uninstaller_Install_admin1 => C:\Program Files (x86)\IObit\Advanced SystemCare\IObitUninstaller.exe
Task: {4EE1A078-92CA-4935-845A-B0454531CE54} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-04-11] (Microsoft Corporation)
Task: {543A6011-AFF6-434A-B074-C8201728B91D} - \Microsoft\Windows\Setup\EOSNotify -> No File <==== ATTENTION
Task: {60EFE4E4-8246-42F1-996B-598DC8A45F53} - System32\Tasks\Driver Booster SkipUAC (admin1) => C:\Program Files (x86)\IObit\Driver Booster\4.2.0\DriverBooster.exe
Task: {627880C7-6494-4577-81DF-F245188DB33C} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {78BD883C-9A20-45F4-A0BC-E299FC14D305} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {7A53CFBB-E188-4452-815F-0C1CBB08754C} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-06-19] (Adobe Systems Incorporated)
Task: {8DF7EFE5-DD91-4D58-883D-34CE37C4D7FA} - System32\Tasks\Dell\Dell System Registration => C:\Program Files (x86)\System Registration\prodreg.exe [2012-07-09] (Dell, Inc.)
Task: {9BC0521B-6E03-40A9-A84C-3ABB2F854A42} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-16] (Google Inc.)
Task: {9FA2A4A4-8F88-4D88-A89B-CBFDFECFF7C8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-02-03] (Adobe Systems Incorporated)
Task: {A3D00E17-8A1E-47D2-A1E7-86A7F92F6152} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-05-19] (Piriform Ltd)
Task: {A97412E9-86A0-4449-8410-67928270B891} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_26_0_0_131_pepper.exe [2017-06-19] (Adobe Systems Incorporated)
Task: {B5877F13-BD81-4BF2-8F66-A8B49FEC0625} - System32\Tasks\PCDEventLauncher => C:\Program Files\AlienAutopsy\sessionchecker.exe [2013-02-14] (PC-Doctor, Inc.)
Task: {BBE457CA-376E-44A5-AC5F-DFD4427B6053} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\AlienAutopsy\uaclauncher.exe [2013-02-14] (PC-Doctor, Inc.)
Task: {D7530D70-EF12-45DF-BF54-E311290A5063} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {DD665B30-DD0E-4422-90E0-5C731E7C452A} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-04-11] (Microsoft Corporation)
Task: {E36A1F0D-1A0D-403B-829B-AB25333FF8BD} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-12-03] (CyberLink)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: C:\WINDOWS\Tasks\Uninstaller_Install_admin1.job => C:\Program Files (x86)\IObit\Advanced SystemCare\IObitUninstaller.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2017-05-09 00:44 - 2017-05-09 00:44 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-05-09 00:44 - 2017-05-09 00:44 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-01-26 16:01 - 2017-01-17 04:25 - 00117440 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-06-01 15:43 - 2012-04-24 21:43 - 00254512 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2017-06-20 11:51 - 2017-06-20 12:00 - 02270664 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2015-09-11 14:02 - 2015-09-11 14:02 - 00020808 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2016-12-25 02:45 - 2015-08-07 12:28 - 00116528 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-03-21 23:16 - 2017-01-31 07:34 - 08909512 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2017-05-09 03:05 - 2017-05-09 03:05 - 00092472 _____ () C:\Program Files\iTunes\zlib1.dll
2017-05-09 03:05 - 2017-05-09 03:05 - 01354040 _____ () C:\Program Files\iTunes\libxml2.dll
2017-05-15 16:51 - 2017-05-09 04:13 - 03767640 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libglesv2.dll
2017-05-15 16:51 - 2017-05-09 04:13 - 00100696 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libegl.dll
2013-01-21 21:40 - 2013-01-21 21:40 - 01546576 _____ () C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
2017-02-15 09:50 - 2016-03-31 18:57 - 00625440 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll
2013-03-13 16:33 - 2013-03-13 16:33 - 00109576 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2017-05-10 13:15 - 2017-05-10 13:15 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\a84b76a7e963e66443ac22457490ec3c\PSIClient.ni.dll
2009-12-18 13:07 - 2009-12-18 13:07 - 00577536 _____ () C:\Program Files (x86)\Alienware On-Screen Display\EMSC.dll
2015-09-11 14:02 - 2015-09-11 14:02 - 00020624 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2017-06-21 09:21 - 2017-06-21 09:21 - 00098816 ____R () C:\Users\admin1\AppData\Local\Temp\_MEI17962\win32api.pyd
2017-06-21 09:21 - 2017-06-21 09:21 - 00110080 ____R () C:\Users\admin1\AppData\Local\Temp\_MEI17962\pywintypes27.dll
2017-06-21 09:21 - 2017-06-21 09:21 - 00364544 ____R () C:\Users\admin1\AppData\Local\Temp\_MEI17962\pythoncom27.dll
2017-06-21 09:21 - 2017-06-21 09:21 - 00320512 ____R () C:\Users\admin1\AppData\Local\Temp\_MEI17962\win32com.shell.shell.pyd
2017-06-21 09:21 - 2017-06-21 09:21 - 00914432 ____R () C:\Users\admin1\AppData\Local\Temp\_MEI17962\_hashlib.pyd
2017-06-21 09:21 - 2017-06-21 09:21 - 01176576 ____R () C:\Users\admin1\AppData\Local\Temp\_MEI17962\wx._core_.pyd
2017-06-21 09:21 - 2017-06-21 09:21 - 00806400 ____R () C:\Users\admin1\AppData\Local\Temp\_MEI17962\wx._gdi_.pyd
2017-06-21 09:21 - 2017-06-21 09:21 - 00816128 ____R () C:\Users\admin1\AppData\Local\Temp\_MEI17962\wx._windows_.pyd
2017-06-21 09:21 - 2017-06-21 09:21 - 01067008 ____R () C:\Users\admin1\AppData\Local\Temp\_MEI17962\wx._controls_.pyd
2017-06-21 09:21 - 2017-06-21 09:21 - 00733184 ____R () C:\Users\admin1\AppData\Local\Temp\_MEI17962\wx._misc_.pyd
2017-06-21 09:21 - 2017-06-21 09:21 - 00682496 ____R () C:\Users\admin1\AppData\Local\Temp\_MEI17962\pysqlite2._sqlite.pyd
2017-06-21 09:21 - 2017-06-21 09:21 - 00088064 ____R () C:\Users\admin1\AppData\Local\Temp\_MEI17962\_ctypes.pyd
2017-06-21 09:21 - 2017-06-21 09:21 - 00686080 ____R () C:\Users\admin1\AppData\Local\Temp\_MEI17962\unicodedata.pyd
2017-06-21 09:21 - 2017-06-21 09:21 - 00119808 ____R () C:\Users\admin1\AppData\Local\Temp\_MEI17962\win32file.pyd
2017-06-21 09:21 - 2017-06-21 09:21 - 00108544 ____R () C:\Users\admin1\AppData\Local\Temp\_MEI17962\win32security.pyd
2017-06-21 09:21 - 2017-06-21 09:21 - 00007168 ____R () C:\Users\admin1\AppData\Local\Temp\_MEI17962\hashobjs_ext.pyd
2017-06-21 09:21 - 2017-06-21 09:21 - 00017920 ____R () C:\Users\admin1\AppData\Local\Temp\_MEI17962\thumbnails_ext.pyd
2017-06-21 09:21 - 2017-06-21 09:21 - 00088064 ____R () C:\Users\admin1\AppData\Local\Temp\_MEI17962\usb_ext.pyd
2017-06-21 09:21 - 2017-06-21 09:21 - 00012800 ____R () C:\Users\admin1\AppData\Local\Temp\_MEI17962\common.time34.pyd
2017-06-21 09:21 - 2017-06-21 09:21 - 00018432 ____R () C:\Users\admin1\AppData\Local\Temp\_MEI17962\win32event.pyd
2017-06-21 09:21 - 2017-06-21 09:21 - 00167936 ____R () C:\Users\admin1\AppData\Local\Temp\_MEI17962\win32gui.pyd
2017-06-21 09:21 - 2017-06-21 09:21 - 00046080 ____R () C:\Users\admin1\AppData\Local\Temp\_MEI17962\_socket.pyd
2017-06-21 09:21 - 2017-06-21 09:21 - 01303552 ____R () C:\Users\admin1\AppData\Local\Temp\_MEI17962\_ssl.pyd
2017-06-21 09:21 - 2017-06-21 09:21 - 00128512 ____R () C:\Users\admin1\AppData\Local\Temp\_MEI17962\_elementtree.pyd
2017-06-21 09:21 - 2017-06-21 09:21 - 00127488 ____R () C:\Users\admin1\AppData\Local\Temp\_MEI17962\pyexpat.pyd
2017-06-21 09:21 - 2017-06-21 09:21 - 00038912 ____R () C:\Users\admin1\AppData\Local\Temp\_MEI17962\win32inet.pyd
2017-06-21 09:21 - 2017-06-21 09:21 - 00036864 ____R () C:\Users\admin1\AppData\Local\Temp\_MEI17962\_psutil_windows.pyd
2017-06-21 09:21 - 2017-06-21 09:21 - 00524248 ____R () C:\Users\admin1\AppData\Local\Temp\_MEI17962\windows._lib_cacheinvalidation.pyd
2017-06-21 09:21 - 2017-06-21 09:21 - 00011264 ____R () C:\Users\admin1\AppData\Local\Temp\_MEI17962\win32crypt.pyd
2017-06-21 09:21 - 2017-06-21 09:21 - 00123392 ____R () C:\Users\admin1\AppData\Local\Temp\_MEI17962\wx._wizard.pyd
2017-06-21 09:21 - 2017-06-21 09:21 - 00077312 ____R () C:\Users\admin1\AppData\Local\Temp\_MEI17962\wx._html2.pyd
2017-06-21 09:21 - 2017-06-21 09:21 - 00027648 ____R () C:\Users\admin1\AppData\Local\Temp\_MEI17962\_multiprocessing.pyd
2017-06-21 09:21 - 2017-06-21 09:21 - 00020480 ____R () C:\Users\admin1\AppData\Local\Temp\_MEI17962\_yappi.pyd
2017-06-21 09:21 - 2017-06-21 09:21 - 00035840 ____R () C:\Users\admin1\AppData\Local\Temp\_MEI17962\win32process.pyd
2017-06-21 09:21 - 2017-06-21 09:21 - 00078848 ____R () C:\Users\admin1\AppData\Local\Temp\_MEI17962\wx._animate.pyd
2017-06-21 09:21 - 2017-06-21 09:21 - 00024064 ____R () C:\Users\admin1\AppData\Local\Temp\_MEI17962\win32pipe.pyd
2017-06-21 09:21 - 2017-06-21 09:21 - 00010240 ____R () C:\Users\admin1\AppData\Local\Temp\_MEI17962\select.pyd
2017-06-21 09:21 - 2017-06-21 09:21 - 00025600 ____R () C:\Users\admin1\AppData\Local\Temp\_MEI17962\win32pdh.pyd
2017-06-21 09:21 - 2017-06-21 09:21 - 00017408 ____R () C:\Users\admin1\AppData\Local\Temp\_MEI17962\win32profile.pyd
2017-06-21 09:21 - 2017-06-21 09:21 - 00022528 ____R () C:\Users\admin1\AppData\Local\Temp\_MEI17962\win32ts.pyd
2013-06-01 15:42 - 2012-06-07 22:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 13:34 - 2012-06-08 13:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\str => ""="service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-4125187598-2613234932-3738395790-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\admin1\Desktop\richards_snow1resized.jpg
DNS Servers: 208.180.42.68 - 208.180.42.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{AE187273-4529-41BB-9A83-F82A96ADE692}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{5C0C42BC-C148-44A7-83D2-72A2827FF410}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{1BB83542-B718-4FE5-A142-A0E5B3A5D290}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{AC27B900-62BE-4FC0-97F6-AF74C3068AC3}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{F766B4C9-F481-4600-B93A-BC4EAFD7CE82}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{678A7DA4-9969-4CF3-824B-7FF2F43DDED3}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{2BB0CE2B-FA15-4F9B-892F-7B635DAB41DA}] => (Allow) C:\Users\admin1\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{4640A3D5-1257-4995-B810-7274A1A959BC}] => (Allow) C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{5B649856-E59C-4FD3-A8E8-FC0AA1F68C94}] => (Allow) C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{4D571E8D-B95D-403D-9ED4-271843324EFE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{90430440-76E7-4554-B0A8-937276F5B3EA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5BEED633-32E9-4E57-8154-BB4C4EB8A42E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{09B1B502-E79E-4BCF-BFFF-4DB8AEE3ED14}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{ADB39FB1-E238-40E5-B99E-CA4826DB9F88}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0E476449-5DA6-4FFB-B19E-5BD029C60890}] => (Allow) C:\Program Files\iTunes\iTunes.exe
==================== Restore Points =========================
05-06-2017 17:32:56 Checkpoint by HitmanPro
13-06-2017 09:50:36 Scheduled Checkpoint
20-06-2017 18:13:40 Installed iTunes
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/13/2017 09:50:47 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary MpKsl1f72e3d3.
System Error:
The system cannot find the file specified.
.
Error: (06/05/2017 05:33:25 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x0000048c,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,00000092DB02ECF0.72). hr = 0x80070005, Access is denied.
.
Error: (06/05/2017 05:33:25 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000e6c,(null),0,REG_BINARY,000000ED06ADDB90.72). hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
Writer Name: WMI Writer
Writer Instance ID: {0ecb4657-d4c7-4b7f-a9a1-328ed221ba80}
Error: (06/05/2017 05:33:25 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000008d4,(null),0,REG_BINARY,000000CF40BADE10.72). hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
Writer Name: MSSearch Service Writer
Writer Instance ID: {2cd64f96-8010-4332-90f9-2b7638b8e462}
Error: (06/05/2017 05:33:25 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000003d0,(null),0,REG_BINARY,000000FD2784E270.72). hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {812847e4-0290-472c-b3af-c4ec7dfac6ca}
Error: (06/05/2017 05:33:25 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x0000022c,SYSTEM\CurrentControlSet\Services\VSS\Diag\Shadow Copy Optimization Writer,0,REG_BINARY,00000092DC7BE6E0.72). hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {ea54ebad-7b1b-4b21-a0d5-c69f25be4a01}
Error: (06/05/2017 05:33:25 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000e6c,(null),0,REG_BINARY,000000ED06ADDB90.72). hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
Writer Name: WMI Writer
Writer Instance ID: {0ecb4657-d4c7-4b7f-a9a1-328ed221ba80}
Error: (06/05/2017 05:33:25 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000008d4,(null),0,REG_BINARY,000000CF40BADE10.72). hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
Writer Name: MSSearch Service Writer
Writer Instance ID: {2cd64f96-8010-4332-90f9-2b7638b8e462}
Error: (06/05/2017 05:33:25 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001d0,SYSTEM\CurrentControlSet\Services\VSS\Diag\Registry Writer,0,REG_BINARY,00000092DB35EB70.72). hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
Writer Name: Registry Writer
Writer Instance ID: {784fae08-929d-4887-9d30-a01eacd4aa71}
Error: (06/05/2017 05:33:25 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000204,SYSTEM\CurrentControlSet\Services\VSS\Diag\COM+ REGDB Writer,0,REG_BINARY,00000092DC6BF280.72). hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}
Writer Name: COM+ REGDB Writer
Writer Instance ID: {dfe44516-3f0b-466f-a22a-1cab456018b8}
System errors:
=============
Error: (06/21/2017 09:33:49 AM) (Source: DCOM) (EventID: 10010) (User: admin)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.
Error: (06/21/2017 09:33:19 AM) (Source: DCOM) (EventID: 10010) (User: admin)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.
Error: (06/20/2017 06:21:08 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ZAM Controller Service service terminated unexpectedly. It has done this 1 time(s).
Error: (06/20/2017 12:33:28 PM) (Source: DCOM) (EventID: 10010) (User: admin)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.
Error: (06/20/2017 11:49:24 AM) (Source: DCOM) (EventID: 10010) (User: admin)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.
Error: (06/20/2017 11:48:53 AM) (Source: DCOM) (EventID: 10010) (User: admin)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.
Error: (06/20/2017 11:12:49 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ZAM Controller Service service terminated unexpectedly. It has done this 2 time(s).
Error: (06/19/2017 10:13:25 AM) (Source: DCOM) (EventID: 10010) (User: admin)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.
Error: (06/19/2017 10:08:31 AM) (Source: DCOM) (EventID: 10010) (User: admin)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.
Error: (06/19/2017 10:08:01 AM) (Source: DCOM) (EventID: 10010) (User: admin)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.
==================== Memory info ===========================
Processor: Intel® Core i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 40%
Total physical RAM: 8071.27 MB
Available physical RAM: 4811.41 MB
Total Virtual: 8679.27 MB
Available Virtual: 5084.5 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:455.86 GB) (Free:383.29 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 490E6FE7)
Partition: GPT.
==================== End of Addition.txt ============================