Hello, GTG! I'm here inquiring about an issue I've put up with from my computer that I want to resolve. My hard drive loses disk space randomly and I don't know why.
I don't have too many files or programs on my computer but out of the 119GB I have available to me, only 1.22 GB is currently available and that's only because I went through my computer this morning and deleted a few programs. Usually I'm at around 100ish MB available and on some days it fluctuates greatly, anywhere from 1.5 GB to none at all (0 byte).
I have a a few malware removal tools on my computer that don't help much at all. I've scanned my computer with Spybot, Microsoft Security Essentials and Malware Bytes Anti-Malware. Over the course of the last year Spybot and MSE have said my computer is completely clean and MBAM has notified me once of malware, finding and quarantining two files at that point in time, both of which I believe were in AppData.
I've tried to resolve this problem once before and this website I found once explained how to access AppData and manually delete sketchy file names from this cache. Before I did this I downloaded this program that showed how your disk space was being allotted and App Data was consuming most of my space, though that was almost a year ago now. I did that and my computer got much better for a short period of time, it seemed and was too good to be true. Many of them were pop up windows that looked familiar.
Some symptoms I experience are slow internet browsing speeds, shoddy connection via Skype (video is always blurry for whoever I'm skyping with unless I delete some programs), my computer incessantly reminding me I have Low Disk Space, Netflix will say "Something went wrong..." with an error code resembling M###-18053 or something similar to that, etc. I'm sure there are other symptoms that aren't coming to mind but I will edit this if I remember anything else.
So, yea. My computer is losing disk space for some strange reason which I SURMISE may be due to some files in my AppData but I am not entirely sure and any help would be amazing. Thank you.
If I have not been descriptive enough or you are confused on something please let me know and I'll try my best to fill in the blanks. Thanks again
Here is the FRST.txt log from my FRT64.exe scan:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-04-2016
Ran by Evans (administrator) on BOOMSTATION (22-04-2016 12:22:22)Running from C:\Users\Evans\DesktopLoaded Profiles: Evans (Available Profiles: Evans & Guest)Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)Internet Explorer Version 11 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe(AMD) C:\Windows\System32\atiesrxx.exe(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\stacsv64.exe(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\50.0.2661.22\remoting_host.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\50.0.2661.22\remoting_host.exe(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe(AMD) C:\Windows\System32\atieclxx.exe(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe(Microsoft Corporation) C:\Windows\System32\StikyNot.exe(Flux Software LLC) C:\Users\Evans\AppData\Local\FluxSoftware\Flux\flux.exe(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHSA.EXE(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHSA.EXE(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe(Google Inc.) C:\Users\Evans\AppData\Local\Programs\Google\MusicManager\MusicManager.exe(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Verizon) C:\Program Files (x86)\Verizon\Verizon Messages\WinVMAClient.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe(Spotify Ltd) C:\Users\Evans\AppData\Roaming\Spotify\Spotify.exe(Spotify Ltd) C:\Users\Evans\AppData\Roaming\Spotify\SpotifyCrashService.exe(Spotify Ltd) C:\Users\Evans\AppData\Roaming\Spotify\Spotify.exe(Spotify Ltd) C:\Users\Evans\AppData\Roaming\Spotify\SpotifyWebHelper.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Spotify Ltd) C:\Users\Evans\AppData\Roaming\Spotify\Spotify.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe==================== Registry (Whitelisted) ===========================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-01-21] (IDT, Inc.)HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1822504 2009-08-24] (Synaptics Incorporated)HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetchHKLM\...\Run: [IntelWirelessWiMAX] => C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe [1437696 2009-09-16] (Intel® Corporation)HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-14] (Adobe Systems Incorporated)Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\Run: [f.lux] => C:\Users\Evans\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\Run: [Google Update] => C:\Users\Evans\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-20] (Google Inc.)HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\Run: [Spotify Web Helper] => C:\Users\Evans\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1525360 2016-04-22] (Spotify Ltd)HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\Run: [EPLTarget\P0000000000000002] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHSA.EXE [241280 2013-01-03] (SEIKO EPSON CORPORATION)HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHSA.EXE [241280 2013-01-03] (SEIKO EPSON CORPORATION)HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\Run: [MusicManager] => C:\Users\Evans\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7475200 2015-03-31] (Google Inc.)HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\Run: [Spotify] => C:\Users\Evans\AppData\Roaming\Spotify\Spotify.exe [6855280 2016-04-22] (Spotify Ltd)HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\Run: [GoogleChromeAutoLaunch_3D53C1E8C493C45D0E2DECFF5959F660] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [874136 2016-03-27] (Google Inc.)HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\Run: [AutoStartVMA] => C:\Program Files (x86)\Verizon\Verizon Messages\WinVMAClient.exe [12900864 2015-09-10] (Verizon)HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\Policies\Explorer: []HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\MountPoints2: {127f379e-098a-11e2-ae48-70f1a1b7c8b0} - E:\setup.exeHKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\MountPoints2: {1b971fbc-6dc9-11e5-9fb5-70f1a1b7c8b0} - E:\VZW_Software_upgrade_assistant.exeHKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\MountPoints2: {24e9bf11-c599-11e1-af4f-f04da247060b} - E:\setup.exe -aHKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\MountPoints2: {292a1846-0d7f-11e2-afed-70f1a1b7c8b0} - E:\LaunchU3.exe -aHKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\MountPoints2: {325a1442-6aa1-11e4-b5da-70f1a1b7c8b0} - F:\VZW_Software_upgrade_assistant.exeHKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\MountPoints2: {d8c71570-c262-11e3-86a8-70f1a1b7c8b0} - E:\LaunchU3.exe -aShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google)ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google)ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google)ShellIconOverlayIdentifiers: [ SncrOverlays (Blocked)] -> {C418E880-6280-4010-A888-FD76028E5511} => C:\Program Files\Verizon\Verizon Cloud\x64\Sncr.Overlays.dll [2015-11-24] (Synchronoss Technologies Inc.)ShellIconOverlayIdentifiers: [ SncrOverlays (InSync)] -> {5F4A6070-DB92-4C56-A487-F3850430608F} => C:\Program Files\Verizon\Verizon Cloud\x64\Sncr.Overlays.dll [2015-11-24] (Synchronoss Technologies Inc.)ShellIconOverlayIdentifiers: [ SncrOverlays (Pending)] -> {EE73A341-C788-4A6B-B1EF-DDBFC0F190B6} => C:\Program Files\Verizon\Verizon Cloud\x64\Sncr.Overlays.dll [2015-11-24] (Synchronoss Technologies Inc.)ShellIconOverlayIdentifiers: [ SncrOverlays (Syncing)] -> {28CDCD88-B179-49D6-8B21-1A9AF9C0AE13} => C:\Program Files\Verizon\Verizon Cloud\x64\Sncr.Overlays.dll [2015-11-24] (Synchronoss Technologies Inc.)ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No FileShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No FileShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No FileStartup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2009-12-15]ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)Startup: C:\Users\Evans\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2012-01-30]ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)==================== Internet (Whitelisted) ====================(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txtTcpip\Parameters: [DhcpNameServer] 192.168.1.1Tcpip\..\Interfaces\{9BDE40C7-9904-4D29-A8F0-21C239BA3C04}: [DhcpNameServer] 192.168.1.1Internet Explorer:==================SearchScopes: HKLM-x32 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-12-18] (Oracle Corporation)BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-12-18] (Oracle Corporation)Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No FileHandler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies)Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)FireFox:========FF ProfilePath: C:\Users\Evans\AppData\Roaming\Mozilla\Firefox\Profiles\5t1kyevr.defaultFF Plugin: @microsoft.com/GENUINE -> disabled [No File]FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-12-18] (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-12-18] (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-02-27] (Adobe Systems Inc.)FF Plugin HKU\S-1-5-21-2915380412-2660705316-131880791-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Evans\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [No File]FF Plugin HKU\S-1-5-21-2915380412-2660705316-131880791-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Evans\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)FF Plugin HKU\S-1-5-21-2915380412-2660705316-131880791-1001: @talk.google.com/O1DPlugin -> C:\Users\Evans\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)FF Plugin HKU\S-1-5-21-2915380412-2660705316-131880791-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Evans\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [No File]FF Plugin HKU\S-1-5-21-2915380412-2660705316-131880791-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Evans\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [No File]FF Plugin HKU\S-1-5-21-2915380412-2660705316-131880791-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Evans\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-01-03] (Unity Technologies ApS)FF Plugin ProgramFiles/Appdata: C:\Users\Evans\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)FF Plugin ProgramFiles/Appdata: C:\Users\Evans\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)Chrome:=======CHR HomePage: Default -> hxxp://www.google.comCHR StartupUrls: Default -> "","hxxp://www.google.com/"CHR Session Restore: Default -> is enabled.CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.7.796\_platform_specific\win_x86\widevinecdmadapter.dll => No FileCHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\PepperFlash\pepflashplayer.dll ()CHR Profile: C:\Users\Evans\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Slides) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-21]CHR Extension: (Google Docs) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-21]CHR Extension: (Google Drive) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]CHR Extension: (YouTube) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27]CHR Extension: (Adblock Plus) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-03-08]CHR Extension: (Spotify - Music for every moment) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh [2015-09-21]CHR Extension: (Google Search) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-02]CHR Extension: (Netflix) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\deceagebecbceejblnlcjooeohmmeldh [2015-09-21]CHR Extension: (Google+) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm [2015-12-10]CHR Extension: (Google Calendar) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-10-12]CHR Extension: (Photo Zoom for Facebook) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi [2014-08-10]CHR Extension: (Google Sheets) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-21]CHR Extension: (Mentioned Videos for Reddit) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\fiimkmdalmgffhibfdjnhljpnigcmohf [2015-07-01]CHR Extension: (Google Docs Offline) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]CHR Extension: (VBA-M) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\haggjokgofpdnidibklgiepchbpamcni [2015-09-21]CHR Extension: (Google Keep - notes and lists) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2016-04-21]CHR Extension: (Crackle) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfamoapbmmmlknoopmmfofgladlinic [2015-09-21]CHR Extension: (Google Play Music) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2015-09-21]CHR Extension: (Really unexpected jihad and cena!) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikdnplleocicihlgeaijcmjhobapdmep [2016-02-22]CHR Extension: (SoundCloud) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipebkipbeggmmkjjljenoblnfaenambp [2015-09-21]CHR Extension: (Reddit Enhancement Suite) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2016-03-17]CHR Extension: (Google Hangouts) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2016-03-16]CHR Extension: (Google Play) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2015-09-21]CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-06]CHR Extension: (Google Maps) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-09-21]CHR Extension: (Google Drawings) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkaakpdehdafacodkgkpghoibnmamcme [2015-09-27]CHR Extension: (Ghostery) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2016-02-22]CHR Extension: (Google Play Books) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2016-04-21]CHR Extension: (Chrome Web Store Payments) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]CHR Extension: (My Chrome Theme) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2015-08-26]CHR Extension: (myHomework Student Planner) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\pembccdigcahnckbjcbehhcacplbbomj [2016-03-25]CHR Extension: (Visualping) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\pemhgklkefakciniebenbfclihhmmfcd [2016-04-05]CHR Extension: (SiteBlock) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfglnpdpgmecffbejlfgpnebopinlclj [2012-11-12]CHR Extension: (Gmail) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-04]CHR Extension: (RSS Feed Reader) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjaodmkngahhkoihejjehlcdlnohgmp [2016-03-07]CHR HKU\S-1-5-21-2915380412-2660705316-131880791-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Evans\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-17]CHR HKU\S-1-5-21-2915380412-2660705316-131880791-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crxCHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]==================== Services (Whitelisted) ========================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)S4 BNPagent; C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe [3082384 2012-08-16] (Bradford Networks)R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\50.0.2661.22\remoting_host.exe [69016 2016-03-08] (Google Inc.)R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [403456 2009-09-16] (Red Bend Ltd.) [File not signed]R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2010-01-11] (Stardock Corporation) [File not signed]S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-07-17] ()R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]S4 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)S4 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)S4 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe [244736 2010-01-21] (IDT, Inc.)R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [907264 2009-09-16] (Intel® Corporation) [File not signed]S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3377904 2013-07-17] (Intel® Corporation)===================== Drivers (Whitelisted) ==========================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-23] (Malwarebytes Corporation)S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [52736 2012-07-09] (Apple, Inc.) [File not signed]S3 Delldiag; \??\C:\__de11ctstestfolder20120wdcsa__\DellDiags\WBT_W64\DDDriver.sys [X]S3 PCDSRVC{1353820B-E58E0D1F-06020200}_0; \??\c:\__de11ctstestfolder20120wdcsa__\tools\pcdr\pcdsrvc_x64.pkms [X]S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]S3 tsusbhub; system32\drivers\tsusbhub.sys [X]S3 VGPU; System32\drivers\rdvgkmd.sys [X]==================== NetSvcs (Whitelisted) ===================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)==================== One Month Created files and folders ========(If an entry is included in the fixlist, the file/folder will be moved.)2016-04-22 12:22 - 2016-04-22 12:22 - 00027779 _____ C:\Users\Evans\Desktop\FRST.txt2016-04-22 12:21 - 2016-04-22 12:22 - 00000000 ____D C:\FRST2016-04-22 12:16 - 2016-04-22 12:16 - 02375680 _____ (Farbar) C:\Users\Evans\Desktop\FRST64.exe2016-04-20 13:03 - 2016-04-20 13:03 - 00480336 _____ C:\Windows\system32\FNTCACHE.DAT2016-04-20 13:03 - 2016-04-20 13:03 - 00124712 _____ C:\Users\Evans\AppData\Local\GDIPFONTCACHEV1.DAT2016-04-20 13:02 - 2016-04-20 13:02 - 00785232 ____H C:\Users\Evans\AppData\Local\IconCache.db.backup2016-04-18 09:42 - 2016-04-18 09:42 - 00000000 _____ C:\Users\Evans\Desktop\study_guide_electrochemistry.pdf2016-04-18 09:41 - 2016-04-18 09:41 - 00087161 _____ C:\Users\Evans\Desktop\attachments.zip2016-04-15 13:57 - 2016-04-15 13:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Verizon Messages2016-04-15 13:56 - 2016-04-15 13:56 - 00000000 ____D C:\Program Files (x86)\Verizon2016-04-15 13:55 - 2016-04-15 13:55 - 14616608 _____ (Verizon) C:\Users\Evans\Documents\Message+.exe2016-04-03 22:24 - 2016-04-19 19:04 - 00000000 ____D C:\Users\Evans\Desktop\Lab 1262016-04-03 22:22 - 2016-04-03 22:22 - 21692750 _____ C:\Users\Evans\Desktop\Physics_Lab-2016-01-21.zip==================== One Month Modified files and folders ========(If an entry is included in the fixlist, the file/folder will be moved.)2016-04-22 12:20 - 2012-02-07 16:14 - 00000000 ____D C:\Users\Evans\AppData\Roaming\Skype2016-04-22 12:20 - 2009-07-14 00:45 - 00020112 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02016-04-22 12:20 - 2009-07-14 00:45 - 00020112 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02016-04-22 12:15 - 2013-03-12 15:49 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job2016-04-22 11:58 - 2012-06-15 16:12 - 00000000 ____D C:\Users\Evans\AppData\Roaming\Spotify2016-04-22 11:53 - 2012-06-15 16:13 - 00000000 ____D C:\Users\Evans\AppData\Local\Spotify2016-04-22 11:52 - 2012-02-25 13:53 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2016-04-22 11:49 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT2016-04-22 11:48 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf2016-04-22 11:39 - 2012-01-30 19:26 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2915380412-2660705316-131880791-1001UA.job2016-04-22 11:27 - 2015-09-21 23:21 - 00000000 ____D C:\Users\Evans\AppData\Local\Dropbox2016-04-22 11:26 - 2012-02-25 13:53 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2016-04-22 10:50 - 2015-09-21 23:16 - 00000000 ___RD C:\Users\Evans\Dropbox2016-04-22 10:50 - 2014-04-04 14:25 - 00000000 ____D C:\Users\Evans\AppData\Roaming\Dropbox2016-04-22 10:17 - 2012-03-08 14:27 - 00000928 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2915380412-2660705316-131880791-1001UA.job2016-04-22 03:57 - 2009-12-15 12:54 - 00453288 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe2016-04-21 16:17 - 2012-03-08 14:27 - 00000906 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2915380412-2660705316-131880791-1001Core.job2016-04-21 15:00 - 2012-01-30 19:26 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2915380412-2660705316-131880791-1001Core.job2016-04-15 13:57 - 2013-08-24 15:26 - 00000000 ____D C:\ProgramData\Package Cache2016-04-15 13:42 - 2009-07-14 01:08 - 00032634 _____ C:\Windows\Tasks\SCHEDLGU.TXT2016-04-03 13:39 - 2012-02-25 13:54 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk2016-04-01 08:01 - 2009-07-14 01:13 - 00000574 _____ C:\Windows\system32\PerfStringBackup.INI2016-03-30 07:25 - 2012-11-26 00:28 - 00000000 ___RD C:\Program Files (x86)\Skype2016-03-30 07:25 - 2012-02-25 13:53 - 00000000 ____D C:\Program Files (x86)\Google2016-03-30 07:24 - 2012-02-07 16:14 - 00000000 ____D C:\ProgramData\Skype==================== Files in the root of some directories =======2015-05-15 17:06 - 2015-05-15 17:06 - 0000000 _____ () C:\Program Files (x86)\GUTF3B1.tmp2012-11-02 06:00 - 2012-11-02 06:04 - 0005305 _____ () C:\Users\Evans\AppData\Roaming\flexadmin.xml2014-11-01 11:13 - 2014-11-01 11:13 - 0000000 _____ () C:\Users\Evans\AppData\Local\{3C79C78A-7E6E-4E32-978C-55C0793C005F}2012-10-03 01:22 - 2012-10-03 02:19 - 0000815 _____ () C:\ProgramData\hpzinstall.log2012-10-03 16:33 - 2012-10-03 16:33 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc==================== Bamital & volsnap =================(There is no automatic fix for files that do not pass verification.)C:\Windows\system32\winlogon.exe => File is digitally signedC:\Windows\system32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\system32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\system32\services.exe => File is digitally signedC:\Windows\system32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\system32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\system32\rpcss.dll => File is digitally signedC:\Windows\system32\dnsapi.dll => File is digitally signedC:\Windows\SysWOW64\dnsapi.dll => File is digitally signedC:\Windows\system32\Drivers\volsnap.sys => File is digitally signedLastRegBack: 2016-04-09 02:50==================== End of FRST.txt ============================
And here is the Addition.txt log:
Additional scan result of Farbar Recovery Scan Tool (x64) Version:18-04-2016
Ran by Evans (2016-04-22 12:23:19)Running from C:\Users\Evans\DesktopWindows 7 Ultimate Service Pack 1 (X64) (2012-01-30 23:25:24)Boot Mode: Normal============================================================================== Accounts: =============================Administrator (S-1-5-21-2915380412-2660705316-131880791-500 - Administrator - Disabled)Evans (S-1-5-21-2915380412-2660705316-131880791-1001 - Administrator - Enabled) => C:\Users\EvansGuest (S-1-5-21-2915380412-2660705316-131880791-501 - Limited - Enabled) => C:\Users\GuestHomeGroupUser$ (S-1-5-21-2915380412-2660705316-131880791-1002 - Limited - Enabled)==================== Security Center ========================(If an entry is included in the fixlist, it will be removed.)AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Spybot - Search and Destroy (Disabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}==================== Installed Programs ======================(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)µTorrent (HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\uTorrent) (Version: 3.4.5.41372 - BitTorrent Inc.)64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) HiddenAdobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)Adobe Reader XI (11.0.15) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.15 - Adobe Systems Incorporated)Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)AMD Catalyst Install Manager (HKLM\...\{7E5DC2C5-115A-322B-976C-219237FAED66}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)Bradford Persistent Agent (HKLM-x32\...\{1DFDD524-C61F-444A-AFD4-E780DECF7816}) (Version: 2.2.6.4 - Bradford Networks)CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)Chrome Remote Desktop Host (HKLM-x32\...\{C230A275-D2A0-446B-ACE5-06BF067D50F2}) (Version: 50.0.2661.22 - Google Inc.)Defraggler (HKLM\...\Defraggler) (Version: 2.14 - Piriform)Dell Dock (HKLM-x32\...\Dell Dock) (Version: 2.0 - Stardock Corporation)Dell Dock (Version: 2.0 - Stardock Corporation) HiddenDell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 14.0.2.0 - Synaptics Incorporated)Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)EPSON WorkForce 845 Series Printer Uninstall (HKLM\...\EPSON WorkForce 845 Series) (Version: - SEIKO EPSON Corporation)f.lux (HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\Flux) (Version: - )Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)Fallout (HKLM-x32\...\Fallout_is1) (Version: - GOG.com)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.110 - Google Inc.)Google Drive (HKLM-x32\...\{895D0391-459F-4D45-B8DD-13F0DE70C66E}) (Version: 1.28.1549.1322 - Google, Inc.)Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) HiddenGoogle Update Helper (x32 Version: 1.3.29.5 - Google Inc.) HiddenHalf-Life 2 (HKLM-x32\...\Steam App 220) (Version: - Valve)Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)HP Photosmart D110 All-In-One Driver 14.0 Rel. 7 (HKLM\...\{14BC6853-A74E-4874-B50D-679889D1544D}) (Version: 14.0 - HP)Intel® PROSet/Wireless Software (HKLM-x32\...\{1e9b4847-4e73-4d00-91f5-96e0f6ce3e5a}) (Version: 16.1.1 - Intel Corporation)Intel® PROSet/Wireless WiMAX Software (HKLM\...\{FAE224AF-B15E-448B-88FA-1839A7570CF8}) (Version: 2.00.0011 - Intel Corporation)InViewer version 0.81 (HKLM-x32\...\{7E575733-1DF5-4064-AE38-289BA932398A}_is1) (Version: 0.81 - Stefan Wobbe)Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)League of Legends (x32 Version: 3.0.1 - Riot Games) HiddenMagicka (HKLM-x32\...\Steam App 42910) (Version: - Arrowhead Game Studios)Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)Maple 16 (HKLM\...\Maple 16) (Version: - Maplesoft)Maple 16 (HKLM-x32\...\Maple 16) (Version: 16.0.0.0 - Maplesoft)Maple Toolbox (HKLM-x32\...\Maple Toolbox) (Version: 16.0.0.0 - Maplesoft)MediaMonkey 4.0 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.0 - Ventis Media Inc.)Message+ (HKLM-x32\...\{c828830f-53d4-4a2f-ad5a-0b86574bce11}) (Version: 1.0.17.0 - Verizon)Message+ (x32 Version: 1.0.17.0 - Verizon) HiddenMicrosoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)Music Manager (HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\MusicManager) (Version: - Google, Inc.)Network64 (Version: 140.0.212.000 - Hewlett-Packard) HiddenOpenOffice 4.0.0 (HKLM-x32\...\{55E61709-D7D4-43C0-B45D-BFAF5C09A02D}) (Version: 4.00.9702 - Apache Software Foundation)PS_AIO_07_D110_SW_Min (x32 Version: 140.0.142.000 - Hewlett-Packard) HiddenQuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)Raptr (HKLM-x32\...\Raptr) (Version: - )RPG MAKER VX Ace RTP (HKLM-x32\...\RPGVXAce_RTP_is1) (Version: 1.00 - Enterbrain)SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)Scan (x32 Version: 140.0.77.000 - Hewlett-Packard) HiddenSkype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)Skype™ 7.21 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.21.100 - Skype Technologies S.A.)Spotify (HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\Spotify) (Version: 1.0.27.75.gdc223232 - Spotify AB)Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)SUABnR (HKLM-x32\...\InstallShield_{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.)SUABnR (x32 Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.) HiddenTeam Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)Toolbox (x32 Version: 140.0.424.000 - Hewlett-Packard) HiddenUnity Web Player (HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\UnityWebPlayer) (Version: - Unity Technologies ApS)Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)Verizon Cloud (HKLM\...\Verizon Cloud) (Version: 15.3.7.8 - Verizon)Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM-x32\...\{3D355D7F-004B-4D8B-9AAC-E1B4F8F7A6E7}) (Version: 2.15.0508 - Samsung Electronics Co., Ltd.)Verizon Wireless Software Utility Application for Android - Samsung (HKLM-x32\...\{F493FC2E-A0ED-4B7F-A25B-2161A225D294}) (Version: 2.15.0904 - Samsung Electronics Co., Ltd.)WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.0.9603 - Broadcom Corporation)WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)==================== Custom CLSID (Whitelisted): ==========================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)CustomCLSID: HKU\S-1-5-21-2915380412-2660705316-131880791-1001_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)CustomCLSID: HKU\S-1-5-21-2915380412-2660705316-131880791-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Evans\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)CustomCLSID: HKU\S-1-5-21-2915380412-2660705316-131880791-1001_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)CustomCLSID: HKU\S-1-5-21-2915380412-2660705316-131880791-1001_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)CustomCLSID: HKU\S-1-5-21-2915380412-2660705316-131880791-1001_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation)CustomCLSID: HKU\S-1-5-21-2915380412-2660705316-131880791-1001_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation)CustomCLSID: HKU\S-1-5-21-2915380412-2660705316-131880791-1001_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)CustomCLSID: HKU\S-1-5-21-2915380412-2660705316-131880791-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Evans\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)==================== Scheduled Tasks (Whitelisted) =============(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)Task: {0C1BAFFB-809A-416E-A536-D9C19424F1A8} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2915380412-2660705316-131880791-1001Core => C:\Users\Evans\AppData\Local\Facebook\Update\FacebookUpdate.exeTask: {0E61D970-4B54-443B-B8C5-8A59C01B7A85} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)Task: {129215A7-C6B5-490E-BB0A-235D20A68C56} - System32\Tasks\Your File Updater => C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe <==== ATTENTIONTask: {2AD370D3-8235-4222-A56A-75AA4CB1D6F2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)Task: {2C7A7AEE-9D08-44CD-BE64-F59C2E5291E8} - System32\Tasks\{80034D0E-D9D9-4A21-AEE9-7376293B06A3} => pcalua.exe -a C:\Users\Evans\Downloads\winsdk_web.exe -d C:\Users\Evans\DownloadsTask: {3B691F75-0F9F-4609-960A-AE2902EFA315} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2915380412-2660705316-131880791-1001UA => C:\Users\Evans\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)Task: {42439A62-EAB9-46AF-BCD3-57EBEBDF19AC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)Task: {4A636A23-2DF3-4BA9-BCA0-4EBFB8121C57} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)Task: {5653D9B7-02C0-4F37-8D72-4332B373FC38} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)Task: {58F04CD6-7E8E-41EE-9F73-908D5C560707} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2915380412-2660705316-131880791-1001Core => C:\Users\Evans\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)Task: {60026016-4E1F-42CE-B1EE-061E4077B868} - System32\Tasks\{30BBAB27-7BD1-47D8-8BD9-E1FB6EC92C43} => pcalua.exe -a C:\Users\Evans\Downloads\setup1.exe -d C:\Users\Evans\DownloadsTask: {6537CA8B-A253-4BF8-853E-81109AE5B7D8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)Task: {7ACAF0BB-406A-415B-9406-8563FB966D92} - System32\Tasks\{B40F3588-512D-4179-88D9-51B019C70E75} => pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "C:\Program Files\PTC\Creo 1.0\Parametric\bin\parametric.exe"Task: {9DAB3923-1F4E-4C16-BF0B-F39A54FBD64C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)Task: {B3E3CED7-52E6-4B9A-BA03-2ECF28A33785} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exeTask: {B9689E7B-9A9A-4F63-840A-364343B9BBE9} - System32\Tasks\avastBCLRestart_chrome.exe => Chrome.exeTask: {CAA4BDB6-E505-4702-949D-AB4F953D5A40} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)Task: {E6BDAA22-1C6B-4E79-99F4-1A938048A57A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2915380412-2660705316-131880791-1001UA => C:\Users\Evans\AppData\Local\Facebook\Update\FacebookUpdate.exe(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2915380412-2660705316-131880791-1001Core.job => C:\Users\Evans\AppData\Local\Facebook\Update\FacebookUpdate.exeTask: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2915380412-2660705316-131880791-1001UA.job => C:\Users\Evans\AppData\Local\Facebook\Update\FacebookUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2915380412-2660705316-131880791-1001Core.job => C:\Users\Evans\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2915380412-2660705316-131880791-1001UA.job => C:\Users\Evans\AppData\Local\Google\Update\GoogleUpdate.exe==================== Shortcuts =============================(The entries could be listed to be restored or removed.)==================== Loaded Modules (Whitelisted) ==============2009-08-18 01:10 - 2009-08-18 01:10 - 00173344 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll2014-09-03 15:15 - 2014-09-03 15:15 - 10683392 _____ () C:\Users\Evans\AppData\Local\Programs\Google\MusicManager\QtWebKit4.dll2014-09-03 15:15 - 2014-09-03 15:15 - 07741952 _____ () C:\Users\Evans\AppData\Local\Programs\Google\MusicManager\QtGui4.dll2014-09-03 15:15 - 2014-09-03 15:15 - 02248192 _____ () C:\Users\Evans\AppData\Local\Programs\Google\MusicManager\QtCore4.dll2014-09-03 15:15 - 2014-09-03 15:15 - 01681408 _____ () C:\Users\Evans\AppData\Local\Programs\Google\MusicManager\QtNetwork4.dll2015-03-31 18:33 - 2015-03-31 18:33 - 00117248 _____ () C:\Users\Evans\AppData\Local\Programs\Google\MusicManager\libaacdec.dll2015-03-31 18:33 - 2015-03-31 18:33 - 00231936 _____ () C:\Users\Evans\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll2015-03-31 18:33 - 2015-03-31 18:33 - 00253440 _____ () C:\Users\Evans\AppData\Local\Programs\Google\MusicManager\libid3tag.dll2015-03-31 18:33 - 2015-03-31 18:33 - 00344064 _____ () C:\Users\Evans\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll2014-09-03 15:15 - 2014-09-03 15:15 - 00026624 _____ () C:\Users\Evans\AppData\Local\Programs\Google\MusicManager\imageformats\qgif4.dll2014-10-20 20:21 - 2014-10-20 20:21 - 00612152 _____ () C:\Program Files (x86)\Verizon\Verizon Messages\sqlite3.DLL2015-05-13 04:30 - 2015-05-13 04:30 - 01655296 _____ () C:\Program Files (x86)\Verizon\Verizon Messages\VzMessagingClientLib.dll2016-04-03 13:39 - 2016-03-27 03:58 - 01675928 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\libglesv2.dll2016-04-03 13:39 - 2016-03-27 03:58 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\libegl.dll2015-09-24 00:40 - 2016-04-22 11:53 - 47503472 _____ () C:\Users\Evans\AppData\Roaming\Spotify\libcef.dll2015-09-24 00:40 - 2016-04-22 11:52 - 01584240 _____ () C:\Users\Evans\AppData\Roaming\Spotify\libglesv2.dll2015-09-24 00:40 - 2016-04-22 11:52 - 00082032 _____ () C:\Users\Evans\AppData\Roaming\Spotify\libegl.dll2016-04-08 18:08 - 2016-04-08 13:53 - 17532096 _____ () C:\Users\Evans\AppData\Local\Google\Chrome\User Data\PepperFlash\21.0.0.216\pepflashplayer.dll==================== Alternate Data Streams (Whitelisted) =========(If an entry is included in the fixlist, only the ADS will be removed.)AlternateDataStreams: C:\Users\Evans\.DS_Store:AFP_AfpInfo [122]AlternateDataStreams: C:\Users\Evans\Desktop\.DS_Store:AFP_AfpInfo [122]AlternateDataStreams: C:\Users\Evans\Documents\.DS_Store:AFP_AfpInfo [122]AlternateDataStreams: C:\Users\Public\.DS_Store:AFP_AfpInfo [122]==================== Safe Mode (Whitelisted) ===================(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMPCHelper => ""=""HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tvnserver => ""=""==================== EXE Association (Whitelisted) ===============(If an entry is included in the fixlist, the registry item will be restored to default or removed.)==================== Internet Explorer trusted/restricted ===============(If an entry is included in the fixlist, it will be removed from the registry.)IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.comIE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.comIE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.comIE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.comIE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.comIE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.comIE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.comIE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.comIE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.comIE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.comIE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.comIE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.comIE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.comIE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.comIE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.netIE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.netIE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.infoIE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.comIE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.comIE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.comThere are 7867 more sites.IE restricted site: HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\007guard.com -> install.007guard.comIE restricted site: HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\008i.com -> 008i.comIE restricted site: HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\008k.com -> www.008k.comIE restricted site: HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\00hq.com -> www.00hq.comIE restricted site: HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\010402.com -> 010402.comIE restricted site: HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.comIE restricted site: HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\0scan.com -> www.0scan.comIE restricted site: HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\1-2005-search.com -> www.1-2005-search.comIE restricted site: HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\1-domains-registrations.com -> www.1-domains-registrations.comIE restricted site: HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\1000gratisproben.com -> www.1000gratisproben.comIE restricted site: HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\1001namen.com -> www.1001namen.comIE restricted site: HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\100888290cs.com -> mir.100888290cs.comIE restricted site: HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\100sexlinks.com -> www.100sexlinks.comIE restricted site: HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\10sek.com -> www.10sek.comIE restricted site: HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\12-26.net -> user1.12-26.netIE restricted site: HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\12-27.net -> user1.12-27.netIE restricted site: HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\123fporn.info -> www.123fporn.infoIE restricted site: HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.comIE restricted site: HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\123moviedownload.com -> www.123moviedownload.comIE restricted site: HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\123simsen.com -> www.123simsen.comThere are 7867 more sites.==================== Hosts content: ==========================(If needed Hosts: directive could be included in the fixlist to reset Hosts.)2009-07-13 22:34 - 2015-01-19 02:41 - 00450892 ____R C:\Windows\system32\Drivers\etc\hosts127.0.0.1 www.007guard.com127.0.0.1 007guard.com127.0.0.1 008i.com127.0.0.1 www.008k.com127.0.0.1 008k.com127.0.0.1 www.00hq.com127.0.0.1 00hq.com127.0.0.1 010402.com127.0.0.1 www.032439.com127.0.0.1 032439.com127.0.0.1 www.0scan.com127.0.0.1 0scan.com127.0.0.1 www.1000gratisproben.com127.0.0.1 1000gratisproben.com127.0.0.1 1001namen.com127.0.0.1 www.1001namen.com127.0.0.1 100888290cs.com127.0.0.1 www.100888290cs.com127.0.0.1 www.100sexlinks.com127.0.0.1 100sexlinks.com127.0.0.1 www.10sek.com127.0.0.1 10sek.com127.0.0.1 www.1-2005-search.com127.0.0.1 1-2005-search.com127.0.0.1 www.123fporn.info127.0.0.1 123fporn.info127.0.0.1 123haustiereundmehr.com127.0.0.1 www.123haustiereundmehr.com127.0.0.1 123moviedownload.com127.0.0.1 www.123moviedownload.comThere are 15465 more lines.==================== Other Areas ============================(Currently there is no automatic fix for this section.)HKU\S-1-5-21-2915380412-2660705316-131880791-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Evans\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpgDNS Servers: 192.168.1.1HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)Windows Firewall is enabled.==================== MSCONFIG/TASK MANAGER disabled items ==(Currently there is no automatic fix for this section.)MSCONFIG\Services: AdobeARMservice => 2MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3MSCONFIG\Services: AMD External Events Utility => 2MSCONFIG\Services: BNPagent => 2MSCONFIG\Services: EPSON_PM_RPCV4_05 => 2MSCONFIG\Services: MBAMScheduler => 2MSCONFIG\Services: MBAMService => 2MSCONFIG\Services: SDScannerService => 2MSCONFIG\Services: SDUpdateService => 2MSCONFIG\Services: SDWSCService => 2MSCONFIG\Services: SkypeUpdate => 2MSCONFIG\Services: Steam Client Service => 3MSCONFIG\startupfolder: C:^Users^Evans^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Curse.lnk => C:\Windows\pss\Curse.lnk.StartupMSCONFIG\startupfolder: C:^Users^Evans^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Messenger.lnk => C:\Windows\pss\Facebook Messenger.lnk.StartupMSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITORMSCONFIG\startupreg: EPLTarget =>MSCONFIG\startupreg: Facebook Update => "C:\Users\Evans\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserverMSCONFIG\startupreg: Google Update => "C:\Users\Evans\AppData\Local\Google\Update\GoogleUpdate.exe" /cMSCONFIG\startupreg: GoogleChromeAutoLaunch_3D53C1E8C493C45D0E2DECFF5959F660 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-windowMSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostartMSCONFIG\startupreg: MusicManager => "C:\Users\Evans\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimeMSCONFIG\startupreg: Raptr => C:\PROGRA~2\Raptr\raptrstub.exe --startupMSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"MSCONFIG\startupreg: Spotify => "C:\Users\Evans\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostartMSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Evans\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRunMSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"MSCONFIG\startupreg: VerizonCloud => C:\Program Files\Verizon\Verizon Cloud\VerizonCloud.exe==================== FirewallRules (Whitelisted) ===============(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)FirewallRules: [{E73EF87B-EE4B-4CF9-949D-C98E35896CB1}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exeFirewallRules: [{CCB9054E-25C3-4735-8AB3-7109E6F7A0D1}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exeFirewallRules: [{EA6A1E13-EDA1-4BF1-B708-847BDB1E311F}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exeFirewallRules: [{AEC9E28B-2600-443C-8D5E-5B85793085D8}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exeFirewallRules: [{CBD705DF-22B4-4ED9-9690-56366FFBEDB2}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exeFirewallRules: [{3BFB1D7B-0C3F-4BEA-81A0-628F6EA43B02}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exeFirewallRules: [{890E5581-056B-4834-946D-145553300CE7}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exeFirewallRules: [{DA2FC488-4B3B-415A-9672-6014875DA63B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exeFirewallRules: [{EB68A79C-07B9-4ED9-B1CA-567BC2726D48}] => (Allow) C:\Program Files (x86)\Steam\Steam.exeFirewallRules: [TCP Query User{A8322172-BEED-41BE-8E29-005466B9584B}C:\program files (x86)\mediamonkey\mediamonkey.exe] => (Block) C:\program files (x86)\mediamonkey\mediamonkey.exeFirewallRules: [UDP Query User{B7856398-59F2-4A0D-98C5-E68E6D39CB5B}C:\program files (x86)\mediamonkey\mediamonkey.exe] => (Block) C:\program files (x86)\mediamonkey\mediamonkey.exeFirewallRules: [TCP Query User{74630DF9-8C47-49B1-8D5A-9A120A1491A0}C:\users\evans\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\evans\appdata\roaming\spotify\spotify.exeFirewallRules: [UDP Query User{E07441E5-30E5-4716-89FB-40C80145D374}C:\users\evans\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\evans\appdata\roaming\spotify\spotify.exeFirewallRules: [TCP Query User{08FC080A-F940-41CC-B5DC-5045307376DB}C:\users\evans\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\evans\appdata\roaming\spotify\spotify.exeFirewallRules: [UDP Query User{8116D51D-EFFB-44CD-BFCC-A0EA3A136E31}C:\users\evans\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\evans\appdata\roaming\spotify\spotify.exeFirewallRules: [TCP Query User{96B0D7DC-EA65-46E9-B710-E1E4158A8F4B}C:\program files\maple 16\jre\bin\maple.exe] => (Allow) C:\program files\maple 16\jre\bin\maple.exeFirewallRules: [UDP Query User{6D539426-B09A-4ADC-80C3-D7B90B488BBB}C:\program files\maple 16\jre\bin\maple.exe] => (Allow) C:\program files\maple 16\jre\bin\maple.exeFirewallRules: [{D4462BB6-61CD-4FCD-871A-74529879968C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exeFirewallRules: [{98C590F4-18BC-4CC2-A62E-43DE686D895A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exeFirewallRules: [{9A6A114E-2F34-4B10-B4D9-64B93AC41F77}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exeFirewallRules: [TCP Query User{54DC3574-D2F6-4E54-ADEB-A8058A54BBFA}C:\program files\maple 16\jre\bin\java.exe] => (Allow) C:\program files\maple 16\jre\bin\java.exeFirewallRules: [UDP Query User{41D99AE9-AAC0-45D0-9897-937FF4BB926E}C:\program files\maple 16\jre\bin\java.exe] => (Allow) C:\program files\maple 16\jre\bin\java.exeFirewallRules: [{C311A571-9D4D-4514-92AE-56FB5900CC9F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exeFirewallRules: [{6E361D9D-08D5-426D-9551-88E5973A1A0D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exeFirewallRules: [{CE42180B-BAD7-4CA0-86FB-57A2B25116A7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exeFirewallRules: [{89B6D13C-FC9B-42A1-A30E-62A5AB6C92CF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exeFirewallRules: [{03D9A15A-724F-4A82-86A2-E49DAADD09AE}] => (Allow) C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exeFirewallRules: [{B8FFD3A0-1DFF-4981-BB04-2A918207B404}] => (Allow) C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exeFirewallRules: [TCP Query User{544CB7B1-0643-4A60-A4BF-BBB52FE7BDDF}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Block) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exeFirewallRules: [UDP Query User{C5261BDA-A057-4406-8E6B-2EBB32E846A1}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Block) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exeFirewallRules: [{FD401FCD-1869-4DD2-9FF2-24633E401F0B}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exeFirewallRules: [{75DA58BA-8B3A-46D3-B890-1BD812118444}] => (Allow) C:\Users\Evans\AppData\Roaming\uTorrent\uTorrent.exeFirewallRules: [{A6C3ECE0-2DD3-472E-A081-E1B2E98C0A11}] => (Allow) C:\Users\Evans\AppData\Roaming\uTorrent\uTorrent.exeFirewallRules: [{CCD2670D-394A-41BB-B6B4-DE23369EE5AF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magicka\Magicka.exeFirewallRules: [{9D11C3AF-8543-46A6-9C23-DCE9ED72DE82}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magicka\Magicka.exeFirewallRules: [{11A667C8-8A12-4D4E-8412-9DEA001FCF96}] => (Allow) C:\Program Files (x86)\Steam\Steam.exeFirewallRules: [{795309CB-AC84-4D80-8EEC-93B5CA202D30}] => (Allow) C:\Program Files (x86)\Steam\Steam.exeFirewallRules: [{268F7511-83CF-4FBB-8A77-224CFD3CE522}] => (Allow) C:\Users\Evans\AppData\Roaming\Dropbox\bin\Dropbox.exeFirewallRules: [{F43729AF-4AC6-4E60-9640-73CDF1E98012}] => (Allow) C:\Users\Evans\AppData\Roaming\Dropbox\bin\Dropbox.exeFirewallRules: [{223534D1-57E0-4EC9-A22A-62E116279E6E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exeFirewallRules: [{1D8F0A09-FA25-488C-93DF-B771E5253FDF}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exeFirewallRules: [{4D3B0286-6462-4CD5-95F7-BC4510F9813A}] => (Allow) C:\Users\Evans\AppData\Roaming\uTorrent\uTorrent.exeFirewallRules: [{977E4189-B0A6-49FC-945B-C3A931E6F6F7}] => (Allow) C:\Users\Evans\AppData\Roaming\uTorrent\uTorrent.exeFirewallRules: [{7BFB9115-18F2-4370-AE63-49F50BFB7DD7}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exeFirewallRules: [{5CD73307-B759-43BF-B724-006E1BEF54FC}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exeFirewallRules: [TCP Query User{3808BB10-9611-4689-A152-B35C4FD5EE33}C:\program files (x86)\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base34659\heroesofthestorm_x64.exeFirewallRules: [UDP Query User{42A56D02-0221-4574-B713-DBA084C25BD2}C:\program files (x86)\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base34659\heroesofthestorm_x64.exeFirewallRules: [TCP Query User{4EAC10E0-E3AA-4ACC-B9F6-49B45B10983C}C:\users\evans\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\evans\appdata\roaming\dropbox\bin\dropbox.exeFirewallRules: [UDP Query User{0D43BCED-0EEB-4ACD-85AC-39D184AD5D20}C:\users\evans\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\evans\appdata\roaming\dropbox\bin\dropbox.exeFirewallRules: [{9C19EAA3-A8D5-46AC-B2F8-9DE64002668E}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exeFirewallRules: [{F63B33F2-BEF9-43DD-8B9F-03EA9B07926E}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exeFirewallRules: [{45EFA899-41B2-45CC-A820-181EC66B1D0E}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exeFirewallRules: [{3BA443CB-B6D2-4888-97EF-86111FF74BDC}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exeFirewallRules: [{2AF5C7CE-91BD-47A1-9419-91115C0E202E}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\50.0.2661.22\remoting_host.exeFirewallRules: [{6A66852A-EAEF-4B8D-861C-E497EF43A7D4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exeStandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray accessStandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner ServiceStandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 UpdaterStandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service==================== Restore Points =========================22-04-2016 12:02:23 Windows Update==================== Faulty Device Manager Devices ================================= Event log errors: =========================Application errors:==================Error: (04/22/2016 11:55:36 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY)Description: The performance counter explain text string value in the registry is not formatted correctly. The malformed string is . The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.Error: (04/22/2016 10:49:32 AM) (Source: System Restore) (EventID: 8193) (User: )Description: Failed to create restore point (Process = C:\Windows\system32\msiexec.exe /V; Description = Removed Apple Software Update; Error = 0x8004231f).Error: (04/22/2016 10:49:31 AM) (Source: VSS) (EventID: 4001) (User: )Description: Volume Shadow Copy Service error: Cannot find diff areas for creating shadow copies.Add at least one NTFS drive to the system with enough free space.The free space needed is at least 320 Mb for each volume to be shadow copied.Operation:Automatically choosing a diff-area volumeProcessing EndPrepareSnapshotsContext:Execution Context: System ProviderError: (04/22/2016 10:49:26 AM) (Source: System Restore) (EventID: 8193) (User: )Description: Failed to create restore point (Process = C:\Windows\system32\msiexec.exe /V; Description = Removed Apple Software Update; Error = 0x8004231f).Error: (04/22/2016 10:49:25 AM) (Source: VSS) (EventID: 4001) (User: )Description: Volume Shadow Copy Service error: Cannot find diff areas for creating shadow copies.Add at least one NTFS drive to the system with enough free space.The free space needed is at least 320 Mb for each volume to be shadow copied.Operation:Automatically choosing a diff-area volumeProcessing EndPrepareSnapshotsContext:Execution Context: System ProviderError: (04/22/2016 10:19:57 AM) (Source: ESENT) (EventID: 482) (User: )Description: wuaueng.dll (132) SUS20ClientDataStore: An attempt to write to the file "C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb" at offset 0 (0x0000000000000000) for 98304 (0x00018000) bytes failed after wuaueng.dll0 seconds with system error 112 (0x00000070): "There is not enough space on the disk. ". The write operation will fail with error -1808 (0xfffff8f0). If this error persists then the file may be damaged and may need to be restored from a previous backup.Error: (04/22/2016 10:13:51 AM) (Source: ESENT) (EventID: 482) (User: )Description: wuaueng.dll (204) SUS20ClientDataStore: An attempt to write to the file "C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb" at offset 491520 (0x0000000000078000) for 32768 (0x00008000) bytes failed after wuaueng.dll0 seconds with system error 112 (0x00000070): "There is not enough space on the disk. ". The write operation will fail with error -1808 (0xfffff8f0). If this error persists then the file may be damaged and may need to be restored from a previous backup.Error: (04/22/2016 10:07:35 AM) (Source: ESENT) (EventID: 482) (User: )Description: wuaueng.dll (204) SUS20ClientDataStore: An attempt to write to the file "C:\Windows\SoftwareDistribution\DataStore\Logs\edbtmp.log" at offset 393216 (0x0000000000060000) for 393216 (0x00060000) bytes failed after wuaueng.dll0 seconds with system error 112 (0x00000070): "There is not enough space on the disk. ". The write operation will fail with error -1808 (0xfffff8f0). If this error persists then the file may be damaged and may need to be restored from a previous backup.Error: (04/22/2016 10:07:34 AM) (Source: ESENT) (EventID: 482) (User: )Description: wuaueng.dll (204) SUS20ClientDataStore: An attempt to write to the file "C:\Windows\SoftwareDistribution\DataStore\DataStore.edb" at offset 144244736 (0x0000000008990000) for 393216 (0x00060000) bytes failed after wuaueng.dll0 seconds with system error 112 (0x00000070): "There is not enough space on the disk. ". The write operation will fail with error -1808 (0xfffff8f0). If this error persists then the file may be damaged and may need to be restored from a previous backup.Error: (04/22/2016 02:41:45 AM) (Source: System Restore) (EventID: 8193) (User: )Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x8004231f).System errors:=============Error: (04/22/2016 11:52:32 AM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:%%-2140993535Error: (04/22/2016 11:52:32 AM) (Source: Service Control Manager) (EventID: 7023) (User: )Description: The Peer Name Resolution Protocol service terminated with the following error:%%-2140993535Error: (04/22/2016 11:52:32 AM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:%%-2140993535Error: (04/22/2016 11:52:32 AM) (Source: Service Control Manager) (EventID: 7023) (User: )Description: The Peer Name Resolution Protocol service terminated with the following error:%%-2140993535Error: (04/22/2016 11:52:32 AM) (Source: PNRPSvc) (EventID: 102) (User: )Description: 0x80630801Error: (04/22/2016 11:52:32 AM) (Source: PNRPSvc) (EventID: 102) (User: )Description: 0x80630801Error: (04/22/2016 11:52:21 AM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:%%-2140993535Error: (04/22/2016 11:52:21 AM) (Source: Service Control Manager) (EventID: 7023) (User: )Description: The Peer Name Resolution Protocol service terminated with the following error:%%-2140993535Error: (04/22/2016 11:52:21 AM) (Source: PNRPSvc) (EventID: 102) (User: )Description: 0x80630801Error: (04/22/2016 11:48:30 AM) (Source: EventLog) (EventID: 6008) (User: )Description: The previous system shutdown at 11:47:46 AM on 4/22/2016 was unexpected.CodeIntegrity:===================================Date: 2013-04-11 17:15:25.842Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.Date: 2013-04-11 17:15:25.721Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.Date: 2013-04-11 17:05:58.543Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.Date: 2013-04-11 17:05:58.387Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.Date: 2013-04-10 01:52:20.922Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.Date: 2013-04-10 01:52:20.656Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.Date: 2013-04-09 22:50:47.752Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.Date: 2013-04-09 22:50:47.471Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.Date: 2013-04-09 18:43:39.594Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.Date: 2013-04-09 18:43:39.329Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.==================== Memory info ===========================Processor: Intel® Core i7 CPU Q 720 @ 1.60GHzPercentage of memory in use: 48%Total physical RAM: 8180.5 MBAvailable physical RAM: 4205.64 MBTotal Virtual: 8204.27 MBAvailable Virtual: 3560.89 MB==================== Drives ================================Drive c: () (Fixed) (Total:119.24 GB) (Free:0.54 GB) NTFS ==>[drive with boot components (obtained from BCD)]==================== MBR & Partition Table ==========================================================================Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 119.2 GB) (Disk ID: 77C8EAB9)Partition 1: (Active) - (Size=119.2 GB) - (Type=07 NTFS)==================== End of Addition.txt ============================
Edited by burntreesplease, 22 April 2016 - 11:03 AM.