Solved Laptop HD continual Spinning for 2 days now

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

SpinningHD

Thread Starter
Joined
Mar 29, 2016
Messages
8
Hello,
Not really sure where to put this thread and don't know what's wrong with my machine.
For the past 2 days the Hard Drive never stops whirling and spinning. This is not normal.
Task Manager shows system idle is in the 90's and the computer isn't running anything - Even when there is no browser opened, the HD continues to spin and spin and the laptop gets very hot and SLOW.
Any ideas on how to fix this?

oops, here is the info requested:

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Pentium(R) CPU B950 @ 2.10GHz, Intel64 Family 6 Model 42 Stepping 7
Processor Count: 2
RAM: 5984 Mb
Graphics Card: Intel(R) HD Graphics Family, -1231 Mb
Hard Drives: C: Total - 700302 MB, Free - 621449 MB;
Motherboard: Gateway, NV47H
Antivirus: Microsoft Security Essentials, Updated and Enabled

Thanks in advance for any help you can offer.
 
Last edited:

askey127

Malware Specialist
Joined
Dec 22, 2006
Messages
3,721
Hi Spinning HD,
First, tell me whether you have interest in changing to Windows 10.
Sometimes the "upgrade" nag systems can keep the disk spinning.
----------------------------------------------
Download and Run Temp File Cleaner (TFC.exe)
Download Temp File Cleaner and save it to your desktop.
You might want to Save any unsaved work. TFC will close ALL open programs... including your browser!
Right click the TFC icon and choose Run as administrator.
If you have a lot of junk files to remove, it could take a while, so please be patient and let it finish.
When it's done, it will report the total size of files removed. If it asks to Reboot, choose to do so. This will remove files that could not be removed while Windows was running.
After Restart, log back in to your usual account.
You can keep TFC on your desktop and run it every week or two to clean out excessive temporary files. It does usually require a restart.

-----------------------------------------------------------
Download and Run the Farbar Scan Tool
  • Download FRST64 and save to your Desktop.
  • Double click Frst64.exe to launch it.
  • FRST64 will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press the Scan button.
    • When finished scanning, 2 logs will open on your Desktop, FRST.txt and Addition.txt
    • Please post them in your next reply.
If you lose track of them, they will be saved in the same location as FRST64.exe
Feel free to use separate replies if it's more convenient.

askey127
 

SpinningHD

Thread Starter
Joined
Mar 29, 2016
Messages
8
Hi, thanks for your help.
Noooo interest in upgrading to Win10. I have already turned off the icon popup in my taskbar for it (GWX). I did that last year. The spinning has only begun the past few days.

Ok I did the first download and clean with TFC - it did not ask me to reboot, but perhaps that's because I use CCleaner regularly to keep my machine tidy?
This was the final outcome of the TFC
Getting user folders.
Stopping running processes.
Emptying Temp folders.
User: All Users
User: CaroWan
->Temp folder emptied: 180624128 bytes
->Temporary Internet Files folder emptied: 575137 bytes
->Java cache emptied: 497261 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 506 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1715730 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 32475273 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 765 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
Emptying RecycleBin. Do not interrupt.
RecycleBin emptied: 25733352 bytes
Process complete!
Total Files Cleaned = 230.00 mb​

I will go do the other one now and return here once that's been completed.
 

SpinningHD

Thread Starter
Joined
Mar 29, 2016
Messages
8
Ok, that was quick..
Here is the first txt for FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by CaroWan (administrator) on LONERANGER (30-03-2016 21:21:36)
Running from C:\Users\CaroWan\Desktop
Loaded Profiles: CaroWan (Available Profiles: CaroWan)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Users\CaroWan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\CaroWan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\CaroWan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\CaroWan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\CaroWan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\CaroWan\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11855976 2011-05-17] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2392360 2010-10-08] (Synaptics Incorporated)
HKLM\...\Run: [Power Management] => C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe [1831528 2011-05-10] (Acer Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-527852487-919982166-2207449301-1001] => localhost:8080
Tcpip\Parameters: [DhcpNameServer] 24.222.0.94 24.222.0.95
Tcpip\..\Interfaces\{1F52D684-9CBC-4955-91D6-0E5D1D373243}: [DhcpNameServer] 24.53.80.50 24.53.80.32
Tcpip\..\Interfaces\{3B387C03-3C4F-494B-BE44-631493A60814}: [DhcpNameServer] 24.222.0.94 24.222.0.95

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-527852487-919982166-2207449301-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-527852487-919982166-2207449301-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ft111.com/
HKU\S-1-5-21-527852487-919982166-2207449301-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-527852487-919982166-2207449301-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll [2016-03-29] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-03-29] (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll [2013-12-05] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-03-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-03-29] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @rim.com/npappworld -> C:\Program Files (x86)\Research In Motion Limited\BlackBerry World Browser Plugin\npappworld.dll [2014-03-03] ()
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2012-12-13] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-12-12] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-527852487-919982166-2207449301-1001: @tools.google.com/Google Update;version=3 -> C:\Users\CaroWan\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-527852487-919982166-2207449301-1001: @tools.google.com/Google Update;version=9 -> C:\Users\CaroWan\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)

Chrome:
=======
CHR StartupUrls: Profile 1 -> "hxxp://www.ft111.com/"
CHR Profile: C:\Users\CaroWan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\CaroWan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-04]
CHR Extension: (Google Docs) - C:\Users\CaroWan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\CaroWan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-19]
CHR Extension: (YouTube) - C:\Users\CaroWan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-19]
CHR Extension: (Google Search) - C:\Users\CaroWan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-19]
CHR Extension: (Google Sheets) - C:\Users\CaroWan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-04]
CHR Extension: (Google Docs Offline) - C:\Users\CaroWan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-19]
CHR Extension: (AVG Web TuneUp) - C:\Users\CaroWan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkmdocpbnblchppecickbipihlkehdfg [2016-01-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\CaroWan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-19]
CHR Extension: (Gmail) - C:\Users\CaroWan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-01]
CHR Profile: C:\Users\CaroWan\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\CaroWan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-16]
CHR Extension: (Google Docs) - C:\Users\CaroWan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-16]
CHR Extension: (Google Drive) - C:\Users\CaroWan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (YouTube) - C:\Users\CaroWan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\CaroWan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Sheets) - C:\Users\CaroWan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-16]
CHR Extension: (Google Docs Offline) - C:\Users\CaroWan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\CaroWan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-22]
CHR Extension: (Gmail) - C:\Users\CaroWan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
StartMenuInternet: Google Chrome - C:\Users\CaroWan\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [585728 2014-03-18] (BlackBerry Limited) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe [257344 2011-03-09] (NTI Corporation)
S2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2266160 2016-03-03] (IBM Corp.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [209720 2014-11-04] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2014-10-17] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-30] (AVG Technologies)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [36600 2014-08-18] (Riverbed Technology, Inc.)
S3 OV550I; C:\Windows\System32\Drivers\FilmScan.sys [196992 2008-02-21] (Omnivision Technologies, Inc.)
R1 RapportCerberus_1507082; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1507082.sys [972896 2016-03-29] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [514336 2016-03-03] (IBM Corp.)
R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [152320 2016-03-03] (IBM Corp.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [407168 2016-03-03] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [507424 2016-03-03] (IBM Corp.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2013-12-02] (BlackBerry Limited)
S3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [17920 2014-06-23] (Research in Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R1 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [316168 2015-12-24] (Trend Micro Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-11-08] ()

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-30 21:21 - 2016-03-30 21:22 - 00017148 _____ C:\Users\CaroWan\Desktop\FRST.txt
2016-03-30 21:20 - 2016-03-30 21:21 - 02374144 _____ (Farbar) C:\Users\CaroWan\Desktop\FRST64.exe
2016-03-30 21:11 - 2016-03-30 21:11 - 00448512 _____ (OldTimer Tools) C:\Users\CaroWan\Desktop\TFC.exe
2016-03-30 03:26 - 2016-03-30 03:26 - 00000000 ____D C:\Program Files\WinPcap
2016-03-30 02:40 - 2016-03-30 02:40 - 00583219 _____ C:\Users\CaroWan\AppData\Local\census.cache
2016-03-30 02:39 - 2016-03-30 02:39 - 00185386 _____ C:\Users\CaroWan\AppData\Local\ars.cache
2016-03-30 02:17 - 2016-03-30 02:17 - 00000010 _____ C:\Users\CaroWan\AppData\Local\sponge.last.runtime.cache
2016-03-30 02:07 - 2016-03-30 02:07 - 00000000 ____D C:\ProgramData\Trend Micro
2016-03-30 01:53 - 2015-12-24 08:03 - 00316168 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2016-03-30 01:52 - 2016-03-30 01:52 - 00000036 _____ C:\Users\CaroWan\AppData\Local\housecall.guid.cache
2016-03-30 01:51 - 2016-03-30 01:51 - 02527376 _____ (Trend Micro Inc.) C:\Users\CaroWan\Desktop\HousecallLauncher64.exe
2016-03-29 21:17 - 2016-03-29 21:17 - 00000000 ____D C:\Users\CaroWan\AppData\Local\ElevatedDiagnostics
2016-03-29 20:14 - 2016-03-29 20:14 - 00509440 _____ (Tech Support Guy System) C:\Users\CaroWan\Desktop\SysInfo.exe
2016-03-29 18:19 - 2016-02-02 13:57 - 00511488 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2016-03-29 18:19 - 2016-02-01 14:08 - 00114624 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-03-29 18:19 - 2016-02-01 13:59 - 03243008 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-03-29 18:19 - 2016-02-01 13:59 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-03-29 18:19 - 2016-02-01 13:59 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-03-29 18:19 - 2016-02-01 13:56 - 01940992 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-03-29 18:19 - 2016-02-01 13:56 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-03-29 18:19 - 2016-02-01 13:49 - 02364928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-03-29 18:19 - 2016-02-01 13:49 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2016-03-29 18:19 - 2016-02-01 13:49 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2016-03-29 18:19 - 2016-02-01 13:45 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-03-29 18:19 - 2016-01-20 19:51 - 00073664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2016-03-29 18:18 - 2015-08-05 12:56 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2016-03-29 18:18 - 2015-08-05 12:06 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2016-03-29 18:17 - 2016-02-05 13:56 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\tbs.dll
2016-03-29 18:17 - 2016-02-05 13:54 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
2016-03-29 18:17 - 2016-02-05 12:33 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tbs.dll
2016-03-29 18:17 - 2015-06-03 15:21 - 00451080 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2016-03-29 18:06 - 2015-12-16 13:55 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2016-03-29 18:06 - 2015-12-16 13:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
2016-03-29 18:06 - 2015-12-16 13:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
2016-03-29 18:06 - 2015-12-16 13:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
2016-03-29 18:06 - 2015-12-16 13:48 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
2016-03-29 18:06 - 2015-12-16 13:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
2016-03-29 18:06 - 2015-12-16 13:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
2016-03-29 18:06 - 2015-12-16 13:47 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
2016-03-29 13:39 - 2016-03-29 13:39 - 00119168 _____ C:\Users\CaroWan\AppData\Local\GDIPFONTCACHEV1.DAT
2016-03-29 13:37 - 2016-03-29 21:05 - 00438432 _____ C:\Windows\system32\FNTCACHE.DAT
2016-03-29 02:31 - 2016-03-29 02:31 - 00599372 _____ C:\Users\CaroWan\Desktop\Blocking Curses - Les D Crause.pdf
2016-03-16 17:22 - 2016-03-16 17:22 - 02482160 _____ C:\Users\CaroWan\Desktop\The Way of theAnointing DOUBLE PORTION - Colette Toach.pdf
2016-03-16 17:12 - 2016-03-30 21:03 - 02970831 _____ C:\Users\CaroWan\Desktop\Practical Prophetic Ministry -Colette Toach.pdf
2016-03-15 16:23 - 2016-03-29 14:00 - 00000000 ____D C:\Users\CaroWan\.oracle_jre_usage
2016-03-12 04:07 - 2016-03-12 04:07 - 00069210 _____ C:\Users\CaroWan\Desktop\Encountering Alter during Ministry or Deliverance.pdf
2016-03-09 23:19 - 2016-03-09 23:19 - 00000000 ____D C:\Users\CaroWan\AppData\Local\{966C5632-171E-4190-BE22-4803BA732854}
2016-03-09 11:09 - 2016-02-12 13:52 - 03169792 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-03-09 11:09 - 2016-02-12 13:52 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-03-09 11:09 - 2016-02-12 13:52 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-03-09 11:09 - 2016-02-12 13:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-03-09 11:09 - 2016-02-12 13:39 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-03-09 11:09 - 2016-02-12 13:22 - 02610688 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-03-09 11:09 - 2016-02-12 13:19 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-03-09 11:09 - 2016-02-12 13:18 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-03-09 11:09 - 2016-02-12 13:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-03-09 11:09 - 2016-02-12 13:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-03-09 11:09 - 2016-02-12 13:18 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-03-09 11:09 - 2016-02-12 13:18 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-03-09 11:09 - 2016-02-12 13:06 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-03-09 11:09 - 2016-02-12 13:05 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-03-09 11:09 - 2016-02-12 13:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-03-09 11:09 - 2016-02-12 13:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-03-09 11:09 - 2016-02-04 12:52 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-03-09 11:09 - 2016-01-11 14:11 - 01684416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2016-03-09 11:09 - 2015-11-19 09:07 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-03-09 11:09 - 2015-11-19 09:07 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-03-09 11:09 - 2015-11-19 09:07 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-03-09 11:09 - 2015-11-19 09:07 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-03-09 11:09 - 2015-11-19 09:07 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-03-09 11:09 - 2015-11-19 09:07 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-03-09 11:09 - 2015-11-19 09:07 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-03-09 11:09 - 2015-11-19 09:07 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-03-09 11:09 - 2015-11-19 09:07 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-03-09 11:09 - 2015-11-19 09:07 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-03-09 11:09 - 2015-11-19 09:07 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-03-09 11:09 - 2015-11-19 09:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-03-09 11:09 - 2015-11-19 09:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-03-09 11:09 - 2015-11-19 09:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-03-09 11:09 - 2015-11-19 09:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-03-09 11:09 - 2015-11-19 09:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-03-09 11:09 - 2015-11-19 09:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-03-09 11:09 - 2015-11-19 09:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-03-09 11:09 - 2015-11-19 09:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-03-09 11:09 - 2015-11-19 09:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-03-09 11:09 - 2015-11-19 09:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-03-09 11:09 - 2015-11-19 09:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-03-09 11:09 - 2015-11-19 09:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2016-03-09 11:09 - 2015-11-19 09:06 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2016-03-09 11:09 - 2015-11-19 09:06 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-03-09 11:09 - 2015-11-19 09:06 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-03-09 11:09 - 2015-11-19 09:06 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-03-09 11:09 - 2015-11-19 09:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-03-09 11:09 - 2015-11-19 09:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-03-09 11:09 - 2015-11-19 09:06 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-03-09 11:09 - 2015-11-19 09:06 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-03-09 11:09 - 2015-11-19 09:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-03-09 11:09 - 2015-11-19 09:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2016-03-09 11:09 - 2015-11-19 09:06 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-03-09 11:09 - 2015-11-19 09:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-03-09 11:09 - 2015-11-19 09:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-03-09 11:09 - 2015-11-19 09:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-03-09 11:09 - 2015-11-19 09:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-03-09 11:09 - 2015-11-19 09:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-03-09 11:09 - 2015-11-19 09:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-03-09 11:09 - 2015-11-19 09:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2016-03-09 11:09 - 2015-11-19 09:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2016-03-09 11:09 - 2015-11-19 09:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2016-03-09 11:09 - 2015-11-19 09:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2016-03-09 11:09 - 2015-11-19 09:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2016-03-09 11:09 - 2015-11-19 09:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2016-03-09 11:08 - 2016-02-09 01:10 - 00341200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-03-09 11:08 - 2016-02-08 16:05 - 20352512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-03-09 11:08 - 2016-02-08 15:39 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-03-09 11:08 - 2016-02-08 15:38 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-03-09 11:08 - 2016-02-08 15:34 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-03-09 11:08 - 2016-02-08 15:31 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-03-09 11:08 - 2016-02-08 15:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-03-09 11:08 - 2016-02-08 15:15 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-03-09 11:08 - 2016-02-08 15:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-03-09 11:08 - 2016-02-08 15:11 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-03-09 11:08 - 2016-02-08 15:10 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-03-09 11:08 - 2016-02-08 15:02 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-03-09 11:08 - 2016-02-08 14:39 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-03-09 11:08 - 2016-02-08 13:41 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-03-09 11:08 - 2016-02-08 13:27 - 02887680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-03-09 11:08 - 2016-02-08 13:26 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-03-09 11:08 - 2016-02-08 13:18 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-03-09 11:08 - 2016-02-08 13:14 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-03-09 11:08 - 2016-02-08 12:55 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-03-09 11:08 - 2016-02-08 12:54 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-03-09 11:08 - 2016-02-08 12:35 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-03-09 11:08 - 2016-02-03 13:58 - 00862208 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-03-09 11:08 - 2016-02-03 13:52 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-03-09 11:08 - 2016-02-03 13:49 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-03-09 11:08 - 2016-02-03 13:43 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-03-09 11:08 - 2016-02-03 13:07 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2016-03-09 11:07 - 2016-02-09 01:53 - 00387792 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-03-09 11:07 - 2016-02-08 15:51 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-03-09 11:07 - 2016-02-08 15:39 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-03-09 11:07 - 2016-02-08 15:38 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-03-09 11:07 - 2016-02-08 15:37 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-03-09 11:07 - 2016-02-08 15:32 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-03-09 11:07 - 2016-02-08 15:30 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-03-09 11:07 - 2016-02-08 15:28 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-03-09 11:07 - 2016-02-08 15:28 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-03-09 11:07 - 2016-02-08 15:28 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-03-09 11:07 - 2016-02-08 15:20 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-03-09 11:07 - 2016-02-08 15:13 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-03-09 11:07 - 2016-02-08 15:10 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-03-09 11:07 - 2016-02-08 15:05 - 25816576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-03-09 11:07 - 2016-02-08 15:03 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-03-09 11:07 - 2016-02-08 15:02 - 13012480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-03-09 11:07 - 2016-02-08 15:01 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-03-09 11:07 - 2016-02-08 15:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-03-09 11:07 - 2016-02-08 14:43 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-03-09 11:07 - 2016-02-08 14:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-03-09 11:07 - 2016-02-08 13:41 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-03-09 11:07 - 2016-02-08 13:27 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-03-09 11:07 - 2016-02-08 13:26 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-03-09 11:07 - 2016-02-08 13:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-03-09 11:07 - 2016-02-08 13:26 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-03-09 11:07 - 2016-02-08 13:19 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-03-09 11:07 - 2016-02-08 13:16 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-03-09 11:07 - 2016-02-08 13:15 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-03-09 11:07 - 2016-02-08 13:14 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-03-09 11:07 - 2016-02-08 13:13 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-03-09 11:07 - 2016-02-08 13:13 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-03-09 11:07 - 2016-02-08 13:06 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-03-09 11:07 - 2016-02-08 13:03 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-03-09 11:07 - 2016-02-08 12:52 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-03-09 11:07 - 2016-02-08 12:51 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-03-09 11:07 - 2016-02-08 12:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-03-09 11:07 - 2016-02-08 12:47 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-03-09 11:07 - 2016-02-08 12:37 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-03-09 11:07 - 2016-02-08 12:34 - 00798720 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-03-09 11:07 - 2016-02-08 12:33 - 14613504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-03-09 11:07 - 2016-02-08 12:33 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-03-09 11:07 - 2016-02-08 12:33 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-03-09 11:07 - 2016-02-08 12:19 - 02597376 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-03-09 11:07 - 2016-02-08 12:07 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-03-09 11:07 - 2016-02-08 11:55 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-03-09 11:04 - 2016-02-11 13:56 - 05572032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-03-09 11:04 - 2016-02-11 13:56 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-03-09 11:04 - 2016-02-11 13:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-03-09 11:04 - 2016-02-11 13:52 - 01733592 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-03-09 11:04 - 2016-02-11 13:49 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-03-09 11:04 - 2016-02-11 13:49 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-03-09 11:04 - 2016-02-11 13:49 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-03-09 11:04 - 2016-02-11 13:49 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-03-09 11:04 - 2016-02-11 13:49 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-03-09 11:04 - 2016-02-11 13:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-03-09 11:04 - 2016-02-11 13:49 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-03-09 11:04 - 2016-02-11 13:49 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-03-09 11:04 - 2016-02-11 13:48 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-03-09 11:04 - 2016-02-11 13:48 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-03-09 11:04 - 2016-02-11 13:48 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-03-09 11:04 - 2016-02-11 13:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-03-09 11:04 - 2016-02-11 13:48 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-03-09 11:04 - 2016-02-11 13:47 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-03-09 11:04 - 2016-02-11 13:45 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-03-09 11:04 - 2016-02-11 13:45 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-03-09 11:04 - 2016-02-11 13:45 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-03-09 11:04 - 2016-02-11 13:45 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-03-09 11:04 - 2016-02-11 13:44 - 03994560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-03-09 11:04 - 2016-02-11 13:44 - 03938240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-03-09 11:04 - 2016-02-11 13:44 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-03-09 11:04 - 2016-02-11 13:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-03-09 11:04 - 2016-02-11 13:44 - 00730112 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-03-09 11:04 - 2016-02-11 13:44 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-03-09 11:04 - 2016-02-11 13:42 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-03-09 11:04 - 2016-02-11 13:42 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-03-09 11:04 - 2016-02-11 13:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-03-09 11:04 - 2016-02-11 13:41 - 01314328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-03-09 11:04 - 2016-02-11 13:41 - 00880128 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-03-09 11:04 - 2016-02-11 13:41 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-03-09 11:04 - 2016-02-11 13:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-03-09 11:04 - 2016-02-11 13:41 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-03-09 11:04 - 2016-02-11 13:41 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-03-09 11:04 - 2016-02-11 13:41 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-03-09 11:04 - 2016-02-11 13:41 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-03-09 11:04 - 2016-02-11 13:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-03-09 11:04 - 2016-02-11 13:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-03-09 11:04 - 2016-02-11 13:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-03-09 11:04 - 2016-02-11 13:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-03-09 11:04 - 2016-02-11 13:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-03-09 11:04 - 2016-02-11 13:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-03-09 11:04 - 2016-02-11 13:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-03-09 11:04 - 2016-02-11 13:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-03-09 11:04 - 2016-02-11 13:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-03-09 11:04 - 2016-02-11 13:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-03-09 11:04 - 2016-02-11 13:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-03-09 11:04 - 2016-02-11 13:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-03-09 11:04 - 2016-02-11 13:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-03-09 11:04 - 2016-02-11 13:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-03-09 11:04 - 2016-02-11 13:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-03-09 11:04 - 2016-02-11 13:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-03-09 11:04 - 2016-02-11 13:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-03-09 11:04 - 2016-02-11 13:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-03-09 11:04 - 2016-02-11 13:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-03-09 11:04 - 2016-02-11 13:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-03-09 11:04 - 2016-02-11 13:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-03-09 11:04 - 2016-02-11 13:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-03-09 11:04 - 2016-02-11 13:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-03-09 11:04 - 2016-02-11 13:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-03-09 11:04 - 2016-02-11 13:38 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-03-09 11:04 - 2016-02-11 13:38 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-03-09 11:04 - 2016-02-11 13:38 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-03-09 11:04 - 2016-02-11 13:38 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-03-09 11:04 - 2016-02-11 13:38 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-03-09 11:04 - 2016-02-11 13:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-03-09 11:04 - 2016-02-11 13:38 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-03-09 11:04 - 2016-02-11 13:37 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-03-09 11:04 - 2016-02-11 13:37 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-03-09 11:04 - 2016-02-11 13:37 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-03-09 11:04 - 2016-02-11 13:35 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-03-09 11:04 - 2016-02-11 13:35 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-03-09 11:04 - 2016-02-11 13:35 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-03-09 11:04 - 2016-02-11 13:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-03-09 11:04 - 2016-02-11 13:33 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-03-09 11:04 - 2016-02-11 13:31 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-03-09 11:04 - 2016-02-11 13:30 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-03-09 11:04 - 2016-02-11 13:30 - 00642560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-03-09 11:04 - 2016-02-11 13:30 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-03-09 11:04 - 2016-02-11 13:30 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-03-09 11:04 - 2016-02-11 13:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-03-09 11:04 - 2016-02-11 13:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-03-09 11:04 - 2016-02-11 13:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-03-09 11:04 - 2016-02-11 13:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-03-09 11:04 - 2016-02-11 13:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-03-09 11:04 - 2016-02-11 13:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-03-09 11:04 - 2016-02-11 13:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-03-09 11:04 - 2016-02-11 13:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-03-09 11:04 - 2016-02-11 13:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-03-09 11:04 - 2016-02-11 13:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-03-09 11:04 - 2016-02-11 13:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-03-09 11:04 - 2016-02-11 13:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-03-09 11:04 - 2016-02-11 13:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-03-09 11:04 - 2016-02-11 13:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-03-09 11:04 - 2016-02-11 13:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-03-09 11:04 - 2016-02-11 13:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-03-09 11:04 - 2016-02-11 13:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-03-09 11:04 - 2016-02-11 13:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-03-09 11:04 - 2016-02-11 13:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-03-09 11:04 - 2016-02-11 13:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-03-09 11:04 - 2016-02-11 13:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-03-09 11:04 - 2016-02-11 13:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-03-09 11:04 - 2016-02-11 13:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-03-09 11:04 - 2016-02-11 12:48 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-03-09 11:04 - 2016-02-11 12:43 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-03-09 11:04 - 2016-02-11 12:41 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-03-09 11:04 - 2016-02-11 12:40 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-03-09 11:04 - 2016-02-11 12:34 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-03-09 11:04 - 2016-02-11 12:34 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-03-09 11:04 - 2016-02-11 12:33 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-03-09 11:04 - 2016-02-11 12:32 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-03-09 11:04 - 2016-02-11 12:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-03-09 11:04 - 2016-02-11 12:32 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-03-09 11:04 - 2016-02-11 12:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-03-09 11:04 - 2016-02-11 12:32 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-03-09 11:04 - 2016-02-11 12:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-03-09 11:04 - 2016-02-11 12:31 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-03-09 11:04 - 2016-02-11 12:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-03-09 11:04 - 2016-02-11 12:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-03-09 11:04 - 2016-02-11 12:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-03-09 11:04 - 2016-02-11 12:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-03-09 11:02 - 2016-02-19 14:02 - 00038336 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-03-09 11:02 - 2016-02-19 13:54 - 01168896 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-03-09 11:02 - 2016-02-19 09:07 - 01373184 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-03-09 11:02 - 2016-02-11 09:07 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-03-09 11:02 - 2016-02-09 04:57 - 14634496 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-03-09 11:02 - 2016-02-09 04:57 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-03-09 11:02 - 2016-02-09 04:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2016-03-09 11:02 - 2016-02-09 04:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2016-03-09 11:02 - 2016-02-09 04:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
2016-03-09 11:02 - 2016-02-09 04:54 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2016-03-09 11:02 - 2016-02-09 04:51 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2016-03-09 11:02 - 2016-02-09 04:51 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-03-09 11:02 - 2016-02-09 04:13 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2016-03-09 11:02 - 2016-02-09 04:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2016-03-09 11:02 - 2016-02-09 04:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2016-03-09 11:02 - 2016-02-05 13:54 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-03-09 11:02 - 2016-02-05 13:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-03-09 11:02 - 2016-02-05 13:53 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-03-09 11:02 - 2016-02-05 13:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-03-09 11:02 - 2016-02-05 13:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-03-09 11:02 - 2016-02-05 13:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-03-09 11:02 - 2016-02-05 13:42 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-03-09 11:02 - 2016-02-05 12:48 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-03-09 11:02 - 2016-02-05 12:43 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-03-09 11:02 - 2016-02-05 12:43 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-03-09 11:02 - 2016-02-05 09:07 - 00696832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-03-09 11:02 - 2016-02-05 09:07 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-03-09 11:02 - 2016-02-05 09:07 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-03-09 11:02 - 2016-02-04 20:19 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2016-03-09 11:02 - 2016-02-04 13:41 - 00296448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-30 21:21 - 2015-01-18 23:35 - 00000000 ____D C:\FRST
2016-03-30 21:20 - 2012-02-16 12:30 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-30 21:03 - 2011-12-23 09:43 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-527852487-919982166-2207449301-1001UA.job
2016-03-30 20:28 - 2014-08-23 16:11 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-03-30 19:20 - 2012-02-16 12:30 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-30 18:07 - 2011-12-23 09:46 - 00002392 _____ C:\Users\CaroWan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-30 17:15 - 2009-07-13 23:45 - 00031712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-30 17:15 - 2009-07-13 23:45 - 00031712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-30 13:03 - 2011-12-23 09:43 - 00000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-527852487-919982166-2207449301-1001Core.job
2016-03-29 21:37 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-29 21:05 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-03-29 21:03 - 2016-02-10 14:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-03-29 21:03 - 2015-11-20 01:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-03-29 21:03 - 2014-12-26 03:00 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-29 21:03 - 2014-12-13 15:24 - 00000000 ____D C:\ProgramData\Oracle
2016-03-29 21:03 - 2013-10-29 03:48 - 00000000 ____D C:\Windows\pss
2016-03-29 21:03 - 2009-07-14 00:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2016-03-29 21:03 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2016-03-29 20:20 - 2011-12-23 11:54 - 00000000 ____D C:\Users\CaroWan\Desktop\DREAMS, D's & writings
2016-03-29 15:47 - 2014-12-13 01:24 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-03-29 15:45 - 2016-02-10 14:19 - 00001069 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-03-29 14:01 - 2011-12-23 12:04 - 00000000 ____D C:\Program Files (x86)\Java
2016-03-29 13:59 - 2015-11-20 01:29 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-03-29 13:42 - 2013-08-20 13:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2016-03-25 03:01 - 2015-06-01 03:01 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-03-25 03:01 - 2015-06-01 03:01 - 00000000 ___SD C:\Windows\system32\GWX
2016-03-23 16:28 - 2014-08-23 16:11 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-03-23 16:28 - 2013-03-24 11:42 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-03-23 16:28 - 2011-09-15 16:48 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-15 16:23 - 2011-12-23 08:22 - 00000000 ____D C:\Users\CaroWan
2016-03-14 02:31 - 2013-02-21 02:36 - 00000000 ____D C:\Users\CaroWan\Desktop\new cd
2016-03-14 02:29 - 2009-07-14 00:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-14 02:17 - 2012-11-13 20:30 - 00000000 ____D C:\Users\CaroWan\Desktop\Books
2016-03-12 14:11 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2016-03-10 14:09 - 2016-02-10 14:18 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-03-10 14:08 - 2016-02-10 14:18 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-03-10 14:08 - 2014-12-13 01:22 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-03-10 03:04 - 2013-07-18 00:25 - 00000000 ____D C:\Windows\system32\MRT
2016-03-10 02:55 - 2014-12-09 17:57 - 00000000 ____D C:\Windows\system32\appraiser
2016-03-10 02:55 - 2011-12-24 10:06 - 143659408 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-03-08 21:19 - 2015-11-20 01:40 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-03-03 11:19 - 2015-06-11 08:35 - 00152320 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportHades64.sys
2016-03-03 11:19 - 2012-01-13 22:35 - 00407168 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportKE64.sys

==================== Files in the root of some directories =======

2014-08-15 19:10 - 2014-10-30 17:29 - 0000551 _____ () C:\Users\CaroWan\AppData\Roaming\ClipExtractor-ActiualSolution.dsln
2012-01-01 20:54 - 2012-01-01 20:54 - 0000015 _____ () C:\Users\CaroWan\AppData\Roaming\ClipExtractor-UpdatePerformed.txt
2012-01-01 21:12 - 2014-12-12 12:40 - 0000594 _____ () C:\Users\CaroWan\AppData\Roaming\ClipExtractor-YouTube-Clip-ExtractorFlvConverterDefaultSettings.xml
2014-11-12 01:36 - 2015-11-19 01:13 - 0000770 _____ () C:\Users\CaroWan\AppData\Roaming\Rim.Desktop.Exception.log
2014-11-11 23:26 - 2014-11-11 23:26 - 0001153 _____ () C:\Users\CaroWan\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2014-11-12 01:36 - 2015-11-19 01:13 - 0000770 _____ () C:\Users\CaroWan\AppData\Roaming\Rim.DesktopHelper.Exception.log
2012-09-03 02:11 - 2012-09-03 02:11 - 0017430 _____ () C:\Users\CaroWan\AppData\Roaming\UserTile.png
2012-01-22 22:35 - 2014-08-06 02:57 - 0000000 _____ () C:\Users\CaroWan\AppData\Roaming\wklnhst.dat
2016-03-30 02:39 - 2016-03-30 02:39 - 0185386 _____ () C:\Users\CaroWan\AppData\Local\ars.cache
2016-03-30 02:40 - 2016-03-30 02:40 - 0583219 _____ () C:\Users\CaroWan\AppData\Local\census.cache
2012-01-13 21:50 - 2012-01-13 21:50 - 0003584 _____ () C:\Users\CaroWan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-03-30 01:52 - 2016-03-30 01:52 - 0000036 _____ () C:\Users\CaroWan\AppData\Local\housecall.guid.cache
2016-03-30 02:17 - 2016-03-30 02:17 - 0000010 _____ () C:\Users\CaroWan\AppData\Local\sponge.last.runtime.cache

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-03-30 16:33
==================== End of FRST.txt ============================​


Next is the TXT for ADDITION:

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by CaroWan (2016-03-30 21:22:59)
Running from C:\Users\CaroWan\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2011-12-23 13:22:28)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-527852487-919982166-2207449301-500 - Administrator - Disabled)
CaroWan (S-1-5-21-527852487-919982166-2207449301-1001 - Administrator - Enabled) => C:\Users\CaroWan
Guest (S-1-5-21-527852487-919982166-2207449301-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-527852487-919982166-2207449301-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.197 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)
Amazon Kindle (HKU\S-1-5-21-527852487-919982166-2207449301-1001\...\Amazon Kindle) (Version: 1.14.0.43019 - Amazon)
Apple Application Support (HKLM-x32\...\{343666E2-A059-48AC-AD67-230BF74E2DB2}) (Version: 2.1.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{75104836-CAC7-444E-A39E-3F54151942F5}) (Version: 4.0.0.97 - Apple Inc.)
AVG 2013 (Version: 13.0.3495 - AVG Technologies) Hidden
AVG 2013 (Version: 13.0.4235 - AVG Technologies) Hidden
Backup Manager V3 (x32 Version: 3.0.0.90 - NTI Corporation) Hidden
BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.)
BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.41 - Research In Motion Ltd.) Hidden
BlackBerry World Browser Plugin (HKLM-x32\...\{7FBE3918-0284-4085-8F3A-B55E0F561D3C}) (Version: 10.2.172.7 - Research In Motion Limited)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Card Reader Driver Installer (HKLM\...\{4710662C-8204-4334-A977-B1AC9E547819}) (Version: 14.4.9.2 - Broadcom Corporation)
Broadcom Gigabit NetLink Controller (HKLM\...\{029A4933-3F36-4E4F-AEC3-2207AB26463D}) (Version: 14.4.6.1 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 3.16 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
CyberLink MediaEspresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.1615_36053b - CyberLink Corp.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4427.52 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DVD Photo Slideshow Professional 8.06 (HKLM-x32\...\DVD Photo Slideshow Professional_is1) (Version: - dvd-photo-slideshow.com)
Free Opener (HKLM\...\{A1F2C608-32D6-467D-B035-BBEF509042BA}_is1) (Version: 1.4 - EZ Freeware)
Free RAR Extract Frog (HKLM-x32\...\Free RAR Extract Frog) (Version: 3.23 - Philipp Winterberg)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Gateway MyBackup (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.90 - NTI Corporation)
Gateway Power Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3007 - Gateway Incorporated)
Gateway Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3502 - Gateway Incorporated)
Gateway Registration (HKLM-x32\...\Gateway Registration) (Version: 1.04.3502 - Gateway Incorporated)
Gateway ScreenSaver (HKLM-x32\...\Gateway Screensaver) (Version: 1.1.1022.2010 - Gateway Incorporated)
Gateway Social Networks (HKLM-x32\...\InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}) (Version: 3.0.3030 - CyberLink Corp.)
Gateway Social Networks (x32 Version: 3.0.3030 - CyberLink Corp.) Hidden
Google Chrome (HKU\S-1-5-21-527852487-919982166-2207449301-1001\...\Google Chrome) (Version: 49.0.2623.110 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
HomeMedia (HKLM-x32\...\{AA4BF92B-2AAF-11DA-9D78-000129760D75}) (Version: 2.0.8520 - CyberLink Corporation)
HP Deskjet 1000 J110 series Basic Device Software (HKLM\...\{883B114D-BD3E-498F-9DAD-5E4A8E1C43BA}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Deskjet 1000 J110 series Help (HKLM-x32\...\{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}) (Version: 140.0.65.65 - Hewlett Packard)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Gateway Incorporated)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2345 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.5.1001 - Intel Corporation)
Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 7.0.0 (Standard) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.7 - Gateway)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
Microsoft Works Suite 2006 Setup Launcher (HKLM-x32\...\Works2006Setup) (Version: - )
Microsoft Works Suite Add-in for Microsoft Word (HKLM-x32\...\{17E3A651-12B9-4149-BAE8-E6FB9A5ADC4F}) (Version: 8.0.0.0000 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.2.10500.2.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.2.12000.21.100 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}) (Version: 10.5.10300 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.2.11600.14.100 - Nero AG)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
OpenOffice 4.1.0 (HKLM-x32\...\{28B88897-774A-4005-BBFF-663B1F8EAA5A}) (Version: 4.10.9764 - Apache Software Foundation)
QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
RAF (HKLM-x32\...\{E6B43401-E818-4961-AFED-118DD8E87642}) (Version: 1.00.0001 - FUJIFILM Corporation)
Rapport (Version: 3.5.1205.18 - Trusteer) Hidden
Rapport (x32 Version: 3.5.1507.113 - Trusteer) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6373 - Realtek Semiconductor Corp.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.18.0 - Synaptics Incorporated)
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1507.113 - Trusteer)
Video Web Camera (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1904 - CyberLink Corp.)
Video Web Camera (x32 Version: 1.0.1904 - CyberLink Corp.) Hidden
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)
Welcome Center (HKLM-x32\...\Gateway Welcome Center) (Version: 1.02.3503 - Gateway Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - CACE Technologies)
Works Upgrade (x32 Version: 8.0.0.0000 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0B6748A0-C1F5-4C05-9CB5-09D6AAF20542} - System32\Tasks\Adobe ARM => c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {10EB929A-E83F-4D55-B019-47926F7A83F4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-23] (Adobe Systems Incorporated)
Task: {1B168205-29E3-4758-A3B3-CD27280F4636} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2011-04-15] (CyberLink)
Task: {3674A010-905C-4093-A226-167EFB005D9B} - System32\Tasks\Adobe Reader Speed Launcher => c:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
Task: {67836F8F-7BD6-408F-B90D-A58F0C2CFCB1} - System32\Tasks\{AF8CBD97-9897-4276-886C-55963C3E8BA3} => pcalua.exe -a "C:\Users\CaroWan\Downloads\chromeinstall-8u25 (1).exe" -d C:\Users\CaroWan\Downloads
Task: {7BC50834-41B0-48E8-874E-E5A8DF5CA386} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {7F301269-269F-4E45-BD8F-518DF39DA69E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {8AAF78DD-5E8F-4794-B87C-3225FBBFDFE9} - System32\Tasks\{25756DF9-2FDB-4F8C-893C-66324F7C0E8E} => Chrome.exe hxxp://ui.skype.com/ui/0/5.8.0.158/en/abandoninstall?page=tsMain
Task: {90BF7191-45FF-4A1A-A1E1-A9D917AD2B2B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-527852487-919982166-2207449301-1001Core => C:\Users\CaroWan\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {9F218F45-BF72-45B9-BFFC-88A677B74335} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {A3FC4048-9FFF-430D-B6A1-E46A7590C6F4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-527852487-919982166-2207449301-1001UA => C:\Users\CaroWan\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {B6AA1F69-6974-489B-B1D6-63F562823245} - System32\Tasks\AutoUpdaterTask => C:\Program Files (x86)\Auto Updater\AutoUpdater.exe
Task: {E8CA87DB-46B2-49D2-A093-00AD08B4DBBD} - System32\Tasks\{B4D88855-3B11-4C2B-804C-7499D535F14C} => C:\Program Files (x86)\35mm Film Scanner\FilmScan.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-527852487-919982166-2207449301-1001Core.job => C:\Users\CaroWan\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-527852487-919982166-2207449301-1001UA.job => C:\Users\CaroWan\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2011-10-12 02:00 - 2011-03-26 18:29 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-11-01 23:26 - 2011-11-01 23:26 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-01 23:26 - 2011-11-01 23:26 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-03-09 12:13 - 2011-03-09 12:13 - 00465640 _____ () C:\Program Files (x86)\NTI\Gateway MyBackup\sqlite3.dll
2011-03-09 12:12 - 2011-03-09 12:12 - 01081664 _____ () C:\Program Files (x86)\NTI\Gateway MyBackup\ACE.dll
2011-03-09 12:12 - 2011-03-09 12:12 - 00125760 _____ () C:\Program Files (x86)\NTI\Gateway MyBackup\MailConverter32.dll
2016-03-30 18:07 - 2016-03-27 02:58 - 01675928 _____ () C:\Users\CaroWan\AppData\Local\Google\Chrome\Application\49.0.2623.110\libglesv2.dll
2016-03-30 18:07 - 2016-03-27 02:58 - 00086168 _____ () C:\Users\CaroWan\AppData\Local\Google\Chrome\Application\49.0.2623.110\libegl.dll
2016-03-30 18:07 - 2016-03-27 02:58 - 17545880 _____ () C:\Users\CaroWan\AppData\Local\Google\Chrome\Application\49.0.2623.110\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-527852487-919982166-2207449301-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\CaroWan\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 24.222.0.94 - 24.222.0.95
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AVGIDSAgent => 2
MSCONFIG\Services: avgwd => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\Windows\pss\Microsoft Office.lnk.CommonStartup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BackupManagerTray => "C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe" -h -k
MSCONFIG\startupreg: Google Update => "C:\Users\CaroWan\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RemoteControl10 => "c:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
MSCONFIG\startupreg: RIMBBLaunchAgent.exe => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{33CFEC72-99A7-46E5-B91D-F7B7701F94D3}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{A4676554-CB1A-4B65-A4F5-0CD21320AAD8}] => (Allow) LPort=2869
FirewallRules: [{1DB408AB-1877-4141-945F-FD25A056CBE9}] => (Allow) LPort=1900
FirewallRules: [{09CC41FD-CBC2-42AD-B863-5848A5B86669}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{473F0471-8F11-41DF-A1C0-94CCBA6EE53B}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{34E6A6D4-83A2-4CD4-907F-D4750F517553}] => (Allow) C:\Program Files (x86)\CyberLink\HomeMedia\HomeMedia.exe
FirewallRules: [{53556D4A-F995-4C1C-9AC3-2CA9BC9E71CF}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{53525F5C-C910-470A-8FF0-452FF00CD4EB}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{EEB53063-8574-4661-A984-4BFFD7F6AF48}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{F07B38FE-E632-4439-B8DD-A0D7AA59DC44}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{038D3FC8-AB37-49C1-9D04-913F4EB2D33D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{20172345-03E0-43DD-90E5-C161A8E5C516}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E0418BC7-F061-4FC9-953E-8D4BBF803C69}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0E61216A-AE75-4776-80AA-CD8C8B484A18}] => (Allow) C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\USBSetup.exe
FirewallRules: [{19FB551F-ABED-4090-9BEC-99F0D58A4723}] => (Allow) C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\USBSetup.exe
FirewallRules: [TCP Query User{EF98DEF3-1C33-44B1-A6DC-122EF26E5EAF}C:\users\carowan\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\carowan\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{BD945917-3E61-4FD8-99A4-B8054BF31CA7}C:\users\carowan\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\carowan\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [{4DE25536-3426-4AB9-927A-D216EA6AC584}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{E6ABBE01-23EA-46EA-885A-F8C50DD55AF5}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{1AC3C5D1-6572-4883-A807-120AE6C25F09}] => (Allow) LPort=4481
FirewallRules: [{A064B685-BACB-4714-9EAF-5C41A6B36DC9}] => (Allow) LPort=4481
FirewallRules: [{B595DAC4-F750-404B-B42B-48C3D68280FA}] => (Allow) LPort=4482
FirewallRules: [{76293352-8D6C-468C-A1F2-CAA7F27DEA0B}] => (Allow) LPort=4482
FirewallRules: [TCP Query User{5F6B1CC4-5DC7-467E-A8FF-6A30F07C5456}C:\users\carowan\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\carowan\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{EE639596-F271-4337-9C51-C00DD8B4313A}C:\users\carowan\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\carowan\appdata\local\google\chrome\application\chrome.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/30/2016 05:53:43 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 18065

Error: (03/30/2016 05:53:43 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 18065

Error: (03/30/2016 05:53:43 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/30/2016 05:53:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 17066

Error: (03/30/2016 05:53:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 17066

Error: (03/30/2016 05:53:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/30/2016 05:53:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 16068

Error: (03/30/2016 05:53:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 16068

Error: (03/30/2016 05:53:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/30/2016 05:53:40 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15070


System errors:
=============
Error: (03/30/2016 09:12:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Rapport Management Service service terminated unexpectedly. It has done this 1 time(s).

Error: (03/30/2016 04:33:44 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY)
Description: 0x8000002a44\SystemRoot\System32\Config\RegBack\SOFTWARE

Error: (03/30/2016 04:33:09 PM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (03/30/2016 04:33:08 PM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (03/30/2016 04:33:08 PM) (Source: volsnap) (EventID: 14) (User: )
Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:.

Error: (03/30/2016 04:33:07 PM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (03/30/2016 04:33:06 PM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (03/30/2016 04:33:05 PM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (03/30/2016 04:33:04 PM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (03/30/2016 04:33:03 PM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU B950 @ 2.10GHz
Percentage of memory in use: 33%
Total physical RAM: 5984.3 MB
Available physical RAM: 4001.94 MB
Total Virtual: 11966.8 MB
Available Virtual: 9908.47 MB

==================== Drives ================================

Drive c: (Gateway) (Fixed) (Total:683.89 GB) (Free:611.2 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 698.6 GB) (Disk ID: EA666719)
Partition 1: (Not Active) - (Size=14.6 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=683.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================​

I should probably also let you know I attempted a number of times to do a system restore to an earlier date when the HD wasn't spinning, and each time it failed (see image below of failure)
 

askey127

Malware Specialist
Joined
Dec 22, 2006
Messages
3,721
SpinningHD,
We will take care of the Win10 issue permanently after we are through.

You have two likely serious issues and one possible.
1-Trusteer Rapport is installed.
It can and frequently does interfere with antivirus programs and peripherals

2-There are active remnants of AVG2013 on there that need to be removed

3-You have Java installed. I would remove it unless you have an important need for it.

In order to Uninstall Rapport, you have to APPLY for the uninstaller here:
http://www.trusteer.com/support/uninstall-troubleshooting
Apply, download it and run it.
Does that give you the creeps? It's their version of Security.

The AVG removal tool is here:
http://download.avg.com/filedir/util/AVG_Remover_en.exe
Download and run it.

I would Uninstall Java 8 ver 77 as well. If it turns out you actually use it, you can install it again.
The reasons not to use it are here:
http://www.zdnet.com/a-close-look-a...eptive-software-with-java-updates-7000010038/
http://www.itworld.com/article/2940...-make-yahoo-your-default-search-provider.html

Let me know how it goes and we will proceed further.
askey127
 

SpinningHD

Thread Starter
Joined
Mar 29, 2016
Messages
8
- No idea how Trusteer Rapport got onto my machine, but I used their removal tool and it should be gone now
- The AVG removal tool failed all 4 times (msg was 'connection failed') - Is there another method to remove those bits?
- I used the uninstall option in Control Panel to remove Java update ver77. It appears to be gone.
 

askey127

Malware Specialist
Joined
Dec 22, 2006
Messages
3,721
SpinningHD,
We will take out leftovers manually.
--------------------------------------------------------
Run A Fix With FRST
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both the program FRST64.exe and Fixlist.txt be in the same location, or the fix will not work.
(Both on the Desktop is OK, or both in the same folder elsewhere)

Run FRST64 and press the FIX button just once, and wait. DO NOT PRESS THE SCAN BUTTON.
If for some reason the tool needs a restart, please make sure you let the system restart normally.
The tool may start automatically and complete its work after the system restart. Let the tool complete its run.
When finished, FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents in your reply.

-----------------------------------------------------------
Run GWX Control Panel
If Microsoft's attempts to force Windows 10 onto the machine are unwanted, you can download and Run GWX Control Panel
http://ultimateoutsider.com/downloads/
Click on Download the Installer on the right.
Save it where you can find it and right click > "run as administrator" to install the program.
You can see the user guide here: http://blog.ultimateoutsider.com/2015/08/using-gwx-stopper-to-permanently-remove.html
Then open GWX Control Panel.
If you don't disable things with GWX Control Panel, and you are allowing Updates, Windows 10 will likely get installed automatically, without your active permission.

Utilizing GWX Control Panel will prevent most of the Windows 10 activities slowing down the machine.
I would suggest you click on any of these that are not grayed out:
  • Click to disable Get Windows 10 app (delete icon)
  • Click to delete Windows 10 download folder
  • Click to prevent Windows 10 upgrades
  • Click to delete Windows 10 programs
  • Click to disable non-critical Windows 10 settings
  • Click to enable Monitor mode
You may also wish to change your Windows Update settings so only Security Updates are allowed.
Attempts by Microsoft to circumvent your wishes can be monitored by enabling the Monitor mode button.
It's possible that you may need to download a newer version of GWX Control Panel later, if Microsoft doesn't get civilized about this.
Barring sabotage by Microsoft, you should be able to use Windows 7 until 2020, or Windows 8 until 2023.

Let me know how it's running at this point.
askey127
 

Attachments

SpinningHD

Thread Starter
Joined
Mar 29, 2016
Messages
8
Ok. I used the tool to remove all GWX junk, it deleted a lot of folders etc. It's also monitoring for win10 updates.

The laptop HD is still spinning endlessly and is hot (but it does appear to be working faster)

Fixlog below
:
Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by CaroWan (2016-03-31 17:46:12) Run:1
Running from C:\Users\CaroWan\Desktop
Loaded Profiles: CaroWan (Available Profiles: CaroWan)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-527852487-919982166-2207449301-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
S2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2266160 2016-03-03] (IBM Corp.)
C:\Program Files (x86)\Trusteer\Rapport
R1 RapportCerberus_1507082; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1507082.sys [972896 2016-03-29] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [514336 2016-03-03] (IBM Corp.)
R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [152320 2016-03-03] (IBM Corp.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [407168 2016-03-03] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [507424 2016-03-03] (IBM Corp.)
C:\ProgramData\Trusteer\Rapport
C:\Windows\System32\Drivers\RapportHades64.sys
C:\Windows\System32\Drivers\RapportKE64.sys
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [209720 2014-11-04] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2014-10-17] (AVG Technologies CZ, s.r.o.)
C:\Windows\System32\DRIVERS\avgidsdrivera.sys
C:\Windows\System32\DRIVERS\avgidsha.sys
C:\Windows\System32\DRIVERS\avgldx64.sys
C:\Windows\System32\DRIVERS\avgloga.sys
C:\Windows\System32\DRIVERS\avgmfx64.sys
C:\Windows\System32\DRIVERS\avgrkx64.sys
C:\Windows\System32\DRIVERS\avgtdia.sys
C:\Windows\system32\drivers\avgtpx64.sys
2016-03-29 21:17 - 2016-03-29 21:17 - 00000000 ____D C:\Users\CaroWan\AppData\Local\ElevatedDiagnostics
2016-03-29 13:42 - 2013-08-20 13:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
EmptyTemp:
Cmd: ipconfig /flushdns

*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-527852487-919982166-2207449301-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
RapportMgmtService => service not found.
"C:\Program Files (x86)\Trusteer\Rapport" => not found.
RapportCerberus_1507082 => service not found.
RapportEI64 => service not found.
RapportHades64 => Unable to stop service.
RapportHades64 => service removed successfully
RapportKE64 => service not found.
RapportPG64 => service not found.
"C:\ProgramData\Trusteer\Rapport" => not found.
C:\Windows\System32\Drivers\RapportHades64.sys => moved successfully
C:\Windows\System32\Drivers\RapportKE64.sys => moved successfully
AVGIDSDriver => Unable to stop service.
AVGIDSDriver => service removed successfully
AVGIDSHA => Unable to stop service.
AVGIDSHA => service removed successfully
Avgldx64 => service removed successfully
Avgloga => Unable to stop service.
Avgloga => service removed successfully
Avgmfx64 => Unable to stop service.
Avgmfx64 => service removed successfully
Avgrkx64 => Unable to stop service.
Avgrkx64 => service removed successfully
Avgtdia => Unable to stop service.
Avgtdia => service removed successfully
C:\Windows\System32\DRIVERS\avgidsdrivera.sys => moved successfully
C:\Windows\System32\DRIVERS\avgidsha.sys => moved successfully
C:\Windows\System32\DRIVERS\avgldx64.sys => moved successfully
C:\Windows\System32\DRIVERS\avgloga.sys => moved successfully
C:\Windows\System32\DRIVERS\avgmfx64.sys => moved successfully
C:\Windows\System32\DRIVERS\avgrkx64.sys => moved successfully
C:\Windows\System32\DRIVERS\avgtdia.sys => moved successfully
C:\Windows\system32\drivers\avgtpx64.sys => moved successfully
C:\Users\CaroWan\AppData\Local\ElevatedDiagnostics => moved successfully
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection" => not found.

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => 502 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 17:47:32 ====
 

askey127

Malware Specialist
Joined
Dec 22, 2006
Messages
3,721
SpinningHD,
This is the next thing I want to do:
This program is way better than the defrag that comes with the system.
It may change the way the drive behaves.
-------------------------------------------------------------
Download MyDefrag from here and Install it : http://filehippo.com/download_mydefrag/
After Installation, run MyDefrag in System Disk Monthly Mode on the C: drive
(Click System Disk Monthly and then check C: drive, click Run)
Wait for it. It goes through 6 Zones. It may take an hour or two, depending on how badly the HD is scrambled.
The Window will be labeled Finished at the top when it is done.
Going forward, you can run it in System Disk Daily mode, but once every week or two is sufficient.
It will finish a lot faster in the ensuing runs.

Let me know if any change after
askey127
 

SpinningHD

Thread Starter
Joined
Mar 29, 2016
Messages
8
Done. Here's the results. Didn't take long because I haven't used much space on this PC. I also did a regular windows defrag a week ago.

Unfortunately the HD is still spinning away.. :(


Total disk space: 734,320, 775,168 bytes 683.8895 GigaBytes
Unfragmented items: 0 bytes 0 items
Fragmented items: 0 bytes 0 items
Gaps: 659,889, 410,048 bytes 23,587 gaps
Average gap: 27,975,680 bytes
Median gap: 28,672 bytes
Biggest gap: 357,807, 554,560 bytes

Zone number: 0
Unfragmented items: 0 bytes 0 items
Fragmented items: 0 bytes 0 items
 

askey127

Malware Specialist
Joined
Dec 22, 2006
Messages
3,721
SpinningHD,
I think there is likely to be a Hard Drive issue, or something in your "scheduled tasks" settings.
Sorry to bother you with all this stuff, but it's sort of a detective mystery. One clue at a time.
-----------------------------------------
Check hard Drive for Errors
Open Notepad... then copy and paste the following line into Notepad:
(Notepad is in Start, Programs, Accessories)
Code:
cmd  /c  chkdsk  c:  |find  /v  "percent"  >> "%userprofile%\desktop\checkhd.txt"
Now Save the NotePad file like this:
  • Click on File from the top menu bar.
  • Select Save As, use Filename: testhd.bat and Save As Type: All Files.
  • Choose Desktop as the location
  • Click Save.
Right click on testhd.bat on your desktop and select Run As Administrator to run it. OK the UAC.
A Command Prompt box will pop up, then close after a couple minutes.
Please post the contents of the checkhd.txt file from your desktop.
If the file is very long, just copy and paste the LAST 20 or 30 lines into your reply.

askey127
 

SpinningHD

Thread Starter
Joined
Mar 29, 2016
Messages
8
Hey Askey127 -- It's working normal again!
The HD isn't constantly spinning any longer. I have no idea what step it was that fixed the issue, but it's suddenly operating normally now and is no longer slow.

I want this laptop to last until 2020 or longer. -
Speaking of which: Do you know what the average lifespan of a Laptop with my specs might be? -
- Laptop was newly bought Dec 2011 and is used 8 to 10 hours daily in work I do over the internet. I do not download a lot of videos or large files etc. Mainly I use it to write articles and work on an internet platform.

Thanks kindly for your help, it's really appreciated!
 

askey127

Malware Specialist
Joined
Dec 22, 2006
Messages
3,721
Spinning, Glad it's better.
The practical life of a laptop can be quite long.
As long as the performance is OK, it's usually worth maintaining or repairing.
The practical reliability limits are usually controlled by two components:
1. The hard drive
2.The battery
Either can be replaced.

In the case of the hard drive, you need to save a complete "image" of the system someplace to be certain of not losing much in case of a total failure.
http://www.howtogeek.com/howto/4241/how-to-create-a-system-image-in-windows-7/

In the case of the battery, its life can be extended by unplugging the charger anytime it gets to full charge.
The "extra" charging only heats up the battery and dries out the elcctrolyte sooner.
 

SpinningHD

Thread Starter
Joined
Mar 29, 2016
Messages
8
Thanks a lot for the wisdom regarding the battery, etc. I will use it!
Much appreciate your time and help!
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top