Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Computer locks up and now getting BSOD

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Computer locks up and now getting BSOD

Unread postby ottersea » November 27th, 2016, 11:47 am

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-11-2016
Ran by Ottersea (ATTENTION: The user is not administrator) on CLAY-PC (27-11-2016 09:38:07)
Running from C:\Downloads
Loaded Profiles: Ottersea (Available Profiles: clay & Ottersea & Sharon)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> csrss.exe
Failed to access process -> wininit.exe
Failed to access process -> winlogon.exe
Failed to access process -> services.exe
Failed to access process -> lsass.exe
Failed to access process -> lsm.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> atiesrxx.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> igfxCUIService.exe
Failed to access process -> svchost.exe
Failed to access process -> atieclxx.exe
Failed to access process -> AvastSvc.exe
Failed to access process -> spoolsv.exe
Failed to access process -> taskeng.exe
Failed to access process -> svchost.exe
Failed to access process -> NetworkLicenseServer.exe
Failed to access process -> PhotoshopElementsFileAgent.exe
Failed to access process -> DbxSvc.exe
Failed to access process -> svchost.exe
Failed to access process -> escsvc.exe
Failed to access process -> FreemakeUtilsService.exe
Failed to access process -> GoogleUpdate.exe
Failed to access process -> GoogleCrashHandler.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(brother) C:\Program Files\Brownie\BrStsWnd.exe
(Dropbox, Inc.) C:\Program Files\Dropbox\Client\Dropbox.exe
(Cyber Power Systems, Inc.) C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(AMD) C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
(Valve Corporation) C:\Program Files\Steam\Steam.exe
(Brother Industries, Ltd.) C:\Program Files\Brownie\BRNIPMON.exe
(Ruiware) C:\Program Files\Ruiware\WinPatrol\WinPatrol.exe
Failed to access process -> iSCTAgent.exe
Failed to access process -> LavasoftTcpService.exe
Failed to access process -> mbamscheduler.exe
Failed to access process -> mbamservice.exe
Failed to access process -> MSIControlService.exe
Failed to access process -> MSI_LiveUpdate_Service.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
Failed to access process -> ChargeService.exe
Failed to access process -> MSI_Trigger_Service.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
Failed to access process -> ppped.exe
Failed to access process -> PsiService_2.exe
Failed to access process -> SDFSSvc.exe
Failed to access process -> SDUpdSvc.exe
Failed to access process -> svchost.exe
Failed to access process -> SuperRAIDSvc.exe
Failed to access process -> WLIDSVC.EXE
Failed to access process -> SDWSCSvc.exe
Failed to access process -> WLIDSVCM.EXE
Failed to access process -> SearchIndexer.exe
Failed to access process -> PresentationFontCache.exe
Failed to access process -> WmiPrvSE.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
Failed to access process -> wmpnetwk.exe
Failed to access process -> WmiPrvSE.exe
Failed to access process -> svchost.exe
Failed to access process -> dllhost.exe
Failed to access process -> jhi_service.exe
Failed to access process -> LMS.exe
Failed to access process -> sppsvc.exe
Failed to access process -> XtuService.exe
Failed to access process -> ICCProxy.exe
Failed to access process -> UI0Detect.exe
Failed to access process -> SearchProtocolHost.exe
Failed to access process -> SearchFilterHost.exe
Failed to access process -> svchost.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
Failed to access process -> avBugReport.exe
Failed to access process -> conhost.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-15] (AVAST Software)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [BrStsWnd] => C:\Program Files\Brownie\BrstsWnd.exe [3618160 2011-03-25] (brother)
HKLM\...\Run: [Dropbox] => C:\Program Files\Dropbox\Client\Dropbox.exe [25673776 2016-11-07] (Dropbox, Inc.)
HKLM\...\Run: [PowerPanel Personal Edition User Interaction] => C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe [362896 2014-05-12] (Cyber Power Systems, Inc.)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1065024 2014-06-10] (SEIKO EPSON CORPORATION)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-781923646-3209173807-790831272-1001\...\Run: [HydraVisionDesktopManager] => C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe [389120 2013-12-06] (AMD)
HKU\S-1-5-21-781923646-3209173807-790831272-1001\...\Run: [Steam] => C:\Program Files\Steam\Steam.exe [2851408 2016-07-08] (Valve Corporation)
HKU\S-1-5-21-781923646-3209173807-790831272-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-781923646-3209173807-790831272-1001\...\Run: [WinPatrol] => C:\Program Files\Ruiware\WinPatrol\winpatrol.exe [1216648 2015-08-05] (Ruiware)
HKU\S-1-5-21-781923646-3209173807-790831272-1001\...\MountPoints2: G - G:\SimpliSafe.bat
HKU\S-1-5-21-781923646-3209173807-790831272-1001\...\MountPoints2: {181a8e3e-3209-11e5-a52c-d8cb8a3c7ad7} - G:\SimpliSafe.bat
HKU\S-1-5-21-781923646-3209173807-790831272-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [221184 2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-10-08] (AVAST Software)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog9 01 C:\Windows\system32\LavasoftTcpService.dll [345360 2016-03-27] (Lavasoft Limited)
Winsock: Catalog9 02 C:\Windows\system32\LavasoftTcpService.dll [345360 2016-03-27] (Lavasoft Limited)
Winsock: Catalog9 03 C:\Windows\system32\LavasoftTcpService.dll [345360 2016-03-27] (Lavasoft Limited)
Winsock: Catalog9 04 C:\Windows\system32\LavasoftTcpService.dll [345360 2016-03-27] (Lavasoft Limited)
Winsock: Catalog9 29 C:\Windows\system32\LavasoftTcpService.dll [345360 2016-03-27] (Lavasoft Limited)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.202.166
Tcpip\..\Interfaces\{8A8DF711-C43F-499F-8310-27A6F1CC67B0}: [DhcpNameServer] 192.168.0.1 205.171.202.166

Internet Explorer:
==================
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22] (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_73\bin\ssv.dll [2016-03-06] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-10-24] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22] (Adobe Systems Incorporated)
BHO: Aimersoft Video Converter Ultimate 6.1.0 -> {D879895E-2124-4ED0-BDDF-F8F8BBC98A6F} -> C:\PROGRA~2\AIMERS~1\VIDEOC~1\WSBROW~1.DLL => No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-03-06] (Oracle Corporation)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22] (Adobe Systems Incorporated)
Handler: WSAMVCUchrome - {086BD280-4613-43B5 - No File
Handler: WSISVCUchrome - No CLSID Value -
Handler: WSWSVCUchrome - No CLSID Value -

FireFox:
========
FF DefaultProfile: qdn6py8a.default
FF ProfilePath: C:\Users\Ottersea\AppData\Roaming\Mozilla\Firefox\Profiles\qdn6py8a.default [2016-11-27]
FF Homepage: Mozilla\Firefox\Profiles\qdn6py8a.default -> hxxps://login.yahoo.com/?.src=ym&.intl= ... .yahoo.com
FF Extension: (Greek Spelling dictionary) - C:\Users\Ottersea\AppData\Roaming\Mozilla\Firefox\Profiles\qdn6py8a.default\Extensions\el-GR@dictionaries.addons.mozilla.org [2015-12-24] [not signed]
FF Extension: (YouTube mp3) - C:\Users\Ottersea\AppData\Roaming\Mozilla\Firefox\Profiles\qdn6py8a.default\Extensions\info@youtube-mp3.org.xpi [2016-04-27]
FF Extension: (YouTube™ Flash® Player) - C:\Users\Ottersea\AppData\Roaming\Mozilla\Firefox\Profiles\qdn6py8a.default\Extensions\jid1-HAV2inXAnQPIeA@jetpack.xpi [2016-11-02]
FF Extension: (Ελληνικά Language Pack) - C:\Users\Ottersea\AppData\Roaming\Mozilla\Firefox\Profiles\qdn6py8a.default\Extensions\langpack-el@firefox.mozilla.org.xpi [2016-11-20]
FF Extension: (1-Click YouTube Video Downloader) - C:\Users\Ottersea\AppData\Roaming\Mozilla\Firefox\Profiles\qdn6py8a.default\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2016-08-23]
FF ProfilePath: C:\Users\Ottersea\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\mr5c3pzr.default [2016-11-19]
FF Homepage: Moonchild Productions\Pale Moon\Profiles\mr5c3pzr.default -> hxxps://login.yahoo.com/config/mail?&.src=ym&.intl=us
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-10-09]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-10-09]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-08] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-09-03] (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-09-03] (Intel Corporation)
FF Plugin: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-03-06] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-03-06] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-02-17] (VideoLAN)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2015-07-03] (Adobe Systems) [File not signed]
R2 AdobeActiveFileMonitor5.0; C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [102400 2006-09-14] () [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-10-08] (AVAST Software)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [280840 2015-03-19] (Intel Corporation)
S2 dbupdate; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-03-14] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-03-14] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [35440 2016-11-07] (Dropbox, Inc.)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [122000 2011-12-12] (Seiko Epson Corporation)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2015-06-30] (Macrovision Europe Ltd.) [File not signed]
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2016-06-09] (Freemake) [File not signed]
R3 ICCS; C:\Program Files\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [171480 2014-02-18] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [293128 2015-03-19] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [686552 2014-05-13] (Intel(R) Corporation)
S3 intelsba; C:\Program Files\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [54976 2014-03-27] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [190256 2014-08-25] ()
R2 jhi_service; C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-09-03] (Intel Corporation)
R2 LavasoftTcpService; C:\Program Files\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2751760 2016-03-27] (Lavasoft Limited)
R2 lmhosts; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 MSIBIOSData_CC; C:\Program Files\MSI\Command Center\BIOSData\MSIBIOSDataService.exe [2100736 2014-06-04] (MSI) [File not signed]
S3 MSIClock_CC; C:\Program Files\MSI\Command Center\ClockGen\MSIClockService.exe [4026880 2014-09-26] (MSI) [File not signed]
S3 MSICOMM_CC; C:\Program Files\MSI\Command Center\MSICommService.exe [2118144 2014-07-28] () [File not signed]
S3 MSICPU_CC; C:\Program Files\MSI\Command Center\CPU\MSICPUService.exe [4157440 2014-09-26] () [File not signed]
R2 MSICTL_CC; C:\Program Files\MSI\Command Center\MSIControlService.exe [1993216 2014-09-26] () [File not signed]
S3 MSIDDR_CC; C:\Program Files\MSI\Command Center\DDR\MSIDDRService.exe [2242560 2014-09-01] () [File not signed]
S3 MSISMB_CC; C:\Program Files\MSI\Command Center\SMBus\MSISMBService.exe [2063360 2014-07-28] () [File not signed]
S3 MSISuperIO_CC; C:\Program Files\MSI\Command Center\SuperIO\MSISuperIOService.exe [550400 2014-09-25] () [File not signed]
R2 MSI_LiveUpdate_Service; C:\Program Files\MSI\Live Update\MSI_LiveUpdate_Service.exe [1723856 2014-09-18] (Micro-Star International)
R2 MSI_SuperCharger; C:\Program Files\MSI\Super Charger\ChargeService.exe [162800 2014-03-17] (MSI)
R2 MSI_Trigger_Service; C:\Program Files\MSI\MSITrigger\MSI_Trigger_Service.exe [30240 2013-09-26] (MICRO-STAR INTERNATIONAL CO., LTD.)
R2 NlaSvc; C:\Windows\System32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 ppped; C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe [1034640 2014-05-12] (Cyber Power Systems, Inc.)
R2 PSI_SVC_2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (arvato digital services llc)
S3 RoxMediaDBVHS; C:\Program Files\Common Files\Roxio Shared\VHStoDVD\SharedCOM\RoxMediaDBVHS.exe [1112720 2012-07-30] (Corel Corporation)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SuperRAIDSvc; C:\MSI\Smart Utilities\SuperRAIDSvc.exe [29648 2014-08-13] (Micro-Star International)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
R2 XTU3SERVICE; C:\Program Files\Intel\Extreme Tuning Utility\XtuService.exe [18384 2014-08-07] (Intel(R) Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AcpiCtlDrv; C:\Windows\System32\DRIVERS\AcpiCtlDrv.sys [22808 2012-07-17] (Intel Corporation)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34008 2016-10-08] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-10-08] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [92256 2016-10-08] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [91232 2016-10-08] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [60424 2016-10-08] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [735488 2016-10-08] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [433768 2016-10-08] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [118664 2016-10-08] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [224752 2016-10-13] (AVAST Software)
R2 BrPar; C:\Windows\System32\drivers\BrPar.sys [19537 2000-07-24] (Brother Industries Ltd.) [File not signed]
R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [1760256 2011-03-10] (C-Media Inc)
S3 CXPLRCAP; C:\Windows\System32\drivers\CxPlrCap.sys [187776 2010-01-06] (Conexant Systems, Inc.) [File not signed]
R3 ICCWDT; C:\Windows\System32\DRIVERS\ICCWDT.sys [23512 2013-08-13] (Intel Corporation)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [19144 2014-05-27] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [19656 2014-05-27] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [22728 2014-05-27] ()
R2 iocbios2; C:\Program Files\Intel\Extreme Tuning Utility\Drivers\IocDriver\32bit\iocbios2.sys [27376 2014-06-17] (Intel Corporation)
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD.sys [37576 2014-05-27] ()
R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [16880 2014-06-26] (Intel Corporation)
R3 iusb3hub; C:\Windows\System32\DRIVERS\iusb3hub.sys [380912 2014-06-26] (Intel Corporation)
R3 iusb3xhc; C:\Windows\System32\DRIVERS\iusb3xhc.sys [803312 2014-06-26] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2016-11-27] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
S3 MBfilt; C:\Windows\System32\drivers\MBfilt32.sys [24664 2009-11-17] (Creative Technology Ltd.)
R3 MEI; C:\Windows\System32\DRIVERS\TeeDriver.sys [109568 2014-09-03] (Intel Corporation)
R1 ndisrd; C:\Windows\System32\DRIVERS\ndisrd.sys [28776 2011-09-14] (NT Kernel Resources)
R3 NTIOLib_1_0_3; C:\Program Files\MSI\Super Charger\NTIOLib.sys [14392 2012-10-26] (MSI)
R3 NTIOLib_1_0_4; C:\Program Files\MSI\Live Update\NTIOLib.sys [7680 2010-10-20] (MSI) [File not signed]
S3 NTIOLib_MSIClock_CC; C:\Program Files\MSI\Command Center\ClockGen\NTIOLib.sys [7680 2012-11-20] (MSI) [File not signed]
S3 NTIOLib_MSICOMM_CC; C:\Program Files\MSI\Command Center\NTIOLib.sys [7680 2012-11-19] (MSI) [File not signed]
S3 NTIOLib_MSICPU_CC; C:\Program Files\MSI\Command Center\CPU\NTIOLib.sys [7680 2012-11-20] (MSI) [File not signed]
S3 NTIOLib_MSIDDR_CC; C:\Program Files\MSI\Command Center\DDR\NTIOLib.sys [7680 2012-11-26] (MSI) [File not signed]
S3 NTIOLib_MSIRatio_CC; C:\Program Files\MSI\Command Center\CPU\CPU_Ratio\NTIOLib.sys [7680 2012-11-20] (MSI) [File not signed]
S3 NTIOLib_MSISMB_CC; C:\Program Files\MSI\Command Center\SMBus\NTIOLib.sys [7680 2012-11-19] (MSI) [File not signed]
S3 NTIOLib_MSISuperIO_CC; C:\Program Files\MSI\Command Center\SuperIO\NTIOLib.sys [7680 2012-11-19] (MSI) [File not signed]
R3 NTIOLib_MSI_RAID; C:\MSI\Smart Utilities\NTIOLib.sys [14832 2014-03-17] (MSI)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [46096 2013-10-16] (Corel Corporation)
R3 SCTDriverV1011; C:\Windows\System32\drivers\SCTDriverV1011.sys [202800 2010-05-10] (Jungo)
S3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDAA.sys [660120 2012-05-04] (eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEMA.sys [1085592 2012-05-04] (eMPIA Technology, Inc.)
S3 CamAv; System32\Drivers\CamAv.sys [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 MSICDSetup; \??\F:\CDriver.sys [X]
S3 NTIOLib_1_0_C; \??\F:\NTIOLib.sys [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-27 09:35 - 2016-11-27 09:35 - 00000000 ____D C:\FRST
2016-11-27 09:27 - 2016-11-27 09:27 - 00000000 ____D C:\Users\clay\AppData\Roaming\Moonchild Productions
2016-11-27 09:27 - 2016-11-27 09:27 - 00000000 ____D C:\Users\clay\AppData\Local\Moonchild Productions
2016-11-27 09:17 - 2016-11-27 09:27 - 00000000 ____D C:\Users\clay\AppData\LocalLow\Mozilla
2016-11-27 09:16 - 2016-11-27 09:16 - 00000000 ____D C:\Users\clay\AppData\Roaming\Epson
2016-11-20 16:04 - 2016-11-27 09:31 - 00000000 ____D C:\Users\Ottersea\AppData\LocalLow\Mozilla
2016-11-20 15:48 - 2016-11-24 09:23 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-11-16 11:36 - 2016-11-16 11:36 - 00000000 _____ C:\Windows\system32\last.dump
2016-11-16 11:31 - 2016-11-27 09:25 - 338093721 _____ C:\Windows\MEMORY.DMP
2016-11-16 11:31 - 2016-11-27 09:25 - 00000000 ____D C:\Windows\Minidump
2016-11-11 16:12 - 2016-11-11 16:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-11-11 15:12 - 2016-11-11 15:12 - 00000000 ____D C:\Users\Ottersea\AppData\Local\ABBYY
2016-11-11 15:10 - 2016-11-12 09:14 - 00000000 ____D C:\Users\Ottersea\AppData\Roaming\EPSON
2016-11-11 15:06 - 2016-11-11 15:06 - 00000000 ____D C:\Users\Ottersea\AppData\Roaming\ArcSoft
2016-11-11 14:58 - 2016-11-11 14:58 - 00000161 _____ C:\Users\Public\Desktop\Perfection V600 User's Guide.url
2016-11-11 14:58 - 2016-11-11 14:58 - 00000046 _____ C:\Windows\Perfection V600.ini
2016-11-11 14:58 - 2016-11-11 14:58 - 00000000 ____D C:\Users\clay\AppData\Roaming\Leadertech
2016-11-11 14:58 - 2016-11-11 14:58 - 00000000 ____D C:\ProgramData\EPSON
2016-11-11 14:57 - 2016-11-11 14:57 - 00001963 _____ C:\Users\Public\Desktop\PhotoStudio 6.lnk
2016-11-11 14:57 - 2016-11-11 14:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft PhotoStudio 6
2016-11-11 14:57 - 2016-11-11 14:57 - 00000000 ____D C:\Program Files\Common Files\ArcSoft
2016-11-11 14:57 - 2016-11-11 14:57 - 00000000 ____D C:\Program Files\ArcSoft
2016-11-11 14:56 - 2016-11-11 14:56 - 00000000 ____D C:\Users\clay\AppData\Local\ABBYY
2016-11-11 14:56 - 2016-11-11 14:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 9.0 Sprint
2016-11-11 14:55 - 2016-11-11 14:57 - 00000000 ____D C:\Program Files\ABBYY FineReader 9.0 Sprint
2016-11-11 14:55 - 2016-11-11 14:55 - 00000000 ____D C:\ProgramData\ABBYY
2016-11-11 14:55 - 2016-11-11 14:55 - 00000000 ____D C:\Program Files\Common Files\ABBYY
2016-11-11 14:52 - 2016-11-11 14:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
2016-11-11 14:52 - 2016-11-11 14:53 - 00000000 ____D C:\Program Files\Epson Software
2016-11-11 14:51 - 2016-11-11 14:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2016-11-11 14:51 - 2016-11-11 14:57 - 00000000 ____D C:\Program Files\epson
2016-11-11 14:51 - 2016-11-11 14:51 - 00000936 _____ C:\Users\Public\Desktop\EPSON Scan.lnk
2016-11-11 14:51 - 2012-07-25 00:00 - 00075776 _____ (Seiko Epson Corporation.) C:\Windows\system32\esw2_a1.dll
2016-11-11 14:51 - 2012-07-10 01:00 - 00065793 _____ C:\Windows\system32\esfwa1.bin
2016-11-11 14:51 - 2012-07-10 00:00 - 00319488 _____ (SEIKO EPSON CORP.) C:\Windows\system32\esinta1.dll
2016-11-11 14:51 - 2011-12-12 00:00 - 00122000 _____ (Seiko Epson Corporation) C:\Windows\system32\escsvc.exe
2016-11-10 23:19 - 2016-11-10 23:19 - 00000000 ____D C:\Users\clay\AppData\Local\PowerPanel Personal Edition
2016-11-10 22:54 - 2016-11-10 22:54 - 00000000 __SHD C:\Windows\system32\AI_RecycleBin
2016-11-10 22:54 - 2016-11-10 22:54 - 00000000 ____D C:\Users\Ottersea\AppData\Local\PowerPanel Personal Edition
2016-11-10 22:54 - 2016-11-10 22:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberPower PowerPanel Personal Edition
2016-11-08 16:23 - 2016-11-08 16:23 - 00000000 ____D C:\Users\clay\AppData\Local\CEF
2016-11-07 16:49 - 2016-11-07 16:49 - 00063600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2016-11-07 16:49 - 2016-11-07 16:49 - 00063600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2016-11-07 16:49 - 2016-11-07 16:49 - 00063600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2016-11-07 16:33 - 2016-11-08 17:34 - 05610688 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2016-11-07 10:17 - 2016-11-07 10:17 - 00002824 _____ C:\Users\Ottersea\AppData\Local\recently-used.xbel
2016-10-30 15:07 - 2016-10-30 15:07 - 00000000 ____D C:\Firearms

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-27 09:36 - 2010-11-20 15:01 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-27 09:36 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\inf
2016-11-27 09:31 - 2016-03-15 09:33 - 00000000 ___RD C:\Users\Ottersea\Dropbox
2016-11-27 09:31 - 2015-07-11 10:08 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-11-27 09:31 - 2015-07-03 12:24 - 00000000 __SHD C:\Users\Ottersea\IntelGraphicsProfiles
2016-11-27 09:30 - 2015-06-29 11:43 - 00000000 ____D C:\Program Files\CyberPower PowerPanel Personal Edition
2016-11-27 09:29 - 2016-07-28 08:11 - 00539810 _____ C:\Windows\ntbtlog.txt
2016-11-27 09:29 - 2016-03-14 17:51 - 00000888 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-11-27 09:29 - 2015-07-07 15:02 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-27 09:29 - 2015-06-30 15:17 - 00000000 ____D C:\Program Files\Steam
2016-11-27 09:29 - 2015-06-29 10:43 - 00000462 _____ C:\Windows\Brownie.ini
2016-11-27 09:29 - 2015-06-26 17:39 - 00000262 _____ C:\Windows\Tasks\RtlNetworkGenieVistaStart.job
2016-11-27 09:29 - 2009-07-13 22:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-27 09:17 - 2015-07-07 11:21 - 00000000 __SHD C:\Users\clay\IntelGraphicsProfiles
2016-11-27 09:17 - 2015-06-28 17:09 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-11-27 09:15 - 2015-06-28 18:02 - 00000000 ____D C:\Users\clay\AppData\Local\ElevatedDiagnostics
2016-11-27 08:03 - 2016-03-14 17:51 - 00000892 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-11-27 06:08 - 2009-07-13 22:34 - 00022336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-27 06:08 - 2009-07-13 22:34 - 00022336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-26 10:06 - 2015-06-29 07:42 - 00000000 ____D C:\Users\Ottersea
2016-11-26 10:06 - 2014-03-18 18:16 - 00000000 ____D C:\Photos
2016-11-26 09:37 - 2015-06-29 07:56 - 00000000 ____D C:\Users\Ottersea\AppData\Local\PasswordSafe
2016-11-24 09:23 - 2015-07-24 11:39 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-11-23 15:06 - 2015-06-29 13:03 - 00000000 ____D C:\Users\Ottersea\Documents\Quicken
2016-11-19 14:56 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\system32\NDF
2016-11-16 11:36 - 2015-07-01 17:40 - 00000000 ____D C:\Users\Ottersea\AppData\Local\CrashDumps
2016-11-16 11:35 - 2009-07-13 22:53 - 00032560 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-11-13 14:06 - 2016-04-24 17:17 - 00000000 ____D C:\Users\Ottersea\Documents\Easy VHS to DVD Projects
2016-11-11 16:12 - 2016-03-14 17:51 - 00000000 ____D C:\Program Files\Dropbox
2016-11-11 14:59 - 2015-06-26 05:16 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2016-11-11 14:58 - 2015-06-30 14:03 - 00000000 ____D C:\Users\clay\AppData\Local\CrashDumps
2016-11-11 14:58 - 2009-07-13 22:52 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-11-10 13:14 - 2015-06-29 10:44 - 00000426 _____ C:\Windows\BRWMARK.INI
2016-11-08 17:34 - 2015-06-30 08:21 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-11-08 17:34 - 2015-06-30 08:21 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-11-08 17:34 - 2015-06-29 15:29 - 00000000 ____D C:\Windows\system32\Macromed
2016-11-07 16:49 - 2016-10-24 07:06 - 00035440 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2016-11-07 16:08 - 2015-06-29 12:09 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2016-11-07 15:56 - 2016-03-14 17:51 - 00000000 ____D C:\Users\clay\AppData\Local\Dropbox
2016-11-07 11:50 - 2015-07-13 11:18 - 00000000 ____D C:\Users\Ottersea\.gimp-2.8
2016-11-07 10:17 - 2015-07-13 11:22 - 00000000 ____D C:\Users\Ottersea\AppData\Local\gtk-2.0
2016-11-05 08:55 - 2015-06-28 17:12 - 00000000 ____D C:\Program Files\Password Safe
2016-11-05 08:54 - 2015-06-28 17:13 - 00000000 ____D C:\Users\clay\AppData\Local\PasswordSafe
2016-10-28 21:04 - 2016-08-28 17:39 - 00000000 ____D C:\RQMONEY

==================== Files in the root of some directories =======

2016-04-10 22:27 - 2016-04-11 10:22 - 0000190 _____ () C:\Users\Ottersea\AppData\Roaming\settings.xml
2016-11-07 10:17 - 2016-11-07 10:17 - 0002824 _____ () C:\Users\Ottersea\AppData\Local\recently-used.xbel
2016-04-06 19:48 - 2016-04-06 19:48 - 0000017 _____ () C:\Users\Ottersea\AppData\Local\resmon.resmoncfg
2016-05-17 17:50 - 2016-05-17 17:50 - 0000016 _____ () C:\ProgramData\mntemp

Some files in TEMP:
====================
C:\Users\clay\AppData\Local\Temp\FreemakeVideoConverterFull.exe
C:\Users\clay\AppData\Local\Temp\_isA411.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


ATTENTION: ==> Could not access BCD. The user is not administrator

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 23-11-2016
Ran by Ottersea (27-11-2016 09:38:39)
Running from C:\Downloads
Microsoft Windows 7 Home Premium Service Pack 1 (X86) (2015-06-26 09:06:11)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-781923646-3209173807-790831272-500 - Administrator - Disabled)
clay (S-1-5-21-781923646-3209173807-790831272-1000 - Administrator - Enabled) => C:\Users\clay
Guest (S-1-5-21-781923646-3209173807-790831272-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-781923646-3209173807-790831272-1003 - Limited - Enabled)
Ottersea (S-1-5-21-781923646-3209173807-790831272-1001 - Limited - Enabled) => C:\Users\Ottersea
Sharon (S-1-5-21-781923646-3209173807-790831272-1004 - Limited - Enabled) => C:\Users\Sharon

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABBYY FineReader 4.0 Sprint (HKLM\...\ABBYY FineReader 4.0 Sprint) (Version: - )
ABBYY FineReader 9.0 Sprint (HKLM\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (Version: 9.01.513.58212 - ABBYY) Hidden
ACPI Driver Installer (HKLM\...\553E35CD-0415-41bc-B39A-410375E88534) (Version: 2.1 - Intel Corporation)
Adobe Acrobat 8 Professional - English, Français, Deutsch (HKLM\...\Adobe Acrobat 8 Professional - English, Français, Deutsch) (Version: 8.0.0 - Adobe Systems)
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.0.12.36 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Photoshop CS2 (HKLM\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Photoshop Elements 5.0 (HKLM\...\Adobe Photoshop Elements 5) (Version: 5.0 - Adobe Systems Inc.)
Adobe Reader 8.1.0 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A81000000003}) (Version: 8.1.0 - Adobe Systems Incorporated)
Adobe SVG Viewer 3.0 (HKLM\...\Adobe SVG Viewer) (Version: 3.0 - )
AMD Catalyst Install Manager (HKLM\...\{294E0B98-299B-62A4-47C7-131A2D9E220F}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AnswerWorks 5.0 English Runtime (HKLM\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)
Apple Application Support (HKLM\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
ArcSoft PhotoStudio 6 (HKLM\...\{6C33D2FD-8FBB-4613-BC4A-1663D03D1626}) (Version: 6.0.6.187 - ArcSoft)
ASUS Xonar DG Audio Driver (HKLM\...\C-Media Oxygen HD Audio Driver) (Version: - )
Avast Free Antivirus (HKLM\...\Avast) (Version: 12.3.2280 - AVAST Software)
Brother BRAdmin Light 1.17.0002 (HKLM\...\{DB75941E-30C4-4D97-B000-D17C764B998C}) (Version: 1.17.0002 - Brother)
Brother HL-3070CW (HKLM\...\{54794513-6AAB-44D3-AE7A-7C2037FE938D}) (Version: 1.00 - Brother)
CCleaner (HKLM\...\CCleaner) (Version: 5.12 - Piriform)
Contents (Version: 18.0.0.181 - Corel Corporation) Hidden
Corel VideoStudio Pro X8 (HKLM\...\_{A22A80C4-F237-4B5A-825F-0731971ECBE6}) (Version: 18.6.0.6 - Corel Corporation)
CyberPower PowerPanel Personal Edition 1.4.3 (HKLM\...\{DEC7E1CD-31A2-4F2F-BEE5-CF80E8E58C2A}) (Version: 1.4.3 - Cyber Power Systems, Inc.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Detroit Iron Information Systems (HKLM\...\Detroit Iron) (Version: - )
DirectX 9 Runtime (Version: 1.00.0000 - Sonic Solutions) Hidden
Dropbox (HKLM\...\Dropbox) (Version: 14.4.19 - Dropbox, Inc.)
Dropbox Update Helper (Version: 1.3.57.1 - Dropbox, Inc.) Hidden
Easy Photo Scan (HKLM\...\{04A3C7AC-C350-46FA-8F72-C4E3F6B50D07}) (Version: 1.00.0004 - Seiko Epson Corporation)
Epson Copy Utility 4 (HKLM\...\{B835ADF3-3807-4B06-8E23-3B84AD67C4D7}) (Version: 4.01.0000 - Seiko Epson Corporation)
Epson Event Manager (HKLM\...\{747C2710-1D8F-46DD-ADF0-6EE0D980F13C}) (Version: 3.10.0039 - Seiko Epson Corporation)
EPSON Scan (HKLM\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EZ Grabber (HKLM\...\{8543A572-5993-4101-BACC-C83884E183A4}) (Version: 2.00.0000 - EZ Grabber)
Freemake Video Converter version 4.1.9 (HKLM\...\Freemake Video Converter_is1) (Version: 4.1.9 - Ellora Assets Corporation)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Earth (HKLM\...\{A0C18B96-AB79-46BD-8321-6FA83E6D25B9}) (Version: 7.1.7.2606 - Google)
Google Update Helper (Version: 1.3.31.5 - Google Inc.) Hidden
Haali Media Splitter (HKLM\...\HaaliMkx) (Version: - )
HydraVision (Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
ICA (Version: 18.0.0.181 - Corel Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.28.1006 - Intel Corporation)
Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4170 - Intel Corporation)
Intel(R) Small Business Advantage (HKLM\...\{6A6D86CD-B004-46b7-8951-7BB75A776F8C}) (Version: 2.2.51.8439 - Intel(R) Corporation)
Intel(R) Smart Connect Technology (HKLM\...\{2551B515-A1F5-4AF7-BF9A-74F65D04E13C}) (Version: 5.0.10.2907 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.34 - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version: - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM\...\3FD0C489-0F02-481a-A3E1-9754CD396761) (Version: - Intel Corporation)
IPM_VS_Pro (Version: 18.0 - Corel Corporation) Hidden
Itibiti RTC (Version: 0.0.1 - Itibiti Inc) Hidden <==== ATTENTION
Java 8 Update 73 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Junk Mail filter update (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
MediaFACE (Version: 5.0 - Fellowes) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Access 2000 Runtime (HKLM\...\{00180408-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3308 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-781923646-3209173807-790831272-1001\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Movie Maker (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 50.0 (x86 en-US) (HKLM\...\Mozilla Firefox 50.0 (x86 en-US)) (Version: 50.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 50.0.0.6152 - Mozilla)
MSI Command Center (HKLM\...\{85A2564E-9ED9-448A-91E4-B9211EE58A08}_is1) (Version: 1.0.0.83 - MSI)
MSI Intel Extreme Tuning Utility (HKLM\...\{56351c83-306c-4135-a570-2784d3025548}) (Version: 5.1.0.101 - Intel Corporation)
MSI Intel Extreme Tuning Utility (Version: 5.1.0.101 - Intel Corporation) Hidden
MSI Live Update (HKLM\...\{4F46CF54-47D2-41F4-B230-B0954C544420}}_is1) (Version: 6.0.010 - MSI)
MSI Smart Utilities (HKLM\...\{009E5DF2-3F97-480B-89DA-F2D5E672E14A}_is1) (Version: 2.0.0.10 - MSI)
MSI Super Charger (HKLM\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.026 - MSI)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NetworkGenie (HKLM\...\{B416A23D-C2BD-4956-8BAE-5C3BAFF1AC1E}) (Version: 1.0.0.8 - MSI)
Nik Collection (HKLM\...\Nik Collection) (Version: 1.2.11 - Google)
OpenAL (HKLM\...\OpenAL) (Version: - )
OpenOffice 4.1.2 (HKLM\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
Pale Moon 26.5.0 (x86 en-US) (HKLM\...\Pale Moon 26.5.0 (x86 en-US)) (Version: 26.5.0 - Moonchild Productions)
Password Safe (HKLM\...\Password Safe) (Version: - )
PeaZip 5.6.0 (HKLM\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version: - Giorgio Tani)
Perfection V600 User's Guide version 1.0 (HKLM\...\UsersGuidePerfection V600 User's Guide_is1) (Version: 1.0 - )
Quicken 2008 (HKLM\...\{3B0F52AC-EF5C-4831-B221-06C782E41280}) (Version: 17.1.6.7 - Intuit)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.77.1126.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7293 - Realtek Semiconductor Corp.)
Roxio Easy VHS to DVD 3 (HKLM\...\{01EA1B5D-04A2-45BD-83BD-488D6EB7B942}) (Version: 3.0 - Roxio)
RVer's Notebook (HKLM\...\RVer's Notebook) (Version: 2.2 - IV Software)
SafeZone Stable 1.51.2220.62 (Version: 1.51.2220.62 - Avast Software) Hidden
SCT Device Updater (HKLM\...\{1E05E69C-38E3-40A8-96BA-07900EE62F4F}) (Version: 2.9.16049.1 - SCT)
SCTDriversV1011x86 (HKLM\...\{85E589A5-FBF0-4CC5-9E58-CA2E1E54DBBF}) (Version: 11.0.0 - SCT Performance LLC)
Setup (Version: 18.0.0.181 - Corel Corporation) Hidden
Share (Version: 18.0.0.181 - Corel Corporation) Hidden
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Tomb Raider (HKLM\...\Steam App 203160) (Version: - Crystal Dynamics)
VGA Boost (HKLM\...\{809ACFAE-9A4D-4C60-9223-D8B615CD8CBA}}_is1) (Version: 1.0.0.8 - MSI)
VideoStudio MyDVD (HKLM\...\{49D8422A-D54E-425F-8A38-54167B1174A1}) (Version: 1.0 - Corel)
VideoStudio MyDVD (Version: 1.0.112 - Corel Corporation) Hidden
ViewSonic Monitor Drivers (HKLM\...\{B4FEA924-630D-11D4-B78E-005004566E4D}) (Version: - )
Visioneer PaperPort Viewer 5.0 (HKLM\...\Visioneer PaperPort Viewer 5.0) (Version: - )
VLC media player 2.0.0 (HKLM\...\VLC media player) (Version: 2.0.0 - VideoLAN)
VSClassic (Version: 18.0.0.181 - Corel Corporation) Hidden
VSPro (Version: 18.0.0.181 - Corel Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version: - )
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 33.6.2015.18 - Ruiware)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-781923646-3209173807-790831272-1001_Classes\CLSID\{3F11DF04-C40B-F92C-CA9B-08270FD5296B}\InprocServer32 -> C:\Windows\system32\ole32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-781923646-3209173807-790831272-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-781923646-3209173807-790831272-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Ottersea\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-781923646-3209173807-790831272-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Ottersea\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-781923646-3209173807-790831272-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Ottersea\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-781923646-3209173807-790831272-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Ottersea\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-781923646-3209173807-790831272-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Ottersea\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\FileSyncApi.dll (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job =>
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => <==== ATTENTION
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => <==== ATTENTION
Task: C:\Windows\Tasks\RtlNetworkGenieVistaStart.job =>

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Public\Desktop\VideoStudio Learning.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> www.studiobacklot.tv/videostudio

==================== Loaded Modules (Whitelisted) ==============

2015-06-29 12:09 - 2014-05-13 11:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-06-29 12:09 - 2014-05-13 11:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2016-10-08 18:39 - 2016-10-08 18:39 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-10-08 18:39 - 2016-10-08 18:39 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-06-29 12:09 - 2014-05-13 11:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-11-11 16:11 - 2016-10-10 10:29 - 00035792 _____ () C:\Program Files\Dropbox\Client\_multiprocessing.pyd
2016-11-11 16:11 - 2016-10-10 10:29 - 00145864 _____ () C:\Program Files\Dropbox\Client\pyexpat.pyd
2016-11-11 16:11 - 2016-10-10 10:29 - 00019408 _____ () C:\Program Files\Dropbox\Client\faulthandler.pyd
2016-11-11 16:11 - 2016-10-10 10:29 - 00116688 _____ () C:\Program Files\Dropbox\Client\pywintypes27.dll
2016-11-11 16:11 - 2016-10-10 10:29 - 00100296 _____ () C:\Program Files\Dropbox\Client\_ctypes.pyd
2016-11-11 16:11 - 2016-10-10 10:29 - 00018888 _____ () C:\Program Files\Dropbox\Client\select.pyd
2016-11-11 16:11 - 2016-11-07 16:59 - 00019760 _____ () C:\Program Files\Dropbox\Client\tornado.speedups.pyd
2016-11-11 16:11 - 2016-10-10 10:29 - 00694224 _____ () C:\Program Files\Dropbox\Client\unicodedata.pyd
2016-11-11 16:11 - 2016-11-07 16:58 - 00020816 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2016-11-11 16:11 - 2016-10-10 10:30 - 00123856 _____ () C:\Program Files\Dropbox\Client\_cffi_backend.pyd
2016-11-11 16:11 - 2016-11-07 16:58 - 01682760 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2016-11-11 16:11 - 2016-11-07 16:58 - 00020808 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2016-11-11 16:11 - 2016-10-10 10:31 - 00105928 _____ () C:\Program Files\Dropbox\Client\win32api.pyd
2016-11-11 16:11 - 2016-11-07 16:59 - 00021312 _____ () C:\Program Files\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2016-11-11 16:11 - 2016-11-07 16:59 - 00052024 _____ () C:\Program Files\Dropbox\Client\psutil._psutil_windows.pyd
2016-11-11 16:11 - 2016-11-07 16:59 - 00038696 _____ () C:\Program Files\Dropbox\Client\fastpath.pyd
2016-11-11 16:11 - 2016-10-10 10:29 - 00392144 _____ () C:\Program Files\Dropbox\Client\pythoncom27.dll
2016-11-11 16:11 - 2016-10-10 10:31 - 00020936 _____ () C:\Program Files\Dropbox\Client\mmapfile.pyd
2016-11-11 16:11 - 2016-10-10 10:31 - 00024528 _____ () C:\Program Files\Dropbox\Client\win32event.pyd
2016-11-11 16:11 - 2016-10-10 10:31 - 00116176 _____ () C:\Program Files\Dropbox\Client\win32security.pyd
2016-11-11 16:11 - 2016-11-07 16:59 - 00381752 _____ () C:\Program Files\Dropbox\Client\win32com.shell.shell.pyd
2016-11-11 16:11 - 2016-10-10 10:31 - 00124880 _____ () C:\Program Files\Dropbox\Client\win32file.pyd
2016-11-11 16:11 - 2016-11-07 16:59 - 00025424 _____ () C:\Program Files\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2016-11-11 16:11 - 2016-10-10 10:31 - 00024016 _____ () C:\Program Files\Dropbox\Client\win32clipboard.pyd
2016-11-11 16:11 - 2016-10-10 10:31 - 00175560 _____ () C:\Program Files\Dropbox\Client\win32gui.pyd
2016-11-11 16:11 - 2016-10-10 10:31 - 00030160 _____ () C:\Program Files\Dropbox\Client\win32pipe.pyd
2016-11-11 16:11 - 2016-10-10 10:31 - 00043472 _____ () C:\Program Files\Dropbox\Client\win32process.pyd
2016-11-11 16:11 - 2016-10-10 10:31 - 00048592 _____ () C:\Program Files\Dropbox\Client\win32service.pyd
2016-11-11 16:11 - 2016-10-10 10:31 - 00057808 _____ () C:\Program Files\Dropbox\Client\win32evtlog.pyd
2016-11-11 16:11 - 2016-10-10 10:31 - 00024016 _____ () C:\Program Files\Dropbox\Client\win32profile.pyd
2016-11-11 16:11 - 2016-11-07 16:58 - 00246592 _____ () C:\Program Files\Dropbox\Client\breakpad.client.windows.handler.pyd
2016-11-11 16:11 - 2016-11-07 16:59 - 00026456 _____ () C:\Program Files\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-11-11 16:11 - 2016-10-10 10:30 - 00241104 _____ () C:\Program Files\Dropbox\Client\_jpegtran.pyd
2016-11-11 16:11 - 2016-11-07 16:58 - 00020280 _____ () C:\Program Files\Dropbox\Client\cpuid.compiled._cpuid.pyd
2016-11-11 16:11 - 2016-10-10 10:31 - 00028616 _____ () C:\Program Files\Dropbox\Client\win32ts.pyd
2016-11-11 16:11 - 2016-11-07 16:59 - 00023376 _____ () C:\Program Files\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2016-11-11 16:11 - 2016-11-07 16:59 - 00020800 _____ () C:\Program Files\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-11-11 16:11 - 2016-11-07 16:59 - 00019776 _____ () C:\Program Files\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
2016-11-11 16:11 - 2016-11-07 16:59 - 00020800 _____ () C:\Program Files\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
2016-11-11 16:11 - 2016-10-10 10:31 - 00350152 _____ () C:\Program Files\Dropbox\Client\winxpgui.pyd
2016-11-11 16:11 - 2016-11-07 16:59 - 00022352 _____ () C:\Program Files\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2016-11-11 16:11 - 2016-11-07 16:59 - 00024392 _____ () C:\Program Files\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2016-11-11 16:11 - 2016-10-10 10:27 - 00036296 _____ () C:\Program Files\Dropbox\Client\librsync.dll
2016-11-11 16:11 - 2016-11-07 16:59 - 00084280 _____ () C:\Program Files\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-11-11 16:11 - 2016-11-07 16:59 - 01826096 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtCore.pyd
2016-11-11 16:11 - 2016-10-10 10:29 - 00083912 _____ () C:\Program Files\Dropbox\Client\sip.pyd
2016-11-11 16:11 - 2016-11-07 16:59 - 00531248 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtNetwork.pyd
2016-11-11 16:11 - 2016-11-07 16:59 - 03928880 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWidgets.pyd
2016-11-11 16:11 - 2016-11-07 16:59 - 01972528 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtGui.pyd
2016-11-11 16:11 - 2016-11-07 16:59 - 00133424 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebKit.pyd
2016-11-11 16:11 - 2016-11-07 16:59 - 00224056 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2016-11-11 16:11 - 2016-11-07 16:59 - 00207672 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2016-11-11 16:11 - 2016-11-07 16:59 - 00020288 _____ () C:\Program Files\Dropbox\Client\winffi.user32._winffi_user32.pyd
2016-11-11 16:11 - 2016-10-10 10:33 - 00017864 _____ () C:\Program Files\Dropbox\Client\libEGL.dll
2016-11-11 16:11 - 2016-10-10 10:34 - 01631184 _____ () C:\Program Files\Dropbox\Client\libGLESv2.dll
2016-11-11 16:11 - 2016-11-07 16:59 - 00042808 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebChannel.pyd
2016-11-11 16:11 - 2016-11-07 16:59 - 00168760 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2016-11-11 16:11 - 2016-11-07 16:59 - 00357680 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtQml.pyd
2016-11-11 16:11 - 2016-10-10 10:31 - 00060880 _____ () C:\Program Files\Dropbox\Client\win32print.pyd
2016-11-11 16:11 - 2016-11-07 16:59 - 00024904 _____ () C:\Program Files\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2016-11-11 16:11 - 2016-11-07 16:59 - 00546096 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtQuick.pyd

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-781923646-3209173807-790831272-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-781923646-3209173807-790831272-1001\...\webcompanion.com -> hxxp://webcompanion.com
IE restricted site: HKU\S-1-5-21-781923646-3209173807-790831272-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-781923646-3209173807-790831272-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-781923646-3209173807-790831272-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-781923646-3209173807-790831272-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-781923646-3209173807-790831272-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-781923646-3209173807-790831272-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-781923646-3209173807-790831272-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-781923646-3209173807-790831272-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-781923646-3209173807-790831272-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-781923646-3209173807-790831272-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-781923646-3209173807-790831272-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-781923646-3209173807-790831272-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-781923646-3209173807-790831272-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-781923646-3209173807-790831272-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-781923646-3209173807-790831272-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-781923646-3209173807-790831272-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-781923646-3209173807-790831272-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-781923646-3209173807-790831272-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-781923646-3209173807-790831272-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-781923646-3209173807-790831272-1001\...\123simsen.com -> www.123simsen.com

There are 7916 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:04 - 2016-06-10 18:28 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-781923646-3209173807-790831272-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Ottersea\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1 - 205.171.202.166
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk => C:\Windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk => C:\Windows\pss\Adobe Acrobat Synchronizer.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microtek Scanner Finder.lnk => C:\Windows\pss\Microtek Scanner Finder.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^clay^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk => C:\Windows\pss\Adobe Gamma.lnk.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Photo Downloader => "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Aimersoft Helper Compact.exe => C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
MSCONFIG\startupreg: APSDaemon => "c:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BingSvc => C:\Users\clay\AppData\Local\Microsoft\BingSvc\BingSvc.exe
MSCONFIG\startupreg: Brdefprn => C:\Program Files\Brother\BRHL3070\Brdefprn.exe -d
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: Cmaudio8788 => RunDll32 cmicnfgp.cpl,CMICtrlWnd
MSCONFIG\startupreg: Cmaudio8788GX => C:\Windows\system\HsMgr.exe Envoke
MSCONFIG\startupreg: Command Center => C:\Program Files\MSI\Command Center\StartCommandCenter.exe
MSCONFIG\startupreg: DelaypluginInstall => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe
MSCONFIG\startupreg: Dropbox => "C:\Program Files\Dropbox\Client\Dropbox.exe" /systemstartup
MSCONFIG\startupreg: HydraVisionDesktopManager => "C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe"
MSCONFIG\startupreg: IMSS => "C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" "C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe" 60
MSCONFIG\startupreg: ISCT Tray => C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
MSCONFIG\startupreg: iSkysoft Helper Compact.exe => C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
MSCONFIG\startupreg: ISUSPM => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler
MSCONFIG\startupreg: Live Update => C:\Program Files\MSI\Live Update\Live Update.exe /REMINDER
MSCONFIG\startupreg: MediaFace Integration => C:\Program Files\Fellowes\MediaFACE 5.0\SetHook.exe
MSCONFIG\startupreg: ProductUpdater => C:\Program Files\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
MSCONFIG\startupreg: QuickTime Task => "c:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe" -s
MSCONFIG\startupreg: StartCCC => "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe" MSRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Super Charger => C:\Program Files\MSI\Super Charger\Super Charger.exe
MSCONFIG\startupreg: USB3MON => "C:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{912C58EC-8ECB-4303-BCDA-FDE23351F018}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{A9237781-FE20-4CF9-A7AF-09A38AB1EAC6}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{2B417293-F492-4ABB-9C0C-C233ADCE8ECF}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{390FACA7-98D7-4E30-9EB4-D3ED3A566BB9}] => (Allow) C:\Program Files\Brother\BRAdmin Light\BRAdmLight.exe
FirewallRules: [{E2FA990B-5628-4F1B-B8A7-157FE285A17C}] => (Allow) C:\Program Files\Brother\BRAdmin Light\BRAdmLight.exe
FirewallRules: [{EF996752-8D9D-4048-ACF4-18A4E94D7C7C}] => (Allow) c:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{2E793365-984D-4A13-BDFE-94C5BB9A4D92}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{1E55D3EF-D495-44A0-9551-1E5A613D8179}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{37DC73FB-B9B8-422E-8135-A04C911AE434}] => (Allow) C:\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [{8A8F847E-A2D3-4CF2-99EF-ABAE556D8A0E}] => (Allow) C:\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [{10361E2A-9EF3-4360-8CE7-D838006E762F}] => (Allow) C:\Program Files\Steam\SteamApps\common\Tomb Raider\TombRaider.exe
FirewallRules: [{204B0034-C3CC-4983-961D-9631B5CEFB4D}] => (Allow) C:\Program Files\Steam\SteamApps\common\Tomb Raider\TombRaider.exe
FirewallRules: [{A56168E9-F1B3-4712-AE8D-B0F65B6D6129}] => (Allow) C:\Program Files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [{98A3E2B7-56DC-439D-ABF9-6F9C8121238D}] => (Allow) C:\Program Files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [{FBC8C26B-72B2-4174-B3B5-055C27FA6B8F}] => (Allow) C:\Users\clay\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{04A20F7D-D538-4AFE-A287-6CF087E9BA06}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{37A13CE4-5AD0-448F-B36A-0BFBE0517BD4}] => (Allow) LPort=2869
FirewallRules: [{806230B5-4CAB-44CD-94AF-E1FCA03AA6CE}] => (Allow) LPort=1900
FirewallRules: [{2D157825-AB7E-4674-98E9-2CA326118CAA}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{40866BA8-E8CA-4ABE-AB2B-17C0B838744C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{5278F079-6B94-40AD-8DAE-6140A3A8E503}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{AF51ABD0-7293-4843-AEED-4EA6A0FD6B55}G:\simplisafewizard.exe] => (Allow) G:\simplisafewizard.exe
FirewallRules: [UDP Query User{D0D16C37-348A-40D9-87BA-C7F2119D1CA2}G:\simplisafewizard.exe] => (Allow) G:\simplisafewizard.exe
FirewallRules: [{23498A66-5C22-4CDC-86D3-CF76C73A70CA}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{633D9F3F-B4A1-4DB7-AEA5-8EB9B51A378A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{FC1DA6A2-F3F7-455C-A8B3-E3138F1E1CC8}] => (Allow) C:\Program Files\Dropbox\Client\Dropbox.exe
FirewallRules: [TCP Query User{589328A6-9872-49E1-A596-145BF6F494D0}C:\program files\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{E79967BD-CE6A-4DC2-BA3B-55796835758B}C:\program files\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [{CF4BAF8A-BC84-4B9E-9168-D3045FCE34E6}] => (Block) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [{20D57A38-2C95-48CE-A7BF-6EC747078505}] => (Block) C:\program files\epson software\event manager\eeventmanager.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

ATTENTION: System Restore is disabled
Check "winmgmt" service or repair WMI.


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/27/2016 09:37:31 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST.exe version 23.11.2016.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 10c8

Start Time: 01d248c3dab8514c

Termination Time: 6

Application Path: C:\Downloads\FRST.exe

Report Id: 613f47ac-b4b7-11e6-8e86-d8cb8a3c7ad7

Error: (11/27/2016 09:31:05 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/27/2016 09:29:49 AM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Error: (11/27/2016 09:27:23 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/27/2016 09:20:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/27/2016 09:19:25 AM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Error: (11/27/2016 09:17:12 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/27/2016 09:11:50 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/27/2016 09:10:40 AM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Error: (11/27/2016 08:04:34 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (11/27/2016 09:27:53 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (11/27/2016 09:27:53 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (11/27/2016 09:27:53 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (11/27/2016 09:26:09 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (11/27/2016 09:26:08 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (11/27/2016 09:26:08 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (11/27/2016 09:26:07 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (11/27/2016 09:26:07 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (11/27/2016 09:26:07 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (11/27/2016 09:26:04 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4570 CPU @ 3.20GHz
Percentage of memory in use: 61%
Total physical RAM: 2760 MB
Available physical RAM: 1075.6 MB
Total Virtual: 6898.32 MB
Available Virtual: 4545.86 MB

==================== Drives ================================

Drive c: (Sata 3) (Fixed) (Total:931.51 GB) (Free:736.95 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Sata 2) (Fixed) (Total:465.76 GB) (Free:168.27 GB) NTFS
Drive e: (Sata 1) (Fixed) (Total:465.76 GB) (Free:423.11 GB) NTFS

==================== MBR & Partition Table ==================



==================== End of Addition.txt ============================
ottersea
Regular Member
 
Posts: 41
Joined: December 13th, 2010, 1:47 pm
Advertisement
Register to Remove

Re: Computer locks up and now getting BSOD

Unread postby mAL_rEm018 » November 29th, 2016, 4:23 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the Malware Removal forum and wait for help.

Failure to post replies within 3 days will result in this thread being closed.


Hello ottersea,

Welcome back to the Malware Removal Forum! My name is mAL_rEm018, but feel free to call me mAL. I will be helping you with your malware related problems :)

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


Because of this, I advise you to backup any personal files and folders before you start.

To make sure everything goes smoothly, I would like you to observe the following rules:
  • You must have Administrator rights, permissions for this computer.
  • Please reply to this thread. Do not start another topic.
  • Perform all actions in the order given.
  • If you don't know, stop and ask!
  • DO NOT run any other fix or removal tools unless instructed to do so!
  • Don't attempt to install any new software (other than those I ask you to) until your computer is clean.
  • DO NOT post for help at any other forum. Applying fixes from multiple help sites can cause problems.
  • I advise you to print the instructions if possible, since your internet connection might not be available during some of the fixes.
  • Absence of symptoms does not mean that everything is clear, therefore stick with this topic until I give you the "all clear".

Before proceeding please read and get acquainted with the following topic: HOW TO GET HELP IN THIS FORUM - everyone must read this, where the conditions for receiving help here are explained.

Next..

Please answer the following question..
ottersea wrote:Computer locks up and now getting BSOD

What do you mean by "Computer locks up"? Please give as many details as you can.

Ran by Ottersea (ATTENTION: The user is not administrator)

Farbar Recovery Scan Tool (FRST) cannot provide accurate logs when used in a Limited User Account. Please log into an Administrator account and follow the steps below..

  • Download and save the Farbar Recovery Scan Tool to your Desktop: Link.
  • Right-click on FRST.exe and select Run as administrator.
  • Select Scan.
  • When the scan is over two windows will open, FRST.txt and Addition.txt.
  • Please post the contents of both logs in your next reply.



-----------------------------------------
In your next reply, I would like to see..
  • Answer to my question
  • FRST.txt
  • Addition.txt

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....
User avatar
mAL_rEm018
MRU Teacher
MRU Teacher
 
Posts: 1591
Joined: November 11th, 2013, 6:26 pm
Location: Canada

Re: Computer locks up and now getting BSOD

Unread postby ottersea » November 29th, 2016, 5:33 pm

mAL
Thanks for the response.
In answer to your question. A few months back the computer would just lock up on me. By this I mean that I can be looking at a screen and all of a sudden nothing works. The cursor will still move around but nothing I click on works. CtlAltDl does not work so cannot close out. The only thing I can do is a hard reboot and then it will work but comes back eventually. Then back in July I started getting BSOD crashes. Did not think much of it at the time until 11/27 when it did it 18 times and again on the 28th another 4 times. So far has not done it again. I have no idea what it going on to cause this to happen and hoping someone here can help figure it out.

FRST file:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-11-2016
Ran by clay (administrator) on CLAY-PC (29-11-2016 15:27:47)
Running from C:\Downloads
Loaded Profiles: clay & Ottersea (Available Profiles: clay & Ottersea & Sharon)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ABBYY) C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
() C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(Lavasoft Limited) C:\Program Files\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files\MSI\Command Center\MSIControlService.exe
(Micro-Star International) C:\Program Files\MSI\Live Update\MSI_LiveUpdate_Service.exe
(MSI) C:\Program Files\MSI\Super Charger\ChargeService.exe
(MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files\MSI\MSITrigger\MSI_Trigger_Service.exe
(Cyber Power Systems, Inc.) C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Micro-Star International) C:\MSI\Smart Utilities\SuperRAIDSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Program Files\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Corporation) C:\Program Files\Intel\Extreme Tuning Utility\XtuService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(brother) C:\Program Files\Brownie\BrStsWnd.exe
(Dropbox, Inc.) C:\Program Files\Dropbox\Client\Dropbox.exe
(Cyber Power Systems, Inc.) C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(Brother Industries, Ltd.) C:\Program Files\Brownie\BRNIPMON.exe
(AMD) C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
(Ruiware) C:\Program Files\Ruiware\WinPatrol\WinPatrol.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(brother) C:\Program Files\Brownie\BrStsWnd.exe
(Dropbox, Inc.) C:\Program Files\Dropbox\Client\Dropbox.exe
(Cyber Power Systems, Inc.) C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe
(Realtek Semiconductor) C:\Program Files\MSI\NetworkGenie\NetworkGenie.exe
(Brother Industries, Ltd.) C:\Program Files\Brownie\BRNIPMON.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(Ruiware) C:\Program Files\Ruiware\WinPatrol\WinPatrol.exe
(Brother Industries, Ltd.) C:\Program Files\Brownie\BRNIPMON.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\tobedeleted\moz53C6.tmp
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\tobedeleted\moz53C6.tmp
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\mmc.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-15] (AVAST Software)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [BrStsWnd] => C:\Program Files\Brownie\BrstsWnd.exe [3618160 2011-03-25] (brother)
HKLM\...\Run: [Dropbox] => C:\Program Files\Dropbox\Client\Dropbox.exe [25673776 2016-11-07] (Dropbox, Inc.)
HKLM\...\Run: [PowerPanel Personal Edition User Interaction] => C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe [362896 2014-05-12] (Cyber Power Systems, Inc.)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1065024 2014-06-10] (SEIKO EPSON CORPORATION)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-781923646-3209173807-790831272-1000\...\Run: [WinPatrol] => C:\Program Files\Ruiware\WinPatrol\winpatrol.exe [1216648 2015-08-05] (Ruiware)
HKU\S-1-5-21-781923646-3209173807-790831272-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [221184 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-21-781923646-3209173807-790831272-1001\...\Run: [HydraVisionDesktopManager] => C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe [389120 2013-12-06] (AMD)
HKU\S-1-5-21-781923646-3209173807-790831272-1001\...\Run: [Steam] => C:\Program Files\Steam\Steam.exe [2860832 2016-10-12] (Valve Corporation)
HKU\S-1-5-21-781923646-3209173807-790831272-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-781923646-3209173807-790831272-1001\...\Run: [WinPatrol] => C:\Program Files\Ruiware\WinPatrol\winpatrol.exe [1216648 2015-08-05] (Ruiware)
HKU\S-1-5-21-781923646-3209173807-790831272-1001\...\MountPoints2: G - G:\SimpliSafe.bat
HKU\S-1-5-21-781923646-3209173807-790831272-1001\...\MountPoints2: {181a8e3e-3209-11e5-a52c-d8cb8a3c7ad7} - G:\SimpliSafe.bat
HKU\S-1-5-21-781923646-3209173807-790831272-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [221184 2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-10-08] (AVAST Software)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-781923646-3209173807-790831272-1000] => Proxy is enabled.
ProxyServer: [S-1-5-21-781923646-3209173807-790831272-1000] => localhost:21320
AutoConfigURL: [S-1-5-21-781923646-3209173807-790831272-1000] => localhost:21320
Winsock: Catalog9 01 C:\Windows\system32\LavasoftTcpService.dll [345360 2016-03-27] (Lavasoft Limited)
Winsock: Catalog9 02 C:\Windows\system32\LavasoftTcpService.dll [345360 2016-03-27] (Lavasoft Limited)
Winsock: Catalog9 03 C:\Windows\system32\LavasoftTcpService.dll [345360 2016-03-27] (Lavasoft Limited)
Winsock: Catalog9 04 C:\Windows\system32\LavasoftTcpService.dll [345360 2016-03-27] (Lavasoft Limited)
Winsock: Catalog9 29 C:\Windows\system32\LavasoftTcpService.dll [345360 2016-03-27] (Lavasoft Limited)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.202.166
Tcpip\..\Interfaces\{8A8DF711-C43F-499F-8310-27A6F1CC67B0}: [DhcpNameServer] 192.168.0.1 205.171.202.166
ManualProxies: 1localhost:21320

Internet Explorer:
==================
HKU\S-1-5-21-781923646-3209173807-790831272-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=SL5I&ocid=SL5IDHP&osmkt=en-us
HKU\S-1-5-21-781923646-3209173807-790831272-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-781923646-3209173807-790831272-1000 -> DefaultScope {0AA293D0-0F49-41E6-94E8-A1A6AA8A06DC} URL =
SearchScopes: HKU\S-1-5-21-781923646-3209173807-790831272-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=SL5IDF&PC=SL5I&q={searchTerms}&src=IE-SearchBox
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22] (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_73\bin\ssv.dll [2016-03-06] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-10-24] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22] (Adobe Systems Incorporated)
BHO: Aimersoft Video Converter Ultimate 6.1.0 -> {D879895E-2124-4ED0-BDDF-F8F8BBC98A6F} -> C:\PROGRA~2\AIMERS~1\VIDEOC~1\WSBROW~1.DLL => No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-03-06] (Oracle Corporation)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-781923646-3209173807-790831272-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler: WSAMVCUchrome - {086BD280-4613-43B5 - No File
Handler: WSISVCUchrome - No CLSID Value -
Handler: WSWSVCUchrome - No CLSID Value -

FireFox:
========
FF DefaultProfile: 3480vhxc.default
FF ProfilePath: C:\Users\clay\AppData\Roaming\Mozilla\Firefox\Profiles\3480vhxc.default [2016-11-29]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\3480vhxc.default -> Bing
FF SearchEngineOrder.3: Mozilla\Firefox\Profiles\3480vhxc.default -> Bing
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\3480vhxc.default -> Bing
FF Homepage: Mozilla\Firefox\Profiles\3480vhxc.default -> hxxp://www.msn.com/?pc=SL5I&ocid=SL5IDHP&osmkt=en-us
FF Keyword.URL: Mozilla\Firefox\Profiles\3480vhxc.default -> hxxp://www.bing.com/search?FORM=SL5IDF&PC=SL5I&q=
FF Extension: (Bing Search) - C:\Users\clay\AppData\Roaming\Mozilla\Firefox\Profiles\3480vhxc.default\Extensions\bingsearch.full@microsoft.com.xpi [2015-11-27]
FF SearchPlugin: C:\Users\clay\AppData\Roaming\Mozilla\Firefox\Profiles\3480vhxc.default\searchplugins\bing-.xml [2015-11-27]
FF ProfilePath: C:\Users\clay\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\ed283def.default [2016-11-27]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-10-09]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-10-09]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-08] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-09-03] (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-09-03] (Intel Corporation)
FF Plugin: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-03-06] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-03-06] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-02-17] (VideoLAN)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2015-07-03] (Adobe Systems) [File not signed]
R2 AdobeActiveFileMonitor5.0; C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [102400 2006-09-14] () [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-10-08] (AVAST Software)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [280840 2015-03-19] (Intel Corporation)
S2 dbupdate; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-03-14] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-03-14] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [35440 2016-11-07] (Dropbox, Inc.)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [122000 2011-12-12] (Seiko Epson Corporation)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2015-06-30] (Macrovision Europe Ltd.) [File not signed]
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2016-06-09] (Freemake) [File not signed]
R3 ICCS; C:\Program Files\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [171480 2014-02-18] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [293128 2015-03-19] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [686552 2014-05-13] (Intel(R) Corporation)
S3 intelsba; C:\Program Files\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [54976 2014-03-27] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [190256 2014-08-25] ()
R2 jhi_service; C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-09-03] (Intel Corporation)
R2 LavasoftTcpService; C:\Program Files\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2751760 2016-03-27] (Lavasoft Limited)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 MSIBIOSData_CC; C:\Program Files\MSI\Command Center\BIOSData\MSIBIOSDataService.exe [2100736 2014-06-04] (MSI) [File not signed]
S3 MSIClock_CC; C:\Program Files\MSI\Command Center\ClockGen\MSIClockService.exe [4026880 2014-09-26] (MSI) [File not signed]
S3 MSICOMM_CC; C:\Program Files\MSI\Command Center\MSICommService.exe [2118144 2014-07-28] () [File not signed]
S3 MSICPU_CC; C:\Program Files\MSI\Command Center\CPU\MSICPUService.exe [4157440 2014-09-26] () [File not signed]
R2 MSICTL_CC; C:\Program Files\MSI\Command Center\MSIControlService.exe [1993216 2014-09-26] () [File not signed]
S3 MSIDDR_CC; C:\Program Files\MSI\Command Center\DDR\MSIDDRService.exe [2242560 2014-09-01] () [File not signed]
S3 MSISMB_CC; C:\Program Files\MSI\Command Center\SMBus\MSISMBService.exe [2063360 2014-07-28] () [File not signed]
S3 MSISuperIO_CC; C:\Program Files\MSI\Command Center\SuperIO\MSISuperIOService.exe [550400 2014-09-25] () [File not signed]
R2 MSI_LiveUpdate_Service; C:\Program Files\MSI\Live Update\MSI_LiveUpdate_Service.exe [1723856 2014-09-18] (Micro-Star International)
R2 MSI_SuperCharger; C:\Program Files\MSI\Super Charger\ChargeService.exe [162800 2014-03-17] (MSI)
R2 MSI_Trigger_Service; C:\Program Files\MSI\MSITrigger\MSI_Trigger_Service.exe [30240 2013-09-26] (MICRO-STAR INTERNATIONAL CO., LTD.)
R2 ppped; C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe [1034640 2014-05-12] (Cyber Power Systems, Inc.)
R2 PSI_SVC_2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (arvato digital services llc)
S3 RoxMediaDBVHS; C:\Program Files\Common Files\Roxio Shared\VHStoDVD\SharedCOM\RoxMediaDBVHS.exe [1112720 2012-07-30] (Corel Corporation)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SuperRAIDSvc; C:\MSI\Smart Utilities\SuperRAIDSvc.exe [29648 2014-08-13] (Micro-Star International)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
R2 XTU3SERVICE; C:\Program Files\Intel\Extreme Tuning Utility\XtuService.exe [18384 2014-08-07] (Intel(R) Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AcpiCtlDrv; C:\Windows\System32\DRIVERS\AcpiCtlDrv.sys [22808 2012-07-17] (Intel Corporation)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34008 2016-10-08] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-10-08] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [92256 2016-10-08] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [91232 2016-10-08] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [60424 2016-10-08] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [735488 2016-10-08] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [433768 2016-10-08] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [118664 2016-10-08] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [224752 2016-10-13] (AVAST Software)
R2 BrPar; C:\Windows\System32\drivers\BrPar.sys [19537 2000-07-24] (Brother Industries Ltd.) [File not signed]
R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [1760256 2011-03-10] (C-Media Inc)
S3 CXPLRCAP; C:\Windows\System32\drivers\CxPlrCap.sys [187776 2010-01-06] (Conexant Systems, Inc.) [File not signed]
R3 ICCWDT; C:\Windows\System32\DRIVERS\ICCWDT.sys [23512 2013-08-13] (Intel Corporation)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [19144 2014-05-27] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [19656 2014-05-27] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [22728 2014-05-27] ()
R2 iocbios2; C:\Program Files\Intel\Extreme Tuning Utility\Drivers\IocDriver\32bit\iocbios2.sys [27376 2014-06-17] (Intel Corporation)
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD.sys [37576 2014-05-27] ()
R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [16880 2014-06-26] (Intel Corporation)
R3 iusb3hub; C:\Windows\System32\DRIVERS\iusb3hub.sys [380912 2014-06-26] (Intel Corporation)
R3 iusb3xhc; C:\Windows\System32\DRIVERS\iusb3xhc.sys [803312 2014-06-26] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2016-11-29] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
S3 MBfilt; C:\Windows\System32\drivers\MBfilt32.sys [24664 2009-11-17] (Creative Technology Ltd.)
R3 MEI; C:\Windows\System32\DRIVERS\TeeDriver.sys [109568 2014-09-03] (Intel Corporation)
R1 ndisrd; C:\Windows\System32\DRIVERS\ndisrd.sys [28776 2011-09-14] (NT Kernel Resources)
R3 NTIOLib_1_0_3; C:\Program Files\MSI\Super Charger\NTIOLib.sys [14392 2012-10-26] (MSI)
R3 NTIOLib_1_0_4; C:\Program Files\MSI\Live Update\NTIOLib.sys [7680 2010-10-20] (MSI) [File not signed]
S3 NTIOLib_MSIClock_CC; C:\Program Files\MSI\Command Center\ClockGen\NTIOLib.sys [7680 2012-11-20] (MSI) [File not signed]
S3 NTIOLib_MSICOMM_CC; C:\Program Files\MSI\Command Center\NTIOLib.sys [7680 2012-11-19] (MSI) [File not signed]
S3 NTIOLib_MSICPU_CC; C:\Program Files\MSI\Command Center\CPU\NTIOLib.sys [7680 2012-11-20] (MSI) [File not signed]
S3 NTIOLib_MSIDDR_CC; C:\Program Files\MSI\Command Center\DDR\NTIOLib.sys [7680 2012-11-26] (MSI) [File not signed]
S3 NTIOLib_MSIRatio_CC; C:\Program Files\MSI\Command Center\CPU\CPU_Ratio\NTIOLib.sys [7680 2012-11-20] (MSI) [File not signed]
S3 NTIOLib_MSISMB_CC; C:\Program Files\MSI\Command Center\SMBus\NTIOLib.sys [7680 2012-11-19] (MSI) [File not signed]
S3 NTIOLib_MSISuperIO_CC; C:\Program Files\MSI\Command Center\SuperIO\NTIOLib.sys [7680 2012-11-19] (MSI) [File not signed]
R3 NTIOLib_MSI_RAID; C:\MSI\Smart Utilities\NTIOLib.sys [14832 2014-03-17] (MSI)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [46096 2013-10-16] (Corel Corporation)
R3 SCTDriverV1011; C:\Windows\System32\drivers\SCTDriverV1011.sys [202800 2010-05-10] (Jungo)
S3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDAA.sys [660120 2012-05-04] (eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEMA.sys [1085592 2012-05-04] (eMPIA Technology, Inc.)
S3 CamAv; System32\Drivers\CamAv.sys [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 MSICDSetup; \??\F:\CDriver.sys [X]
S3 NTIOLib_1_0_C; \??\F:\NTIOLib.sys [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-29 15:18 - 2016-11-27 09:33 - 01761280 _____ (Farbar) C:\Users\clay\Desktop\FRST.exe
2016-11-28 12:45 - 2016-11-28 12:45 - 00150976 _____ C:\Windows\Minidump\112816-13837-01.dmp
2016-11-28 12:27 - 2016-11-28 12:27 - 00157152 _____ C:\Windows\Minidump\112816-15522-01.dmp
2016-11-28 10:54 - 2016-11-28 10:54 - 00157152 _____ C:\Windows\Minidump\112816-14211-01.dmp
2016-11-28 08:05 - 2016-11-28 08:05 - 00157152 _____ C:\Windows\Minidump\112816-19874-01.dmp
2016-11-28 08:00 - 2016-11-28 08:00 - 00157152 _____ C:\Windows\Minidump\112816-20810-01.dmp
2016-11-27 20:09 - 2016-11-27 20:09 - 00000661 _____ C:\Users\clay\Desktop\Resume TweakBit PCRepairKit Installation.lnk
2016-11-27 19:45 - 2016-11-27 19:45 - 00157152 _____ C:\Windows\Minidump\112716-12402-01.dmp
2016-11-27 19:01 - 2016-11-27 19:01 - 00157152 _____ C:\Windows\Minidump\112716-12838-01.dmp
2016-11-27 18:51 - 2016-11-27 18:51 - 00150976 _____ C:\Windows\Minidump\112716-17409-01.dmp
2016-11-27 18:28 - 2016-11-27 18:28 - 00157152 _____ C:\Windows\Minidump\112716-17690-01.dmp
2016-11-27 18:21 - 2016-11-27 18:21 - 00150976 _____ C:\Windows\Minidump\112716-12682-01.dmp
2016-11-27 18:10 - 2016-11-27 18:11 - 00157152 _____ C:\Windows\Minidump\112716-12651-01.dmp
2016-11-27 15:43 - 2016-11-27 15:43 - 00150976 _____ C:\Windows\Minidump\112716-12370-01.dmp
2016-11-27 15:33 - 2016-11-27 15:33 - 00150976 _____ C:\Windows\Minidump\112716-16146-01.dmp
2016-11-27 14:23 - 2016-11-27 14:23 - 00157152 _____ C:\Windows\Minidump\112716-15646-01.dmp
2016-11-27 14:18 - 2016-11-27 14:25 - 00000000 ___RD C:\Users\Ottersea\Desktop\Malware
2016-11-27 11:30 - 2016-11-02 09:22 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-11-27 11:30 - 2016-10-27 21:14 - 00346320 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-11-27 11:30 - 2016-10-27 09:05 - 20304896 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-11-27 11:30 - 2016-10-27 08:16 - 00689664 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-11-27 11:30 - 2016-10-25 08:54 - 02399744 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-11-27 11:30 - 2016-10-22 11:27 - 02287616 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-11-27 11:30 - 2016-10-22 11:13 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-11-27 11:30 - 2016-10-22 10:46 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-11-27 11:30 - 2016-10-22 10:44 - 04608000 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-11-27 11:30 - 2016-10-22 10:43 - 02055680 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-11-27 11:30 - 2016-10-22 10:43 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-11-27 11:30 - 2016-10-22 10:30 - 13654016 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-11-27 11:30 - 2016-10-22 10:12 - 02444800 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-11-27 11:30 - 2016-10-22 10:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-11-27 11:30 - 2016-10-15 09:13 - 00741888 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-11-27 11:30 - 2016-10-11 09:24 - 00250600 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2016-11-27 11:30 - 2016-10-11 09:18 - 01027584 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10.IME
2016-11-27 11:30 - 2016-10-11 09:18 - 00701440 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2016-11-27 11:30 - 2016-10-11 09:18 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\input.dll
2016-11-27 11:30 - 2016-10-11 09:18 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\tintlgnt.ime
2016-11-27 11:30 - 2016-10-11 09:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\quick.ime
2016-11-27 11:30 - 2016-10-11 09:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\qintlgnt.ime
2016-11-27 11:30 - 2016-10-11 09:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\phon.ime
2016-11-27 11:30 - 2016-10-11 09:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\cintlgnt.ime
2016-11-27 11:30 - 2016-10-11 09:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\chajei.ime
2016-11-27 11:30 - 2016-10-11 09:18 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\pintlgnt.ime
2016-11-27 11:30 - 2016-10-11 07:33 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2016-11-27 11:30 - 2016-10-10 09:21 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-11-27 11:30 - 2016-10-10 09:21 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-11-27 11:30 - 2016-10-10 09:16 - 01062912 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-11-27 11:30 - 2016-10-10 09:16 - 00261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-11-27 11:30 - 2016-10-07 09:18 - 04000488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2016-11-27 11:30 - 2016-10-07 09:18 - 03944680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-11-27 11:30 - 2016-10-07 09:15 - 01310528 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-11-27 11:30 - 2016-10-07 09:12 - 02291712 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2016-11-27 11:30 - 2016-10-07 09:12 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\olepro32.dll
2016-11-27 11:30 - 2016-10-07 09:12 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-11-27 11:30 - 2016-10-05 08:50 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2016-11-27 11:30 - 2016-09-15 08:51 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2016-11-27 11:30 - 2016-09-09 12:00 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-11-27 11:29 - 2016-11-02 09:16 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-11-27 11:29 - 2016-11-02 09:16 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-11-27 11:29 - 2016-11-02 09:16 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-11-27 11:29 - 2016-11-02 08:53 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-11-27 11:29 - 2016-10-22 11:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-11-27 11:29 - 2016-10-22 11:53 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-11-27 11:29 - 2016-10-22 11:36 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-11-27 11:29 - 2016-10-22 11:36 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-11-27 11:29 - 2016-10-22 11:35 - 00498688 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-11-27 11:29 - 2016-10-22 11:35 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-11-27 11:29 - 2016-10-22 11:34 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-11-27 11:29 - 2016-10-22 11:27 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-11-27 11:29 - 2016-10-22 11:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-11-27 11:29 - 2016-10-22 11:22 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-11-27 11:29 - 2016-10-22 11:21 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-11-27 11:29 - 2016-10-22 11:21 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-11-27 11:29 - 2016-10-22 11:21 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-11-27 11:29 - 2016-10-22 11:20 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-11-27 11:29 - 2016-10-22 11:09 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-11-27 11:29 - 2016-10-22 11:04 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-11-27 11:29 - 2016-10-22 11:03 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-11-27 11:29 - 2016-10-22 10:59 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-11-27 11:29 - 2016-10-22 10:58 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-11-27 11:29 - 2016-10-22 10:56 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-11-27 11:29 - 2016-10-22 10:54 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-11-27 11:29 - 2016-10-22 10:45 - 00693248 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-11-27 11:29 - 2016-10-22 10:09 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-11-27 11:29 - 2016-10-15 09:13 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-11-27 11:29 - 2016-10-11 09:18 - 00829952 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2016-11-27 11:29 - 2016-10-11 09:18 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\imkr80.ime
2016-11-27 11:29 - 2016-10-10 09:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-11-27 11:29 - 2016-10-10 09:16 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-11-27 11:29 - 2016-10-10 09:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-11-27 11:29 - 2016-10-10 09:16 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-11-27 11:29 - 2016-10-10 09:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-11-27 11:29 - 2016-10-10 09:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-11-27 11:29 - 2016-10-10 09:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-11-27 11:29 - 2016-10-10 09:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-11-27 11:29 - 2016-10-10 09:16 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-11-27 11:29 - 2016-10-10 09:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-11-27 11:29 - 2016-10-10 09:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-11-27 11:29 - 2016-10-10 09:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-11-27 11:29 - 2016-10-10 09:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-11-27 11:29 - 2016-10-10 08:54 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-11-27 11:29 - 2016-10-10 08:50 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-11-27 11:29 - 2016-10-10 08:50 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-11-27 11:29 - 2016-10-10 08:50 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-11-27 11:29 - 2016-10-10 08:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-11-27 11:29 - 2016-10-10 08:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-11-27 11:29 - 2016-10-10 08:50 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-11-27 11:29 - 2016-10-07 09:12 - 00644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-11-27 11:29 - 2016-10-07 09:12 - 00581632 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-11-27 11:29 - 2016-10-07 09:12 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-11-27 11:29 - 2016-10-07 09:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-11-27 11:29 - 2016-10-07 09:12 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-11-27 11:29 - 2016-10-07 09:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-11-27 11:29 - 2016-10-07 09:12 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-11-27 11:29 - 2016-10-07 09:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-11-27 11:29 - 2016-10-07 08:54 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-11-27 11:29 - 2016-10-07 08:54 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-11-27 11:29 - 2016-10-07 08:54 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-11-27 11:29 - 2016-10-07 08:54 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-11-27 11:29 - 2016-10-07 08:51 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-11-27 11:29 - 2016-10-07 08:49 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-11-27 11:29 - 2016-09-13 09:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-11-27 11:29 - 2016-08-21 07:05 - 00935424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2016-11-27 11:02 - 2016-11-27 11:02 - 00157152 _____ C:\Windows\Minidump\112716-15475-01.dmp
2016-11-27 10:29 - 2016-11-27 10:30 - 00157152 _____ C:\Windows\Minidump\112716-18018-01.dmp
2016-11-27 09:53 - 2016-11-27 09:53 - 00150976 _____ C:\Windows\Minidump\112716-22994-01.dmp
2016-11-27 09:35 - 2016-11-29 15:27 - 00000000 ____D C:\FRST
2016-11-27 09:27 - 2016-11-27 09:27 - 00000000 ____D C:\Users\clay\AppData\Roaming\Moonchild Productions
2016-11-27 09:27 - 2016-11-27 09:27 - 00000000 ____D C:\Users\clay\AppData\Local\Moonchild Productions
2016-11-27 09:25 - 2016-11-27 09:25 - 00150976 _____ C:\Windows\Minidump\112716-14040-01.dmp
2016-11-27 09:17 - 2016-11-29 15:09 - 00000000 ____D C:\Users\clay\AppData\LocalLow\Mozilla
2016-11-27 09:16 - 2016-11-27 09:16 - 00000000 ____D C:\Users\clay\AppData\Roaming\Epson
2016-11-27 09:14 - 2016-11-27 09:14 - 00157152 _____ C:\Windows\Minidump\112716-13774-01.dmp
2016-11-27 09:10 - 2016-11-27 09:10 - 00150976 _____ C:\Windows\Minidump\112716-16551-01.dmp
2016-11-27 08:03 - 2016-11-27 08:03 - 00157152 _____ C:\Windows\Minidump\112716-14726-01.dmp
2016-11-20 16:04 - 2016-11-29 15:12 - 00000000 ____D C:\Users\Ottersea\AppData\LocalLow\Mozilla
2016-11-20 15:48 - 2016-11-29 15:12 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-11-16 11:36 - 2016-11-16 11:36 - 00000000 _____ C:\Windows\system32\last.dump
2016-11-16 11:31 - 2016-11-28 12:45 - 338368153 _____ C:\Windows\MEMORY.DMP
2016-11-16 11:31 - 2016-11-28 12:45 - 00000000 ____D C:\Windows\Minidump
2016-11-11 16:12 - 2016-11-11 16:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-11-11 15:12 - 2016-11-11 15:12 - 00000000 ____D C:\Users\Ottersea\AppData\Local\ABBYY
2016-11-11 15:10 - 2016-11-12 09:14 - 00000000 ____D C:\Users\Ottersea\AppData\Roaming\EPSON
2016-11-11 15:06 - 2016-11-11 15:06 - 00000000 ____D C:\Users\Ottersea\AppData\Roaming\ArcSoft
2016-11-11 14:58 - 2016-11-11 14:58 - 00000161 _____ C:\Users\Public\Desktop\Perfection V600 User's Guide.url
2016-11-11 14:58 - 2016-11-11 14:58 - 00000046 _____ C:\Windows\Perfection V600.ini
2016-11-11 14:58 - 2016-11-11 14:58 - 00000000 ____D C:\Users\clay\AppData\Roaming\Leadertech
2016-11-11 14:58 - 2016-11-11 14:58 - 00000000 ____D C:\ProgramData\EPSON
2016-11-11 14:57 - 2016-11-11 14:57 - 00001963 _____ C:\Users\Public\Desktop\PhotoStudio 6.lnk
2016-11-11 14:57 - 2016-11-11 14:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft PhotoStudio 6
2016-11-11 14:57 - 2016-11-11 14:57 - 00000000 ____D C:\Program Files\Common Files\ArcSoft
2016-11-11 14:57 - 2016-11-11 14:57 - 00000000 ____D C:\Program Files\ArcSoft
2016-11-11 14:56 - 2016-11-11 14:56 - 00000000 ____D C:\Users\clay\AppData\Local\ABBYY
2016-11-11 14:56 - 2016-11-11 14:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 9.0 Sprint
2016-11-11 14:55 - 2016-11-11 14:57 - 00000000 ____D C:\Program Files\ABBYY FineReader 9.0 Sprint
2016-11-11 14:55 - 2016-11-11 14:55 - 00000000 ____D C:\ProgramData\ABBYY
2016-11-11 14:55 - 2016-11-11 14:55 - 00000000 ____D C:\Program Files\Common Files\ABBYY
2016-11-11 14:52 - 2016-11-11 14:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
2016-11-11 14:52 - 2016-11-11 14:53 - 00000000 ____D C:\Program Files\Epson Software
2016-11-11 14:51 - 2016-11-11 14:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2016-11-11 14:51 - 2016-11-11 14:57 - 00000000 ____D C:\Program Files\epson
2016-11-11 14:51 - 2016-11-11 14:51 - 00000936 _____ C:\Users\Public\Desktop\EPSON Scan.lnk
2016-11-11 14:51 - 2012-07-25 00:00 - 00075776 _____ (Seiko Epson Corporation.) C:\Windows\system32\esw2_a1.dll
2016-11-11 14:51 - 2012-07-10 01:00 - 00065793 _____ C:\Windows\system32\esfwa1.bin
2016-11-11 14:51 - 2012-07-10 00:00 - 00319488 _____ (SEIKO EPSON CORP.) C:\Windows\system32\esinta1.dll
2016-11-11 14:51 - 2011-12-12 00:00 - 00122000 _____ (Seiko Epson Corporation) C:\Windows\system32\escsvc.exe
2016-11-10 23:19 - 2016-11-10 23:19 - 00000000 ____D C:\Users\clay\AppData\Local\PowerPanel Personal Edition
2016-11-10 22:54 - 2016-11-10 22:54 - 00000000 __SHD C:\Windows\system32\AI_RecycleBin
2016-11-10 22:54 - 2016-11-10 22:54 - 00000000 ____D C:\Users\Ottersea\AppData\Local\PowerPanel Personal Edition
2016-11-10 22:54 - 2016-11-10 22:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberPower PowerPanel Personal Edition
2016-11-08 16:23 - 2016-11-08 16:23 - 00000000 ____D C:\Users\clay\AppData\Local\CEF
2016-11-07 16:49 - 2016-11-07 16:49 - 00063600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2016-11-07 16:49 - 2016-11-07 16:49 - 00063600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2016-11-07 16:49 - 2016-11-07 16:49 - 00063600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2016-11-07 16:33 - 2016-11-08 17:34 - 05610688 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2016-11-07 10:17 - 2016-11-07 10:17 - 00002824 _____ C:\Users\Ottersea\AppData\Local\recently-used.xbel
2016-10-30 15:07 - 2016-10-30 15:07 - 00000000 ____D C:\Firearms

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-29 15:14 - 2015-06-29 11:43 - 00000000 ____D C:\Program Files\CyberPower PowerPanel Personal Edition
2016-11-29 15:12 - 2015-07-24 11:39 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-11-29 15:09 - 2016-03-14 17:51 - 00000888 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-11-29 15:09 - 2015-07-07 15:02 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-29 15:09 - 2015-06-29 10:43 - 00000514 _____ C:\Windows\Brownie.ini
2016-11-29 15:09 - 2015-06-28 17:09 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-11-29 15:09 - 2015-06-26 17:39 - 00000262 _____ C:\Windows\Tasks\RtlNetworkGenieVistaStart.job
2016-11-29 15:08 - 2015-07-07 11:21 - 00000000 __SHD C:\Users\clay\IntelGraphicsProfiles
2016-11-29 15:07 - 2015-06-29 07:56 - 00000000 ____D C:\Users\Ottersea\AppData\Local\PasswordSafe
2016-11-29 14:31 - 2015-07-11 10:08 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-11-29 14:30 - 2016-03-14 17:51 - 00000892 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-11-29 11:19 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\system32\NDF
2016-11-28 19:42 - 2016-03-15 09:33 - 00000000 ___RD C:\Users\Ottersea\Dropbox
2016-11-28 18:47 - 2014-03-18 18:16 - 00000000 ____D C:\Photos
2016-11-28 18:33 - 2015-06-30 15:17 - 00000000 ____D C:\Program Files\Steam
2016-11-28 18:32 - 2015-07-03 12:24 - 00000000 __SHD C:\Users\Ottersea\IntelGraphicsProfiles
2016-11-28 12:53 - 2009-07-13 22:34 - 00022336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-28 12:53 - 2009-07-13 22:34 - 00022336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-28 12:45 - 2009-07-13 22:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-28 06:00 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\rescache
2016-11-28 00:30 - 2010-11-20 15:01 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-28 00:30 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\inf
2016-11-28 00:23 - 2009-07-13 22:33 - 00360904 _____ C:\Windows\system32\FNTCACHE.DAT
2016-11-28 00:06 - 2015-06-29 11:10 - 00000000 ____D C:\Windows\system32\MRT
2016-11-28 00:02 - 2015-06-29 11:10 - 138444440 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-11-27 11:44 - 2015-06-29 10:44 - 00000426 _____ C:\Windows\BRWMARK.INI
2016-11-27 11:11 - 2015-07-01 17:40 - 00000000 ____D C:\Users\Ottersea\AppData\Local\CrashDumps
2016-11-27 09:55 - 2015-06-30 15:17 - 00000000 ____D C:\Program Files\Common Files\Steam
2016-11-27 09:29 - 2016-07-28 08:11 - 00539810 _____ C:\Windows\ntbtlog.txt
2016-11-27 09:15 - 2015-06-28 18:02 - 00000000 ____D C:\Users\clay\AppData\Local\ElevatedDiagnostics
2016-11-26 10:06 - 2015-06-29 07:42 - 00000000 ____D C:\Users\Ottersea
2016-11-23 15:06 - 2015-06-29 13:03 - 00000000 ____D C:\Users\Ottersea\Documents\Quicken
2016-11-16 11:35 - 2009-07-13 22:53 - 00032560 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-11-13 14:06 - 2016-04-24 17:17 - 00000000 ____D C:\Users\Ottersea\Documents\Easy VHS to DVD Projects
2016-11-11 16:12 - 2016-03-14 17:51 - 00000000 ____D C:\Program Files\Dropbox
2016-11-11 14:59 - 2015-06-26 05:16 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2016-11-11 14:58 - 2015-06-30 14:03 - 00000000 ____D C:\Users\clay\AppData\Local\CrashDumps
2016-11-11 14:58 - 2009-07-13 22:52 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-11-08 17:34 - 2015-06-30 08:21 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-11-08 17:34 - 2015-06-30 08:21 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-11-08 17:34 - 2015-06-29 15:29 - 00000000 ____D C:\Windows\system32\Macromed
2016-11-07 16:49 - 2016-10-24 07:06 - 00035440 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2016-11-07 16:08 - 2015-06-29 12:09 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2016-11-07 15:56 - 2016-03-14 17:51 - 00000000 ____D C:\Users\clay\AppData\Local\Dropbox
2016-11-07 11:50 - 2015-07-13 11:18 - 00000000 ____D C:\Users\Ottersea\.gimp-2.8
2016-11-07 10:17 - 2015-07-13 11:22 - 00000000 ____D C:\Users\Ottersea\AppData\Local\gtk-2.0
2016-11-05 08:55 - 2015-06-28 17:12 - 00000000 ____D C:\Program Files\Password Safe
2016-11-05 08:54 - 2015-06-28 17:13 - 00000000 ____D C:\Users\clay\AppData\Local\PasswordSafe

==================== Files in the root of some directories =======

2015-07-02 11:24 - 2015-07-02 14:36 - 0007605 _____ () C:\Users\clay\AppData\Local\Resmon.ResmonCfg
2016-05-17 17:50 - 2016-05-17 17:50 - 0000016 _____ () C:\ProgramData\mntemp

Some files in TEMP:
====================
C:\Users\clay\AppData\Local\Temp\FreemakeVideoConverterFull.exe
C:\Users\clay\AppData\Local\Temp\_isA411.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-11-24 07:42

==================== End of FRST.txt ============================

Addition file too long will post in next posting.
ottersea
Regular Member
 
Posts: 41
Joined: December 13th, 2010, 1:47 pm

Re: Computer locks up and now getting BSOD

Unread postby ottersea » November 29th, 2016, 5:34 pm

Addition file:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27-11-2016
Ran by clay (29-11-2016 15:28:29)
Running from C:\Downloads
Microsoft Windows 7 Home Premium Service Pack 1 (X86) (2015-06-26 09:06:11)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-781923646-3209173807-790831272-500 - Administrator - Disabled)
clay (S-1-5-21-781923646-3209173807-790831272-1000 - Administrator - Enabled) => C:\Users\clay
Guest (S-1-5-21-781923646-3209173807-790831272-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-781923646-3209173807-790831272-1003 - Limited - Enabled)
Ottersea (S-1-5-21-781923646-3209173807-790831272-1001 - Limited - Enabled) => C:\Users\Ottersea
Sharon (S-1-5-21-781923646-3209173807-790831272-1004 - Limited - Enabled) => C:\Users\Sharon

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABBYY FineReader 4.0 Sprint (HKLM\...\ABBYY FineReader 4.0 Sprint) (Version: - )
ABBYY FineReader 9.0 Sprint (HKLM\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (Version: 9.01.513.58212 - ABBYY) Hidden
ACPI Driver Installer (HKLM\...\553E35CD-0415-41bc-B39A-410375E88534) (Version: 2.1 - Intel Corporation)
Adobe Acrobat 8 Professional - English, Français, Deutsch (HKLM\...\Adobe Acrobat 8 Professional - English, Français, Deutsch) (Version: 8.0.0 - Adobe Systems)
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.0.12.36 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Photoshop CS2 (HKLM\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Photoshop Elements 5.0 (HKLM\...\Adobe Photoshop Elements 5) (Version: 5.0 - Adobe Systems Inc.)
Adobe Reader 8.1.0 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A81000000003}) (Version: 8.1.0 - Adobe Systems Incorporated)
Adobe SVG Viewer 3.0 (HKLM\...\Adobe SVG Viewer) (Version: 3.0 - )
AMD Catalyst Install Manager (HKLM\...\{294E0B98-299B-62A4-47C7-131A2D9E220F}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AnswerWorks 5.0 English Runtime (HKLM\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)
Apple Application Support (HKLM\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
ArcSoft PhotoStudio 6 (HKLM\...\{6C33D2FD-8FBB-4613-BC4A-1663D03D1626}) (Version: 6.0.6.187 - ArcSoft)
ASUS Xonar DG Audio Driver (HKLM\...\C-Media Oxygen HD Audio Driver) (Version: - )
Avast Free Antivirus (HKLM\...\Avast) (Version: 12.3.2280 - AVAST Software)
Brother BRAdmin Light 1.17.0002 (HKLM\...\{DB75941E-30C4-4D97-B000-D17C764B998C}) (Version: 1.17.0002 - Brother)
Brother HL-3070CW (HKLM\...\{54794513-6AAB-44D3-AE7A-7C2037FE938D}) (Version: 1.00 - Brother)
CCleaner (HKLM\...\CCleaner) (Version: 5.12 - Piriform)
Contents (Version: 18.0.0.181 - Corel Corporation) Hidden
Corel VideoStudio Pro X8 (HKLM\...\_{A22A80C4-F237-4B5A-825F-0731971ECBE6}) (Version: 18.6.0.6 - Corel Corporation)
CyberPower PowerPanel Personal Edition 1.4.3 (HKLM\...\{DEC7E1CD-31A2-4F2F-BEE5-CF80E8E58C2A}) (Version: 1.4.3 - Cyber Power Systems, Inc.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Detroit Iron Information Systems (HKLM\...\Detroit Iron) (Version: - )
DirectX 9 Runtime (Version: 1.00.0000 - Sonic Solutions) Hidden
Dropbox (HKLM\...\Dropbox) (Version: 14.4.19 - Dropbox, Inc.)
Dropbox Update Helper (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Easy Photo Scan (HKLM\...\{04A3C7AC-C350-46FA-8F72-C4E3F6B50D07}) (Version: 1.00.0004 - Seiko Epson Corporation)
Epson Copy Utility 4 (HKLM\...\{B835ADF3-3807-4B06-8E23-3B84AD67C4D7}) (Version: 4.01.0000 - Seiko Epson Corporation)
Epson Event Manager (HKLM\...\{747C2710-1D8F-46DD-ADF0-6EE0D980F13C}) (Version: 3.10.0039 - Seiko Epson Corporation)
EPSON Scan (HKLM\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
eShield Browser Security (HKU\S-1-5-21-781923646-3209173807-790831272-1000\...\{45B49A49-4C3D-4F36-B3AD-215F48A1D8E9}) (Version: - eShield) <==== ATTENTION
EZ Grabber (HKLM\...\{8543A572-5993-4101-BACC-C83884E183A4}) (Version: 2.00.0000 - EZ Grabber)
Freemake Video Converter version 4.1.9 (HKLM\...\Freemake Video Converter_is1) (Version: 4.1.9 - Ellora Assets Corporation)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Earth (HKLM\...\{A0C18B96-AB79-46BD-8321-6FA83E6D25B9}) (Version: 7.1.7.2606 - Google)
Google Update Helper (Version: 1.3.31.5 - Google Inc.) Hidden
Haali Media Splitter (HKLM\...\HaaliMkx) (Version: - )
HydraVision (Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
ICA (Version: 18.0.0.181 - Corel Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.28.1006 - Intel Corporation)
Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4170 - Intel Corporation)
Intel(R) Small Business Advantage (HKLM\...\{6A6D86CD-B004-46b7-8951-7BB75A776F8C}) (Version: 2.2.51.8439 - Intel(R) Corporation)
Intel(R) Smart Connect Technology (HKLM\...\{2551B515-A1F5-4AF7-BF9A-74F65D04E13C}) (Version: 5.0.10.2907 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.34 - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version: - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM\...\3FD0C489-0F02-481a-A3E1-9754CD396761) (Version: - Intel Corporation)
IPM_VS_Pro (Version: 18.0 - Corel Corporation) Hidden
Itibiti RTC (Version: 0.0.1 - Itibiti Inc) Hidden <==== ATTENTION
Java 8 Update 73 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Junk Mail filter update (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
MediaFACE (HKU\S-1-5-21-781923646-3209173807-790831272-1000\...\InstallShield_{B42F56DC-A1AC-4634-953A-6EBB5BF26B8C}) (Version: 5.0 - Fellowes)
MediaFACE (Version: 5.0 - Fellowes) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Access 2000 Runtime (HKLM\...\{00180408-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3308 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-781923646-3209173807-790831272-1001\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Movie Maker (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 50.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 50.0.1 (x86 en-US)) (Version: 50.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 50.0.1.6171 - Mozilla)
MSI Command Center (HKLM\...\{85A2564E-9ED9-448A-91E4-B9211EE58A08}_is1) (Version: 1.0.0.83 - MSI)
MSI Intel Extreme Tuning Utility (HKLM\...\{56351c83-306c-4135-a570-2784d3025548}) (Version: 5.1.0.101 - Intel Corporation)
MSI Intel Extreme Tuning Utility (Version: 5.1.0.101 - Intel Corporation) Hidden
MSI Live Update (HKLM\...\{4F46CF54-47D2-41F4-B230-B0954C544420}}_is1) (Version: 6.0.010 - MSI)
MSI Smart Utilities (HKLM\...\{009E5DF2-3F97-480B-89DA-F2D5E672E14A}_is1) (Version: 2.0.0.10 - MSI)
MSI Super Charger (HKLM\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.026 - MSI)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NetworkGenie (HKLM\...\{B416A23D-C2BD-4956-8BAE-5C3BAFF1AC1E}) (Version: 1.0.0.8 - MSI)
Nik Collection (HKLM\...\Nik Collection) (Version: 1.2.11 - Google)
OpenAL (HKLM\...\OpenAL) (Version: - )
OpenOffice 4.1.2 (HKLM\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
Pale Moon 26.5.0 (x86 en-US) (HKLM\...\Pale Moon 26.5.0 (x86 en-US)) (Version: 26.5.0 - Moonchild Productions)
Password Safe (HKLM\...\Password Safe) (Version: - )
PeaZip 5.6.0 (HKLM\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version: - Giorgio Tani)
Perfection V600 User's Guide version 1.0 (HKLM\...\UsersGuidePerfection V600 User's Guide_is1) (Version: 1.0 - )
Quicken 2008 (HKLM\...\{3B0F52AC-EF5C-4831-B221-06C782E41280}) (Version: 17.1.6.7 - Intuit)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.77.1126.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7293 - Realtek Semiconductor Corp.)
Roxio Easy VHS to DVD 3 (HKLM\...\{01EA1B5D-04A2-45BD-83BD-488D6EB7B942}) (Version: 3.0 - Roxio)
RVer's Notebook (HKLM\...\RVer's Notebook) (Version: 2.2 - IV Software)
SafeZone Stable 1.51.2220.62 (Version: 1.51.2220.62 - Avast Software) Hidden
SCT Device Updater (HKLM\...\{1E05E69C-38E3-40A8-96BA-07900EE62F4F}) (Version: 2.9.16049.1 - SCT)
SCTDriversV1011x86 (HKLM\...\{85E589A5-FBF0-4CC5-9E58-CA2E1E54DBBF}) (Version: 11.0.0 - SCT Performance LLC)
Setup (Version: 18.0.0.181 - Corel Corporation) Hidden
Share (Version: 18.0.0.181 - Corel Corporation) Hidden
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Tomb Raider (HKLM\...\Steam App 203160) (Version: - Crystal Dynamics)
VGA Boost (HKLM\...\{809ACFAE-9A4D-4C60-9223-D8B615CD8CBA}}_is1) (Version: 1.0.0.8 - MSI)
VideoStudio MyDVD (HKLM\...\{49D8422A-D54E-425F-8A38-54167B1174A1}) (Version: 1.0 - Corel)
VideoStudio MyDVD (Version: 1.0.112 - Corel Corporation) Hidden
ViewSonic Monitor Drivers (HKLM\...\{B4FEA924-630D-11D4-B78E-005004566E4D}) (Version: - )
Visioneer PaperPort Viewer 5.0 (HKLM\...\Visioneer PaperPort Viewer 5.0) (Version: - )
VLC media player 2.0.0 (HKLM\...\VLC media player) (Version: 2.0.0 - VideoLAN)
VSClassic (Version: 18.0.0.181 - Corel Corporation) Hidden
VSPro (Version: 18.0.0.181 - Corel Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version: - )
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 33.6.2015.18 - Ruiware)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-781923646-3209173807-790831272-1001_Classes\CLSID\{3F11DF04-C40B-F92C-CA9B-08270FD5296B}\InprocServer32 -> C:\Windows\system32\ole32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-781923646-3209173807-790831272-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-781923646-3209173807-790831272-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Ottersea\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-781923646-3209173807-790831272-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Ottersea\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-781923646-3209173807-790831272-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Ottersea\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-781923646-3209173807-790831272-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Ottersea\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-781923646-3209173807-790831272-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Ottersea\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\FileSyncApi.dll (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {07F6671E-65FD-41E8-A73F-D3C68931814B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {09163B08-9F6F-42CA-8C3D-A8468FDF0AB7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-11-16] (Piriform Ltd)
Task: {104BDFAF-0190-4058-8EA4-344AF5C02B45} - System32\Tasks\{BCB078B6-E9AF-4868-81DD-122CDC255DC1} => C:\Program Files\Roxio Easy VHS to DVD 3\VHS to DVD\EasyVHS2DVD.exe [2015-07-30] (Corel Corporation)
Task: {15728833-CB12-4F17-B970-0AD6F67D4E96} - System32\Tasks\SafeZone scheduled Autoupdate 1458720096 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-09-06] (Avast Software)
Task: {166F7E9F-957A-4083-87DF-4423EC2A40DC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {2E47043C-1B6E-4E04-8EE6-DBB6CB001DA6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-08] (Adobe Systems Incorporated)
Task: {3227AA71-4816-456B-8733-853E4EA07105} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-07-07] (Google Inc.)
Task: {32CC5275-95DC-434D-911D-515A5F9514FB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-07-07] (Google Inc.)
Task: {40FBFCE8-93D9-41E4-935F-597A2BA2FB6E} - System32\Tasks\{007FA6E3-CF20-46F7-B82F-B011FDE9B2F7} => C:\Program Files\Roxio Easy VHS to DVD 3\VHS to DVD\EasyVHS2DVD.exe [2015-07-30] (Corel Corporation)
Task: {4658147C-50C5-4C13-8205-FC515844EE1C} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2016-03-14] (Dropbox, Inc.)
Task: {65E15A65-AAC5-46ED-885D-94C31A8293E5} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2016-03-14] (Dropbox, Inc.)
Task: {7A2FAB2D-743A-4E89-907B-3CA8A2857AE5} - System32\Tasks\{624C7513-FA51-4959-A224-E9B431164EC7} => C:\Program Files\Roxio Easy VHS to DVD 3\VHS to DVD\EasyVHS2DVD.exe [2015-07-30] (Corel Corporation)
Task: {A4989A20-9BD8-4CB7-B8EE-2B79BD796952} - System32\Tasks\Games\UpdateCheck_S-1-5-21-781923646-3209173807-790831272-1001
Task: {A96AD960-4170-4827-96E6-2EFBBDC36028} - System32\Tasks\RtlNetworkGenieVistaStart => C:\Program Files\MSI\NetworkGenie\NetworkGenie.exe [2014-04-23] (Realtek Semiconductor)
Task: {BE7741F8-D625-4E6E-95C5-F99B5AF210E1} - System32\Tasks\{A8B954D2-A03E-488B-9F23-1958E7CAEBDB} => pcalua.exe -a "C:\Downloads\Adobe\APRO23_Win_ESD1_WWEFG Acrobat 8.exe" -d C:\Downloads\Adobe
Task: {CDBD09AF-A491-470D-B3E8-9DF193C9EDE4} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-02] (AVAST Software)
Task: {EFBF2606-E978-48E0-A43B-964B67788C9B} - System32\Tasks\{79D11D37-61C5-4CED-A06C-367F9C90FEF7} => C:\Program Files\Roxio Easy VHS to DVD 3\VHS to DVD\EasyVHS2DVD.exe [2015-07-30] (Corel Corporation)
Task: {F6F6B1EB-D04A-4A2E-8040-B2C357BB6066} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-10-08] (AVAST Software)
Task: {FEB4AF15-8A24-4624-BF6B-C9E0C1DC8FE3} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\RtlNetworkGenieVistaStart.job => C:\Program Files\MSI\NetworkGenie\NetworkGenie.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Public\Desktop\VideoStudio Learning.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> www.studiobacklot.tv/videostudio

==================== Loaded Modules (Whitelisted) ==============

2016-10-08 18:39 - 2016-10-08 18:39 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-10-08 18:39 - 2016-10-08 18:39 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-11-29 14:11 - 2016-11-29 14:11 - 03133960 _____ () C:\Program Files\AVAST Software\Avast\defs\16112901\algo.dll
2006-09-14 06:56 - 2006-09-14 06:56 - 00102400 _____ () C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
2014-08-25 15:01 - 2014-08-25 15:01 - 00190256 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2014-08-25 15:01 - 2014-08-25 15:01 - 00052016 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2014-08-25 15:00 - 2014-08-25 15:00 - 00036144 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll
2014-08-25 15:00 - 2014-08-25 15:00 - 00052016 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTEncryptionCheck.dll
2015-06-26 17:35 - 2014-09-26 10:44 - 01993216 _____ () C:\Program Files\MSI\Command Center\MSIControlService.exe
2015-06-26 17:36 - 2005-07-18 12:43 - 00160256 _____ () C:\Program Files\MSI\Live Update\unrar.dll
2015-06-29 12:09 - 2014-05-13 11:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-06-29 12:09 - 2014-05-13 11:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2015-06-29 12:09 - 2014-05-13 11:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-06-29 12:09 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2015-06-29 12:09 - 2012-04-03 16:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-06-26 17:38 - 2014-08-13 19:10 - 01723856 _____ () C:\MSI\Smart Utilities\SuperRAIDExt.DLL
2014-09-03 10:03 - 2014-09-03 10:03 - 01241560 _____ () C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2016-10-08 18:39 - 2016-10-08 18:39 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-11-11 16:11 - 2016-10-10 10:29 - 00035792 _____ () C:\Program Files\Dropbox\Client\_multiprocessing.pyd
2016-11-11 16:11 - 2016-10-10 10:29 - 00145864 _____ () C:\Program Files\Dropbox\Client\pyexpat.pyd
2016-11-11 16:11 - 2016-10-10 10:29 - 00019408 _____ () C:\Program Files\Dropbox\Client\faulthandler.pyd
2016-11-11 16:11 - 2016-10-10 10:29 - 00116688 _____ () C:\Program Files\Dropbox\Client\pywintypes27.dll
2016-11-11 16:11 - 2016-10-10 10:29 - 00100296 _____ () C:\Program Files\Dropbox\Client\_ctypes.pyd
2016-11-11 16:11 - 2016-10-10 10:29 - 00018888 _____ () C:\Program Files\Dropbox\Client\select.pyd
2016-11-11 16:11 - 2016-11-07 16:59 - 00019760 _____ () C:\Program Files\Dropbox\Client\tornado.speedups.pyd
2016-11-11 16:11 - 2016-10-10 10:29 - 00694224 _____ () C:\Program Files\Dropbox\Client\unicodedata.pyd
2016-11-11 16:11 - 2016-11-07 16:58 - 00020816 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2016-11-11 16:11 - 2016-10-10 10:30 - 00123856 _____ () C:\Program Files\Dropbox\Client\_cffi_backend.pyd
2016-11-11 16:11 - 2016-11-07 16:58 - 01682760 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2016-11-11 16:11 - 2016-11-07 16:58 - 00020808 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2016-11-11 16:11 - 2016-10-10 10:31 - 00105928 _____ () C:\Program Files\Dropbox\Client\win32api.pyd
2016-11-11 16:11 - 2016-11-07 16:59 - 00021312 _____ () C:\Program Files\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2016-11-11 16:11 - 2016-11-07 16:59 - 00052024 _____ () C:\Program Files\Dropbox\Client\psutil._psutil_windows.pyd
2016-11-11 16:11 - 2016-11-07 16:59 - 00038696 _____ () C:\Program Files\Dropbox\Client\fastpath.pyd
2016-11-11 16:11 - 2016-10-10 10:29 - 00392144 _____ () C:\Program Files\Dropbox\Client\pythoncom27.dll
2016-11-11 16:11 - 2016-10-10 10:31 - 00020936 _____ () C:\Program Files\Dropbox\Client\mmapfile.pyd
2016-11-11 16:11 - 2016-10-10 10:31 - 00024528 _____ () C:\Program Files\Dropbox\Client\win32event.pyd
2016-11-11 16:11 - 2016-10-10 10:31 - 00116176 _____ () C:\Program Files\Dropbox\Client\win32security.pyd
2016-11-11 16:11 - 2016-11-07 16:59 - 00381752 _____ () C:\Program Files\Dropbox\Client\win32com.shell.shell.pyd
2016-11-11 16:11 - 2016-10-10 10:31 - 00124880 _____ () C:\Program Files\Dropbox\Client\win32file.pyd
2016-11-11 16:11 - 2016-11-07 16:59 - 00025424 _____ () C:\Program Files\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2016-11-11 16:11 - 2016-10-10 10:31 - 00024016 _____ () C:\Program Files\Dropbox\Client\win32clipboard.pyd
2016-11-11 16:11 - 2016-10-10 10:31 - 00175560 _____ () C:\Program Files\Dropbox\Client\win32gui.pyd
2016-11-11 16:11 - 2016-10-10 10:31 - 00030160 _____ () C:\Program Files\Dropbox\Client\win32pipe.pyd
2016-11-11 16:11 - 2016-10-10 10:31 - 00043472 _____ () C:\Program Files\Dropbox\Client\win32process.pyd
2016-11-11 16:11 - 2016-10-10 10:31 - 00048592 _____ () C:\Program Files\Dropbox\Client\win32service.pyd
2016-11-11 16:11 - 2016-10-10 10:31 - 00057808 _____ () C:\Program Files\Dropbox\Client\win32evtlog.pyd
2016-11-11 16:11 - 2016-10-10 10:31 - 00024016 _____ () C:\Program Files\Dropbox\Client\win32profile.pyd
2016-11-11 16:11 - 2016-11-07 16:58 - 00246592 _____ () C:\Program Files\Dropbox\Client\breakpad.client.windows.handler.pyd
2016-11-11 16:11 - 2016-11-07 16:59 - 00026456 _____ () C:\Program Files\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-11-11 16:11 - 2016-10-10 10:30 - 00241104 _____ () C:\Program Files\Dropbox\Client\_jpegtran.pyd
2016-11-11 16:11 - 2016-11-07 16:58 - 00020280 _____ () C:\Program Files\Dropbox\Client\cpuid.compiled._cpuid.pyd
2016-11-11 16:11 - 2016-10-10 10:31 - 00028616 _____ () C:\Program Files\Dropbox\Client\win32ts.pyd
2016-11-11 16:11 - 2016-11-07 16:59 - 00023376 _____ () C:\Program Files\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2016-11-11 16:11 - 2016-11-07 16:59 - 00020800 _____ () C:\Program Files\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-11-11 16:11 - 2016-11-07 16:59 - 00019776 _____ () C:\Program Files\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
2016-11-11 16:11 - 2016-11-07 16:59 - 00020800 _____ () C:\Program Files\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
2016-11-11 16:11 - 2016-10-10 10:31 - 00350152 _____ () C:\Program Files\Dropbox\Client\winxpgui.pyd
2016-11-11 16:11 - 2016-11-07 16:59 - 00022352 _____ () C:\Program Files\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2016-11-11 16:11 - 2016-11-07 16:59 - 00024392 _____ () C:\Program Files\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2016-11-11 16:11 - 2016-10-10 10:27 - 00036296 _____ () C:\Program Files\Dropbox\Client\librsync.dll
2016-11-11 16:11 - 2016-11-07 16:59 - 00084280 _____ () C:\Program Files\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-11-11 16:11 - 2016-11-07 16:59 - 01826096 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtCore.pyd
2016-11-11 16:11 - 2016-10-10 10:29 - 00083912 _____ () C:\Program Files\Dropbox\Client\sip.pyd
2016-11-11 16:11 - 2016-11-07 16:59 - 00531248 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtNetwork.pyd
2016-11-11 16:11 - 2016-11-07 16:59 - 03928880 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWidgets.pyd
2016-11-11 16:11 - 2016-11-07 16:59 - 01972528 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtGui.pyd
2016-11-11 16:11 - 2016-11-07 16:59 - 00133424 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebKit.pyd
2016-11-11 16:11 - 2016-11-07 16:59 - 00224056 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2016-11-11 16:11 - 2016-11-07 16:59 - 00207672 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2016-11-11 16:11 - 2016-11-07 16:59 - 00020288 _____ () C:\Program Files\Dropbox\Client\winffi.user32._winffi_user32.pyd
2016-11-11 16:11 - 2016-10-10 10:33 - 00017864 _____ () C:\Program Files\Dropbox\Client\libEGL.dll
2016-11-11 16:11 - 2016-10-10 10:34 - 01631184 _____ () C:\Program Files\Dropbox\Client\libGLESv2.dll
2016-11-11 16:11 - 2016-11-07 16:59 - 00042808 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebChannel.pyd
2016-11-11 16:11 - 2016-11-07 16:59 - 00168760 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2016-11-11 16:11 - 2016-11-07 16:59 - 00357680 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtQml.pyd
2016-11-11 16:11 - 2016-10-10 10:31 - 00060880 _____ () C:\Program Files\Dropbox\Client\win32print.pyd
2016-11-11 16:11 - 2016-11-07 16:59 - 00024904 _____ () C:\Program Files\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2016-11-11 16:11 - 2016-11-07 16:59 - 00546096 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtQuick.pyd
2007-05-10 23:50 - 2007-05-10 23:50 - 00017024 _____ () C:\Program Files\Adobe\Reader 8.0\Reader\viewerps.dll
2015-06-26 17:39 - 2014-04-21 01:09 - 00150528 ____R () C:\Program Files\MSI\NetworkGenie\gep.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-781923646-3209173807-790831272-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-781923646-3209173807-790831272-1000\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-781923646-3209173807-790831272-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-781923646-3209173807-790831272-1001\...\webcompanion.com -> hxxp://webcompanion.com
IE restricted site: HKU\S-1-5-21-781923646-3209173807-790831272-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-781923646-3209173807-790831272-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-781923646-3209173807-790831272-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-781923646-3209173807-790831272-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-781923646-3209173807-790831272-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-781923646-3209173807-790831272-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-781923646-3209173807-790831272-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-781923646-3209173807-790831272-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-781923646-3209173807-790831272-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-781923646-3209173807-790831272-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-781923646-3209173807-790831272-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-781923646-3209173807-790831272-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-781923646-3209173807-790831272-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-781923646-3209173807-790831272-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-781923646-3209173807-790831272-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-781923646-3209173807-790831272-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-781923646-3209173807-790831272-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-781923646-3209173807-790831272-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-781923646-3209173807-790831272-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-781923646-3209173807-790831272-1001\...\123simsen.com -> www.123simsen.com

There are 7916 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:04 - 2016-06-10 18:28 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-781923646-3209173807-790831272-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\clay\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-781923646-3209173807-790831272-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Ottersea\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1 - 205.171.202.166
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk => C:\Windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk => C:\Windows\pss\Adobe Acrobat Synchronizer.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microtek Scanner Finder.lnk => C:\Windows\pss\Microtek Scanner Finder.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^clay^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk => C:\Windows\pss\Adobe Gamma.lnk.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Photo Downloader => "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Aimersoft Helper Compact.exe => C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
MSCONFIG\startupreg: APSDaemon => "c:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BingSvc => C:\Users\clay\AppData\Local\Microsoft\BingSvc\BingSvc.exe
MSCONFIG\startupreg: Brdefprn => C:\Program Files\Brother\BRHL3070\Brdefprn.exe -d
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: Cmaudio8788 => RunDll32 cmicnfgp.cpl,CMICtrlWnd
MSCONFIG\startupreg: Cmaudio8788GX => C:\Windows\system\HsMgr.exe Envoke
MSCONFIG\startupreg: Command Center => C:\Program Files\MSI\Command Center\StartCommandCenter.exe
MSCONFIG\startupreg: DelaypluginInstall => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe
MSCONFIG\startupreg: Dropbox => "C:\Program Files\Dropbox\Client\Dropbox.exe" /systemstartup
MSCONFIG\startupreg: HydraVisionDesktopManager => "C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe"
MSCONFIG\startupreg: IMSS => "C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" "C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe" 60
MSCONFIG\startupreg: ISCT Tray => C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
MSCONFIG\startupreg: iSkysoft Helper Compact.exe => C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
MSCONFIG\startupreg: ISUSPM => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler
MSCONFIG\startupreg: Live Update => C:\Program Files\MSI\Live Update\Live Update.exe /REMINDER
MSCONFIG\startupreg: MediaFace Integration => C:\Program Files\Fellowes\MediaFACE 5.0\SetHook.exe
MSCONFIG\startupreg: ProductUpdater => C:\Program Files\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
MSCONFIG\startupreg: QuickTime Task => "c:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe" -s
MSCONFIG\startupreg: StartCCC => "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe" MSRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Super Charger => C:\Program Files\MSI\Super Charger\Super Charger.exe
MSCONFIG\startupreg: USB3MON => "C:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{912C58EC-8ECB-4303-BCDA-FDE23351F018}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{A9237781-FE20-4CF9-A7AF-09A38AB1EAC6}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{2B417293-F492-4ABB-9C0C-C233ADCE8ECF}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{390FACA7-98D7-4E30-9EB4-D3ED3A566BB9}] => (Allow) C:\Program Files\Brother\BRAdmin Light\BRAdmLight.exe
FirewallRules: [{E2FA990B-5628-4F1B-B8A7-157FE285A17C}] => (Allow) C:\Program Files\Brother\BRAdmin Light\BRAdmLight.exe
FirewallRules: [{EF996752-8D9D-4048-ACF4-18A4E94D7C7C}] => (Allow) c:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{2E793365-984D-4A13-BDFE-94C5BB9A4D92}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{1E55D3EF-D495-44A0-9551-1E5A613D8179}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{37DC73FB-B9B8-422E-8135-A04C911AE434}] => (Allow) C:\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [{8A8F847E-A2D3-4CF2-99EF-ABAE556D8A0E}] => (Allow) C:\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [{10361E2A-9EF3-4360-8CE7-D838006E762F}] => (Allow) C:\Program Files\Steam\SteamApps\common\Tomb Raider\TombRaider.exe
FirewallRules: [{204B0034-C3CC-4983-961D-9631B5CEFB4D}] => (Allow) C:\Program Files\Steam\SteamApps\common\Tomb Raider\TombRaider.exe
FirewallRules: [{A56168E9-F1B3-4712-AE8D-B0F65B6D6129}] => (Allow) C:\Program Files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [{98A3E2B7-56DC-439D-ABF9-6F9C8121238D}] => (Allow) C:\Program Files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [{FBC8C26B-72B2-4174-B3B5-055C27FA6B8F}] => (Allow) C:\Users\clay\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{04A20F7D-D538-4AFE-A287-6CF087E9BA06}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{37A13CE4-5AD0-448F-B36A-0BFBE0517BD4}] => (Allow) LPort=2869
FirewallRules: [{806230B5-4CAB-44CD-94AF-E1FCA03AA6CE}] => (Allow) LPort=1900
FirewallRules: [{2D157825-AB7E-4674-98E9-2CA326118CAA}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{40866BA8-E8CA-4ABE-AB2B-17C0B838744C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{5278F079-6B94-40AD-8DAE-6140A3A8E503}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{AF51ABD0-7293-4843-AEED-4EA6A0FD6B55}G:\simplisafewizard.exe] => (Allow) G:\simplisafewizard.exe
FirewallRules: [UDP Query User{D0D16C37-348A-40D9-87BA-C7F2119D1CA2}G:\simplisafewizard.exe] => (Allow) G:\simplisafewizard.exe
FirewallRules: [{23498A66-5C22-4CDC-86D3-CF76C73A70CA}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{633D9F3F-B4A1-4DB7-AEA5-8EB9B51A378A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{FC1DA6A2-F3F7-455C-A8B3-E3138F1E1CC8}] => (Allow) C:\Program Files\Dropbox\Client\Dropbox.exe
FirewallRules: [TCP Query User{589328A6-9872-49E1-A596-145BF6F494D0}C:\program files\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{E79967BD-CE6A-4DC2-BA3B-55796835758B}C:\program files\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [{CF4BAF8A-BC84-4B9E-9168-D3045FCE34E6}] => (Block) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [{20D57A38-2C95-48CE-A7BF-6EC747078505}] => (Block) C:\program files\epson software\event manager\eeventmanager.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

16-11-2016 12:42:07 Scheduled Checkpoint
24-11-2016 07:42:30 Scheduled Checkpoint
28-11-2016 00:00:24 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/28/2016 12:45:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/28/2016 12:45:13 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Error: (11/28/2016 12:29:09 PM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost (5280) WebCacheLocal: An attempt to open the file "C:\Users\Ottersea\AppData\Local\Microsoft\Windows\WebCache\V01.chk" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (11/28/2016 12:28:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/28/2016 12:27:58 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Error: (11/28/2016 12:25:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/28/2016 12:24:24 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Error: (11/28/2016 10:55:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/28/2016 10:54:52 AM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Error: (11/28/2016 08:06:54 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (11/29/2016 02:11:32 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (11/28/2016 12:45:07 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x00000003, 0x889c9d28, 0x889c9e94, 0x836559d0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 112816-13837-01.

Error: (11/28/2016 12:45:05 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:42:42 PM on ‎11/‎28/‎2016 was unexpected.

Error: (11/28/2016 12:27:51 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007a (0xc048b8d0, 0xc000000e, 0x75ff7860, 0x9171afb4). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 112816-15522-01.

Error: (11/28/2016 12:27:51 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:25:58 PM on ‎11/‎28/‎2016 was unexpected.

Error: (11/28/2016 10:54:47 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007a (0xc0604000, 0xc000000e, 0x5e944880, 0xc080000c). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 112816-14211-01.

Error: (11/28/2016 10:54:46 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:52:21 AM on ‎11/‎28/‎2016 was unexpected.

Error: (11/28/2016 08:05:34 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007a (0x00000020, 0xc000009d, 0x87264044, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 112816-19874-01.

Error: (11/28/2016 08:05:33 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:04:39 AM on ‎11/‎28/‎2016 was unexpected.

Error: (11/28/2016 08:00:52 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007a (0xc0604000, 0xc000000e, 0x7d736880, 0xc0800000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 112816-20810-01.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4570 CPU @ 3.20GHz
Percentage of memory in use: 72%
Total physical RAM: 2760 MB
Available physical RAM: 754.96 MB
Total Virtual: 6898.32 MB
Available Virtual: 3463.14 MB

==================== Drives ================================

Drive c: (Sata 3) (Fixed) (Total:931.51 GB) (Free:736.08 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Sata 2) (Fixed) (Total:465.76 GB) (Free:194.16 GB) NTFS
Drive e: (Sata 1) (Fixed) (Total:465.76 GB) (Free:399.79 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 476E15E9)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 280AAAAC)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 1CF51CF5)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
ottersea
Regular Member
 
Posts: 41
Joined: December 13th, 2010, 1:47 pm

Re: Computer locks up and now getting BSOD

Unread postby mAL_rEm018 » November 30th, 2016, 1:35 am

Hello ottersea,

Please answer the following question..
  • Is this computer used for any type of business purposes?

Please run the following scans..


TSG-SysInfo
  • Please download and save the following tool to your Desktop: Link.
  • Right-click on SysInfo.exe and select "Run as Administrator" to run it...if UAC prompts, please allow it.
  • A window entitled TSG SysInfo will open. Please copy/paste the highlighted text in your next reply.


MGA Diagnostics
  • Please download and save the following tool to your Desktop: Link.
  • Right-click on MGADiag.exe and select "Run as Administrator" to run it...if UAC prompts, please allow it.
  • Select Continue. The diagnosis will now begin.
  • When the process is over, click Copy.
  • Open Notepad and paste the contents.
  • Save this file as MGADiag.txt.
  • Post the content on MGADiag.txt in your next reply.


CKScanner
  • Please download following tool to your Desktop: Link
  • Right-Click on CKScanner.exe and select "Run as Administrator" to run it...if UAC prompts, please allow it.
  • Select Search For Files
  • When the scan in finished, click on Save List To File.
  • Open CKFiles.txt on your desktop and post the contents in your next reply.
    Only run CKScanner.exe once.


-----------------------------------------
In your next reply, I would like to see..
  • Answer to my question.
  • TSG-SysInfo log
  • MGADiag.txt
  • CKFiles.txt

    Please post each log separately to prevent it being cut off by the forum post size limiter.
    Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....
User avatar
mAL_rEm018
MRU Teacher
MRU Teacher
 
Posts: 1591
Joined: November 11th, 2013, 6:26 pm
Location: Canada

Re: Computer locks up and now getting BSOD

Unread postby ottersea » November 30th, 2016, 8:27 pm

mAL

Other then some odds and ends that I sell from time to time on ebay I do not do any business on this computer. It is really just something to get rid of some stuff I have around

Sysinfo

Tech Support Guy System Info Utility version 1.0.0.4
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 32 bit
Processor: Intel(R) Core(TM) i5-4570 CPU @ 3.20GHz, x64 Family 6 Model 60 Stepping 3
Processor Count: 4
RAM: 2760 Mb
Graphics Card: Intel(R) HD Graphics 4600, 1024 Mb
Hard Drives: C: 931 GB (734 GB Free); D: 465 GB (194 GB Free); E: 465 GB (399 GB Free);
Motherboard: MSI, B85-G41 PC Mate(MS-7850)
Antivirus: Avast Antivirus, Enabled and Updated

MGADiags.txt file

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-CHMVV-6FTDC-BG86W
Windows Product Key Hash: BTe/iUPmER1XMFbjbE189nLlz4s=
Windows Product ID: 00359-OEM-8703897-28606
Windows Product ID Type: 3
Windows License Type: OEM System Builder
Windows OS version: 6.1.7601.2.00010300.1.0.003
ID: {0B59A01B-B1B4-4A00-8198-415317369C80}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Premium
Architecture: 0x00000000
Build lab: 7601.win7sp1_ldr.161007-0600
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: localhost:21320
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->
File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\wat\npwatweb.dll[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\wat\watux.exe[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\wat\watweb.dll[Hr = 0x80070003]

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{0B59A01B-B1B4-4A00-8198-415317369C80}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-BG86W</PKey><PID>00359-OEM-8703897-28606</PID><PIDType>3</PIDType><SID>S-1-5-21-781923646-3209173807-790831272</SID><SYSTEM><Manufacturer>MSI</Manufacturer><Model>MS-7850</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>V2.8</Version><SMBIOSVersion major="2" minor="8"/><Date>20140717000000.000000+000</Date></BIOS><HWID>69123A07018400F4</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, HomePremium edition
Description: Windows Operating System - Windows(R) 7, OEM_COA_NSLP channel
Activation ID: 586bc076-c93d-429a-afe5-a69fbc644e88
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00359-00174-038-928606-02-1033-7601.0000-1782015
Installation ID: 016825932612703105106514398311928285720464110784525584
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: BG86W
License Status: Licensed
Remaining Windows rearm count: 3
Trusted time: 11/30/2016 6:18:42 PM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: N/A
HealthStatus: 0x0000000000000000
Event Time Stamp: N/A
ActiveX: Not Registered - 0x80040154
Admin Service: Not Registered - 0x80040154
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: MgAAAAEAAgABAAIAAAADAAAAAQABAAEAeqgGWwTvQDfCG3JZ+mgCnmI9ejk8pRY4yPY=

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes, but no SLIC table
Windows marker version: N/A
OEMID and OEMTableID Consistent: N/A
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC ALASKA A M I
FACP ALASKA A M I
HPET ALASKA A M I
MCFG ALASKA A M I
FPDT ALASKA A M I
SSDT PmRef Cpu0Ist
SSDT PmRef Cpu0Ist
SSDT PmRef Cpu0Ist
SSDT PmRef Cpu0Ist
ASF! INTEL HCG
DMAR INTEL HSW
SSDT PmRef Cpu0Ist


CKFiles

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\program files\gimp 2\share\gimp\2.0\patterns\cracked.pat
c:\windows.old\program files\gimp 2\share\gimp\2.0\patterns\cracked.pat
scanner sequence 3.AA.11.IQAPHZ
----- EOF -----
ottersea
Regular Member
 
Posts: 41
Joined: December 13th, 2010, 1:47 pm

Re: Computer locks up and now getting BSOD

Unread postby mAL_rEm018 » December 1st, 2016, 10:11 pm

Hello ottersea,

My apologies for the delay.. I am currently consulting my peers about one of your logs and I will have a reply ready for you as soon as possible.

Thank you for your understanding,

mAL
User avatar
mAL_rEm018
MRU Teacher
MRU Teacher
 
Posts: 1591
Joined: November 11th, 2013, 6:26 pm
Location: Canada

Re: Computer locks up and now getting BSOD

Unread postby mAL_rEm018 » December 2nd, 2016, 1:02 pm

Hello ottersea,

Thank you for your patience. Can you tell me your computer's make and model?
User avatar
mAL_rEm018
MRU Teacher
MRU Teacher
 
Posts: 1591
Joined: November 11th, 2013, 6:26 pm
Location: Canada

Re: Computer locks up and now getting BSOD

Unread postby ottersea » December 2nd, 2016, 1:23 pm

This is a home built computer. The motherboard is a MSI B85-G41 PC MATE.
ottersea
Regular Member
 
Posts: 41
Joined: December 13th, 2010, 1:47 pm

Re: Computer locks up and now getting BSOD

Unread postby Gary R » December 3rd, 2016, 2:22 am

Cracked - Illegal Software

May I draw your attention to the topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST, which you should have read before posting for help. The section here explains why we bring this to your attention.

If you wish to receive help from us, you must remove any and all of the following from your computer:
  • Illegal software
  • Cracked software
  • illegal software key generators

Once the software and/or keygens have been removed, if you still need help, please start a new thread... include a link to your closed topic and include NEW FRST logs :
  • FRST.txt.
  • Addition.txt.
  • Details of the problems you're experiencing.
Wait for a new helper. Do not reply to your topic before a helper has replied.

This topic is now closed.
User avatar
Gary R
Administrator
Administrator
 
Posts: 23255
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 71 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware