Resolved Problems with booting into Windows 7

lj50 · 2016/03/25

Why not go into the Recovery Manager and create a your own set of recovery disks. Get five(5). DVD±Rs, DVD-R or DVD+R. Preferably DVD-R which is suggested by HP's Recovery Manager. When ever I get a new Notebook this the first thing I do.

skaler2k · 2016/03/25

I hope I'm wrong, but wouldn't creating disks at this point create them with the faults/problems that presently exist?

lj50 · 2016/03/25

No. It just creates the factory reset image to the disks. In case your HDD fails. It's a fresh copy. The only drawback is HP Bloat Ware. That can be uninstalled. The MS updates install 5 to maybe 10 at a time. The get the Product Number(P/N) That can be found In BIOS Setup, HP Advisor Dash Board, HP Support Assistant. Machines manufactures before the middle of 2010 on a label at the bottom of the notebook and after that in the battery compartment. Then go to HP Customer Support. Scroll down click on Identify Now, then update your drivers and HP system software.

skaler2k · 2016/03/27

Hi Evan,
I'm down to step 22 on the optimizing path, and am about to download and install ZOEK. I've always had the free MalwareBytes installed, but, for the life of me, can't find the page to temporarily disable it, which is required by ZOEK.
MalwareB. is not started, nor listed in the msconfig>startup tab.
I do not yet have an antivirus program on this laptop. I'm with Comcast, and they offer the Norton Suite for free, but this is the 4th computer, and they won't allow more than 3 installs. Can you recommend a good freebie AV program?
I've also had CCleaner all along, plus one called WiseCare 365, which does a lot of the same things.
So, could you tell me how to temporarily disable MalwareBytes?
Thus far, I still have the 65 second freeze, and the subsequent delay for the musical chime that accompanies desktop opening.

Evan Omo · 2016/03/28

With Malwarebytes Antimalware, unless you are using the premium version, the free version does not run in the background except if you actually open the program.

If Malwarebytes Antimalware is closed then you can continue running Zoek.

As for security programs, I will give you a list of good free security programs to download once you finish running through my guide. It would also be helpful if you post the logs in your next reply so I can see how much malware was removed and what programs you currently have installed.

skaler2k · 2016/04/02

Hi Evan,
I completed the optimization process and the symptoms I wanted to change remain the same. There is still a ~65 second freeze between the welcome screen and when the desktop finally appears, and a roughly 85 second delay between the desktop and the windows opening chime. The laptop otherwise runs great. When the welcome screen unfreezes, I hear the DVD drive grind/ energize briefly.
If I put the laptop into SLEEP mode, and come back in less than 5 minutes or so, the laptop wakes up instantly, and the accompanying chime is right there.
If I wait an hour or so, and touch any key or touchpad, the welcome screen and the frozen circle reappear, and the delays for desktop and windows chime are the same as when I boot up fresh.
I did go ahead and download AVAST AV. Reading several sites under Google, I noticed that Avira, Avast, and AVG are always mentioned or rated near the top of everyone's list. I chose Avast only because my buddy, whose opinion I respect uses it. I am not married to Avast, so if you have a better suggestion, I'll gladly switch.
I'll attach 5 of the 9 logs. I can't find the other 4, but I can re-run the programs and save them, and then send them to you, if you'd like them.
Also, I don't know how to attach the Autoruns Logon Screenshot, though I doubt that it would make any difference at this point.
There are 21 processes running.

skaler2k · 2016/04/02

I can't seem to upload the ZHP Cleaner log. Tried 3 times, and get a webpage cannot be displayed popup.

Evan Omo · 2016/04/02

I still need the Zoek log and its saved on your C drive under Start< Computer. Instead of uploading the ZHP Cleaner log just copy the contents of the log and paste it in your next reply.

For the Autoruns screenshot, just upload the image to http://imgur.com/ and post the link in your next reply.

skaler2k · 2016/04/02

hi Evan,
Here's the ZHP log content:
~ ZHPCleaner v2016.3.26.46 by Nicolas Coolman (2016/03/26)
~ Run by Onyx (Administrator) (26/03/2016 16:35:02)
~ Site : http://www.nicolascoolman.com
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\Onyx\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Onyx\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)

---\\ Services (0)
~ No malicious or unnecessary items found.

---\\ Browser internet (0)
~ No malicious or unnecessary items found.

---\\ Hosts file (1)
~ The hosts file is legitimate (21)

---\\ Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.

---\\ Explorer ( File, Folder) (10)
MOVED folder: C:\Windows\Installer\MSI1978.tmp- =>Empty
MOVED folder: C:\Windows\Installer\MSI2D9A.tmp- =>Empty
MOVED folder: C:\Windows\Installer\MSI32CA.tmp- =>Empty
MOVED folder: C:\Windows\Installer\MSIBF40.tmp- =>Empty
MOVED folder: C:\Windows\Installer\MSIC4AE.tmp- =>Empty
MOVED folder: C:\Windows\Installer\MSIC606.tmp- =>Empty
MOVED folder: C:\Windows\Installer\MSIC942.tmp- =>Empty
MOVED folder: C:\Windows\Installer\MSICB17.tmp- =>Empty
MOVED folder: C:\Windows\Installer\MSICD1F.tmp- =>Empty
MOVED folder: C:\Windows\Installer\MSICE68.tmp- =>Empty

---\\ Registry ( Key, Value, Data) (0)
~ No malicious or unnecessary items found.

---\\ Other deletions. (34)
~ Registry Keys Tracing deleted (34)
~ Remove the old reports ZHPCleaner. (0)

---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Mozilla Firefox)
~ Browser not found (Opera Software)

---\\ Statistics
~ Items scanned : 261
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 10

~ End of clean in 00h00mn02s
===================
ZHPCleaner-[R]-26032016-16_35_04.txt
ZHPCleaner--26032016-16_34_40.txt

skaler2k · 2016/04/02

zoek results

skaler2k · 2016/04/02

Hi Evan,
I found the zoek-results log file, but when I try and attach it, it says "invalid file ".
When I try and copy and paste it into a reply box here, it appears to be way too big-something like 900K characters where the max allowed is 500K.

skaler2k · 2016/04/02

I saved the autoruns file. When I open it, it defaults back to the everything tab. I did this twice, just to make sure I didn't mess up and save the wrong one. I didn't.
Once I figure out how to get it to you, will you be able to manipulate it and click on the logon tab?
It is 6,032KB big, and I tried to send it as an attachment, but, again, the program identifies it as an invalid file.

Evan Omo · 2016/04/03

For the Autoruns screenshot, just click on the Logon Tab and then use the Alt and Print Screen buttons on the keyboard to take the screenshot, then open Microsoft Paint and paste the screenshot, save the file and then upload the image to the imgur website so I can see what startup entries you have.

For the Zoek results, just split the log into multiple posts if you have to.

skaler2k · 2016/04/03

Ok, here is the zoekresults part 1 of 5:
Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by Onyx on Sat 04/02/2016 at 16:27:36.03.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Onyx\Downloads\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2016-04-02-151703.log 91091 bytes

==== System Restore Info ======================

4/2/2016 4:28:04 PM Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\PROGRA~3\Validity deleted successfully
C:\Users\Onyx\AppData\Local\VirtualStore deleted successfully

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Installed Programs ======================

Adobe AIR
Adobe Flash Player 15 Plugin
Adobe Flash Player 21 ActiveX
Adobe Shockwave Player 12.1
AMD Catalyst Control Center
AMD Drag and Drop Transcoding
AMD Install Manager
AMD Settings - Branding
AMD Wireless Display v3.0
Avast Free Antivirus
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CPUID CPU-Z 1.75
CyberLink PowerDVD
D3DX10
ESU for Microsoft Windows 7 SP1
Foxit Reader
Google Chrome
Google Update Helper
HP Customer Experience Enhancements
HP Support Solutions Framework
Intel(R) Chipset Device Software
Intel(R) Driver Update Utility 2.4
Intel(R) Management Engine Components
Intel(R) ME UninstallLegacy
Intel(R) PRO/Wireless Driver
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Intel(R) SDK for OpenCL - CPU Only Runtime Package
Intelr Driver Update Utility
Intelr PROSet/Wireless Software
Intelr PROSet/Wireless WiFi Software
Intelr Trusted Connect Service Client
Java 8 Update 73
Java Auto Updater
Junk Mail filter update
Malwarebytes Anti-Malware version 2.2.1.1043
Microsoft .NET Framework 4.6.1
Microsoft Application Error Reporting
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
MSVCRT
MSVCRT_amd64

skaler2k · 2016/04/03

Part2:
MSVCRT
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
Photo Common
Realtek Ethernet Controller Driver
Renesas Electronics USB 3.0 Host Controller Driver
SafeZone Stable 1.48.2066.95
Security Update for Microsoft .NET Framework 4.6.1 (KB3122661)
Security Update for Microsoft .NET Framework 4.6.1 (KB3127233)
Security Update for Microsoft .NET Framework 4.6.1 (KB3136000)
swMSM
Synaptics TouchPad Driver
VLC media player
Windows 7 Upgrade Advisor
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Wise Care 365 4.11

==== Running Processes ======================

C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe
C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Users\Onyx\Downloads\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe

==== Deleting Services ======================

==== Batch Command(s) Run By Tool======================

Reseting Global, OK!
Reseting Interface, OK!
Restart the computer to complete this action.

==== System Specs ======================

Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 8140 MB
CPU Info: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz
CPU Speed: 1999.5 MHz
Sound Card: Speakers / HP (IDT High Definit |
Display Adapters: Intel(R) HD Graphics 3000 | Intel(R) HD Graphics 3000 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1600 X 900 - 32 bit
Network: Network Present
Network Adapters: Realtek PCIe GBE Family Controller | Microsoft Virtual WiFi Miniport Adapter #2 | Intel(R) WiFi Link 1000 BGN
CD / DVD Drives: 1x (D: | ) D: hp DVDWBD TS-LB23L
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 5 Button Wheel Mouse Present
Hard Disks: C: 465.7GB | E: 465.8GB
Hard Disks - Free: C: 408.0GB | E: 459.2GB
Manufacturer *: Hewlett-Packard
BIOS Info: AT/AT COMPATIBLE | 06/24/11 | HPQOEM - 1
Time Zone: Eastern Standard Time
Motherboard *: Hewlett-Packard 165A
Country: United States
Language: ENU

==== System Specs (Software) ======================

AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
Default Browser: Google Chrome 49.0.2623.110
Internet Explorer Version: 11.0.9600.18230
Google Chrome version: 49.0.2623.110
Sun Java version: 1.8.0_73 (32-bit)
Sun Java version: 1.8.0_73 (64-bit)
Flash Player version: 15.0.0.239
Shockwave Player version: 12.1.4r154

==== Files Recently Created / Modified ======================

====== C:\Windows ====
2016-03-28 17:30:37 9A4721C52C4746019879D9F8033DCA00 52184 ----a-w- C:\Windows\avastSS.scr
2016-03-26 21:28:53 E21B90BD14AFFC13D50A2E8A26336561 2052 ----a-w- C:\Windows\epplauncher.mif
====== C:\Users\Onyx\AppData\Local\Temp ====
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2016-03-26 21:26:46 F1FCE953EF04251F17BE828185B9DFA0 419928 ----a-w- C:\Windows\SysWOW64\locale.nls
2016-03-26 21:26:44 B51A17A1820E8940C0F99D5CCE6CD97E 6656 ----a-w- C:\Windows\SysWOW64\KBDAZEL.DLL
2016-03-26 21:26:44 A326E8C5F54D675AC83639FC9ADA8CDA 69120 ----a-w- C:\Windows\SysWOW64\nlsbres.dll
2016-03-26 21:26:44 4D1ED276529A0EA7177A6830BC842A92 6656 ----a-w- C:\Windows\SysWOW64\kbdgeoqw.dll
2016-03-26 21:26:44 4768E74F674F6DF9AEF172F738A1342B 7168 ----a-w- C:\Windows\SysWOW64\KBDAZE.DLL
2016-03-26 21:25:42 C2E392F3CE66FE21ADB7CA1158790BAA 15360 ----a-w- C:\Windows\SysWOW64\tbs.dll
2016-03-26 20:06:01 565DE7C3364D2B17A4115116251D5718 3994560 ----a-w- C:\Windows\SysWOW64\ntkrnlpa.exe
2016-03-26 20:06:00 F5071D3802BC7A7AA65D58D57F9B7D70 553472 ----a-w- C:\Windows\SysWOW64\kerberos.dll
2016-03-26 20:06:00 7DAD20AB1DD90D89F9EF851F5EB60651 3938240 ----a-w- C:\Windows\SysWOW64\ntoskrnl.exe
2016-03-26 20:05:59 B994002C9AC277B400D8616AAEB3D83E 259584 ----a-w- C:\Windows\SysWOW64\msv1_0.dll
2016-03-26 20:05:59 B8E6C6411AAE69972DE30D2CC6ECABFD 1314328 ----a-w- C:\Windows\SysWOW64\ntdll.dll
2016-03-26 20:05:59 A51056F0AB2386C1032977E89BCB267A 1114112 ----a-w- C:\Windows\SysWOW64\kernel32.dll
2016-03-26 20:05:59 886F415E4F7A87AF69EBF5020C67EF6F 686080 ----a-w- C:\Windows\SysWOW64\adtschema.dll
2016-03-26 20:05:59 81D70F77DBC2A20E8057FB373D0F9AE6 665088 ----a-w- C:\Windows\SysWOW64\rpcrt4.dll
2016-03-26 20:05:59 5107D0FCD28BC68995D862B718C98CDD 223232 ----a-w- C:\Windows\SysWOW64\ncrypt.dll
2016-03-26 20:05:59 295EE61AFA07756F3CBCDF6CA012F905 275456 ----a-w- C:\Windows\SysWOW64\KernelBase.dll
2016-03-26 20:05:59 1B2966418D805A871C30998D45570109 642560 ----a-w- C:\Windows\SysWOW64\advapi32.dll
2016-03-26 20:05:59 1827E4CAD59C32A1E913AAC375AC094F 251392 ----a-w- C:\Windows\SysWOW64\schannel.dll
2016-03-26 20:05:58 F0B10B63F257577F270D7E5265FA576C 146432 ----a-w- C:\Windows\SysWOW64\msaudite.dll
2016-03-26 20:05:58 D6B30A1D95917A934BA1CEC152763EBB 43008 ----a-w- C:\Windows\SysWOW64\srclient.dll
2016-03-26 20:05:58 C9E5B2084321B113344015FEE3C89CCF 17408 ----a-w- C:\Windows\SysWOW64\credssp.dll
2016-03-26 20:05:58 C9A9A093C04AA3DA11D12E6374D7650A 60416 ----a-w- C:\Windows\SysWOW64\msobjs.dll
2016-03-26 20:05:58 B3AE2AB29B51BC44511262259499D18B 22016 ----a-w- C:\Windows\SysWOW64\secur32.dll
2016-03-26 20:05:58 ADFB530BD8835ACE1B272DA8A7308A96 50176 ----a-w- C:\Windows\SysWOW64\auditpol.exe
2016-03-26 20:05:58 9BD14CC0F472E93F453D3D50BBD3BBDA 5120 ----a-w- C:\Windows\SysWOW64\wow32.dll
2016-03-26 20:05:58 99D3E1FAB38B1D6DA536243631BAB839 6656 ----a-w- C:\Windows\SysWOW64\apisetschema.dll
2016-03-26 20:05:58 93BCAB853A5B5A0665E7495ADBB03B76 14336 ----a-w- C:\Windows\SysWOW64\ntvdm64.dll
2016-03-26 20:05:58 821BE1FA64525FEFD4DF40C37F19193A 96768 ----a-w- C:\Windows\SysWOW64\sspicli.dll
2016-03-26 20:05:58 80F95AD6D1B88FD5444015D4EA8FFA6F 7680 ----a-w- C:\Windows\SysWOW64\instnm.exe
2016-03-26 20:05:58 75991ED3804C48A396D6596BEC029D49 2048 ----a-w- C:\Windows\SysWOW64\user.exe
2016-03-26 20:05:58 5D7A25E110E666040C37E16DF634A723 36352 ----a-w- C:\Windows\SysWOW64\cryptbase.dll
2016-03-26 20:05:58 42F930264A6F84D74C30955399619240 25600 ----a-w- C:\Windows\SysWOW64\setup16.exe
2016-03-26 20:05:58 21404A9B0692E19E04EE714F5D5C6C48 171520 ----a-w- C:\Windows\SysWOW64\wdigest.dll
2016-03-26 20:05:58 009045301F508A498F11EAD9D0FAA3FD 65536 ----a-w- C:\Windows\SysWOW64\TSpkg.dll
2016-03-26 20:05:53 E85BED746BBDDCD29AD63F6085E1CE78 299520 ----a-w- C:\Windows\SysWOW64\atmfd.dll
2016-03-26 20:05:53 B1B26BEDCB21B574B3CADCDC3BE9E969 70656 ----a-w- C:\Windows\SysWOW64\fontsub.dll
2016-03-26 20:05:52 BC8EA7CD95A7BA8B468B47BD7D9E55AF 25600 ----a-w- C:\Windows\SysWOW64\lpk.dll
2016-03-26 20:05:52 84E9A8646F19EC99673EC863D0815133 34304 ----a-w- C:\Windows\SysWOW64\atmlib.dll
2016-03-26 20:05:52 0F3A519AC7E43B77EE4EAE50F347C913 10240 ----a-w- C:\Windows\SysWOW64\dciman32.dll
2016-03-26 20:05:51 B05D416F3162D1686914606E9C794997 12128 ----a-w- C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-03-26 20:05:51 3DF1D7DA8C1493A5A00C0474323FEF20 922432 ----a-w- C:\Windows\SysWOW64\ucrtbase.dll
2016-03-26 20:05:50 E5DE5F75FF6739AC9AABBDD4740B22A9 14176 ----a-w- C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-03-26 20:05:50 E37EC711D51AAF9FD8570739ED8A1AC0 12128 ----a-w- C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-03-26 20:05:50 DB9FEFF915F895BE960E9D1D47639324 12640 ----a-w- C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-03-26 20:05:50 D07F2E1FF3CA24A06ADDE429A0130E50 16224 ----a-w- C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-03-26 20:05:50 BCBE1BD34AA5E3E585E8A186ECE49FA0 13664 ----a-w- C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-03-26 20:05:50 924E2F51DE0177D08AABAB725421D70C 22368 ----a-w- C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-03-26 20:05:50 85CF361F1388D42FEEDD3E2516D50CE7 66400 ----a-w- C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-03-26 20:05:50 74126D3BED0E43DE875B66C63C608F42 19808 ----a-w- C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-03-26 20:05:50 5E98B6B1D884AE801EEF41C42A080084 12640 ----a-w- C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-03-26 20:05:50 522226C519CDD233360BF0CE80B0CEBA 15712 ----a-w- C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-03-26 20:05:50 3A2E6016FF209066F3129543660BE0B5 12128 ----a-w- C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-03-26 20:05:50 386C6B538AC4F36737819B79E679132D 12640 ----a-w- C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-03-26 20:05:50 1D96A0D2EF83C6C1176806C02F96384A 17760 ----a-w- C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-03-26 20:05:50 0E9D1BCE1BB8A5E25B505CE7B52CCE74 17760 ----a-w- C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-03-26 20:05:46 E869DDBE1C64BECEA0FF26C2BEE6385C 30208 ----a-w- C:\Windows\SysWOW64\wups.dll
2016-03-26 20:05:46 D432C3E330EC381F18F1D8492FD5A990 93696 ----a-w- C:\Windows\SysWOW64\wudriver.dll
2016-03-26 20:05:46 8C7AF1C5ED43F6A19D14DE7D04CF2D28 573440 ----a-w- C:\Windows\SysWOW64\wuapi.dll
2016-03-26 20:05:46 7F4449BE58F9D9853F010ADEF57C627E 174080 ----a-w- C:\Windows\SysWOW64\wuwebv.dll
2016-03-26 20:05:46 363C311357833FAB98788CADDA82781C 35328 ----a-w- C:\Windows\SysWOW64\wuapp.exe
2016-03-26 20:05:41 FAC2BB786EF0B771633A6CAEEE343CEF 76288 ----a-w- C:\Windows\SysWOW64\mshtmled.dll
2016-03-26 20:05:41 E90B8C7F9667650544ADC778CCD43568 30720 ----a-w- C:\Windows\SysWOW64\iernonce.dll
2016-03-26 20:05:41 C54971134F66CFBDE313D7D74A297AAC 2280448 ----a-w- C:\Windows\SysWOW64\iertutil.dll
2016-03-26 20:05:41 5CCF8CCADD86DEF3F503869E209CB771 47616 ----a-w- C:\Windows\SysWOW64\ieetwproxystub.dll
2016-03-26 20:05:41 52733FEAAF339B76CF7DD82B676A959E 91136 ----a-w- C:\Windows\SysWOW64\inseng.dll
2016-03-26 20:05:40 FB7B95D4A7F5BA563516335CC23FC53C 130048 ----a-w- C:\Windows\SysWOW64\occache.dll
2016-03-26 20:05:40 C99B6E09C23BF1FB1F1B1D02F1E3072F 341200 ----a-w- C:\Windows\SysWOW64\iedkcs32.dll
2016-03-26 20:05:40 C04FE126FE7661A727E2EACA3773BF63 496640 ----a-w- C:\Windows\SysWOW64\vbscript.dll
2016-03-26 20:05:40 98F4BA49FDCC7B72C49264C898D95D29 60416 ----a-w- C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-03-26 20:05:40 94295E6C1D6A458D611491C45DA86325 279040 ----a-w- C:\Windows\SysWOW64\dxtrans.dll
2016-03-26 20:05:40 6D78ABE37BC816FBC67A62A7A1A5C582 1311744 ----a-w- C:\Windows\SysWOW64\urlmon.dll
2016-03-26 20:05:40 3DF6C79B9F93A289D02395642645319C 20352512 ----a-w- C:\Windows\SysWOW64\mshtml.dll
2016-03-26 20:05:40 072926C6A8342EB10FF4DA3BBBE57DB5 687104 ----a-w- C:\Windows\SysWOW64\msfeeds.dll
2016-03-26 20:05:39 9ECBE17BAE1171042910A24800E1A59C 62464 ----a-w- C:\Windows\SysWOW64\iesetup.dll
2016-03-26 20:05:39 0D9E4C237A6B6B78BF237FCA65A1103C 710144 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll
2016-03-26 20:05:39 02B17540AEDFFD935E1FCFF62941FD63 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb
2016-03-26 20:05:38 F513214BA350CF5D0D362A002FE79733 2050560 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl
2016-03-26 20:05:38 F02CF24E59AF96F7F2FFF8C3204F57B8 13012480 ----a-w- C:\Windows\SysWOW64\ieframe.dll
2016-03-26 20:05:38 D7CCF5333B2F75EF0F5ADC85960872B8 620032 ----a-w- C:\Windows\SysWOW64\jscript9diag.dll
2016-03-26 20:05:38 B8106E5CE39EAF8472DB521BB2C62150 663552 ----a-w- C:\Windows\SysWOW64\jscript.dll
2016-03-26 20:05:38 9D41CAE6A55681E9F816BDC80451B916 416256 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll
2016-03-26 20:05:38 77305AE3440CB9A28E76A88AE609C414 47104 ----a-w- C:\Windows\SysWOW64\jsproxy.dll
2016-03-26 20:05:38 4A7149C25E250A2B3E320556D3B28D8F 476160 ----a-w- C:\Windows\SysWOW64\ieui.dll
2016-03-26 20:05:36 F6F1806F34BB8C6C220A259F584A80E1 341504 ----a-w- C:\Windows\SysWOW64\html.iec
2016-03-26 20:05:36 EFB16D89CDDE7648D14E09D765AE52EB 230400 ----a-w- C:\Windows\SysWOW64\webcheck.dll
2016-03-26 20:05:36 EDB9618FF3238EF0FC2734F584B13A33 2121216 ----a-w- C:\Windows\SysWOW64\wininet.dll
2016-03-26 20:05:36 E36BD63A2B9EAC4AE3C5F4F0E0FEA025 168960 ----a-w- C:\Windows\SysWOW64\msrating.dll
2016-03-26 20:05:36 D1A735C183F2AD39CF6FE60E8593B0B2 4611072 ----a-w- C:\Windows\SysWOW64\jscript9.dll
2016-03-26 20:05:36 A795080ED1B03288F90FE7A357B08FA6 64000 ----a-w- C:\Windows\SysWOW64\MshtmlDac.dll
2016-03-26 20:05:36 4F8E44453EDB8083F504DDF679B55034 1155072 ----a-w- C:\Windows\SysWOW64\mshtmlmedia.dll
2016-03-26 20:05:36 2EC93A7E9DEE0D310729490FD39EB1ED 115712 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe
2016-03-26 20:05:26 73B2226CA11907E2AE3427BBF4C09967 296448 ----a-w- C:\Windows\SysWOW64\mfds.dll
2016-03-26 20:05:25 50620D7F4EF26981C76B703C89DFF0FE 67584 ----a-w- C:\Windows\SysWOW64\asycfilt.dll
2016-03-26 20:05:25 4CE464D543C536B2E039524C93413238 572416 ----a-w- C:\Windows\SysWOW64\oleaut32.dll
2016-03-26 20:05:17 0BACC9DB52051142492AA8F09ADAF8B5 11411456 ----a-w- C:\Windows\SysWOW64\wmp.dll
2016-03-26 20:05:16 6535F092A603C6EEED0D923AB05735E1 8192 ----a-w- C:\Windows\SysWOW64\spwmp.dll
2016-03-26 20:05:16 43C68440DD263F5CAEF8C34C12214A4A 12625408 ----a-w- C:\Windows\SysWOW64\wmploc.DLL
2016-03-26 20:05:16 0B24E6A3563BB541F4DCAF48EC9AE152 4096 ----a-w- C:\Windows\SysWOW64\msdxm.ocx
2016-03-26 20:05:16 0B24E6A3563BB541F4DCAF48EC9AE152 4096 ----a-w- C:\Windows\SysWOW64\dxmasf.dll
2016-03-26 19:18:37 53CDBB093B0AEE9FD6CF1CBD25A95077 290304 ----a-w- C:\Windows\SysWOW64\subinacl.exe
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====

skaler2k · 2016/04/03

Part3:
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2016-03-29 17:59:22 0A2F30E87E57A0933BC9D434EF90120E 440592 ----a-w- C:\Windows\Sysnative\FNTCACHE.DAT
2016-03-28 17:32:07 CBE6A51D10DA701BAFF2729EAD1BAC6B 398152 ----a-w- C:\Windows\Sysnative\aswBoot.exe
2016-03-26 21:26:59 2CE2E6C71FD01B1DF8992EE5768A8CAD 22528 ----a-w- C:\Windows\Sysnative\icaapi.dll
2016-03-26 21:26:46 F1FCE953EF04251F17BE828185B9DFA0 419928 ----a-w- C:\Windows\Sysnative\locale.nls
2016-03-26 21:26:44 E77440D732DA943BA77C38BD9C8FF75D 7168 ----a-w- C:\Windows\Sysnative\kbdgeoqw.dll
2016-03-26 21:26:44 CD33834D9CADE5847806EF981888811C 69120 ----a-w- C:\Windows\Sysnative\nlsbres.dll
2016-03-26 21:26:44 8A4415ED740AA7303FDC98853F7DF6C2 7168 ----a-w- C:\Windows\Sysnative\KBDAZEL.DLL
2016-03-26 21:26:44 307C6A4E1A08B232E6E6A1A0839C5616 7168 ----a-w- C:\Windows\Sysnative\KBDAZE.DLL
2016-03-26 21:25:42 D99F8968C0C5CAD46A6B93A1FA6738B2 109568 ----a-w- C:\Windows\Sysnative\fveapibase.dll
2016-03-26 21:25:42 D1035B8EFC83165612F7AAB1816A81B4 451080 ----a-w- C:\Windows\Sysnative\fveapi.dll
2016-03-26 21:25:42 8F39E301AD8B219DADF83BD7DBE9842E 20480 ----a-w- C:\Windows\Sysnative\tbs.dll
2016-03-26 20:14:01 5614386D4CFDF9E56F355C45BEEBC976 12872 ----a-w- C:\Windows\Sysnative\bootdelete.exe
2016-03-26 20:06:03 F4401BE752919B5EE271A9B355F5710A 5572032 ----a-w- C:\Windows\Sysnative\ntoskrnl.exe
2016-03-26 20:06:03 9C3035A9AA1986DAA9A7A233724BA71B 1733592 ----a-w- C:\Windows\Sysnative\ntdll.dll
2016-03-26 20:06:02 EFF15466D1D6C61E92CB129B00D5D24E 1461248 ----a-w- C:\Windows\Sysnative\lsasrv.dll
2016-03-26 20:06:02 9A16001E1924D9EAAC3CA359A516EEE7 1214464 ----a-w- C:\Windows\Sysnative\rpcrt4.dll
2016-03-26 20:06:00 F3CF4E9A48E3CE7011A8FF2E188D8208 344064 ----a-w- C:\Windows\Sysnative\schannel.dll
2016-03-26 20:06:00 89AB9AECC8906A1379701B43D25205D8 730112 ----a-w- C:\Windows\Sysnative\kerberos.dll
2016-03-26 20:05:59 DE8B9B1788ACCA1020CEEA8AA13B5A9E 686080 ----a-w- C:\Windows\Sysnative\adtschema.dll
2016-03-26 20:05:59 DE4812AB2E6926D0FF2423F3B774585A 215040 ----a-w- C:\Windows\Sysnative\winsrv.dll
2016-03-26 20:05:59 A78AC1497CCFF3966F50F164C33B18C4 422400 ----a-w- C:\Windows\Sysnative\KernelBase.dll
2016-03-26 20:05:59 A1CD166DE0901E9199766A2B5A57B90F 312320 ----a-w- C:\Windows\Sysnative\ncrypt.dll
2016-03-26 20:05:59 9C3B66C746C71DCACD54841B7EAF3F3B 315392 ----a-w- C:\Windows\Sysnative\msv1_0.dll
2016-03-26 20:05:59 78F5915B2B03E7391B4282E20338D29A 243712 ----a-w- C:\Windows\Sysnative\wow64.dll
2016-03-26 20:05:59 4E3E2F8EA0920FC793634479866C5198 1163264 ----a-w- C:\Windows\Sysnative\kernel32.dll
2016-03-26 20:05:59 0F72703FE77940E14E3E7522BFCB5A6A 362496 ----a-w- C:\Windows\Sysnative\wow64win.dll
2016-03-26 20:05:59 02886B176A15FFAC7DFED97E59A7B227 880128 ----a-w- C:\Windows\Sysnative\advapi32.dll
2016-03-26 20:05:58 F9E31A4B00A333EEC05A90EDCE4AC12A 6656 ----a-w- C:\Windows\Sysnative\apisetschema.dll
2016-03-26 20:05:58 EF6DF5EF674A3588D5BFB22A38426C95 503808 ----a-w- C:\Windows\Sysnative\srcore.dll
2016-03-26 20:05:58 E7D004C3EC24A3C2AD6FAF1855F29DC9 43520 ----a-w- C:\Windows\Sysnative\cryptbase.dll
2016-03-26 20:05:58 E4315DDCF53CE9D123268BD2219B2423 86528 ----a-w- C:\Windows\Sysnative\TSpkg.dll
2016-03-26 20:05:58 E1E91CE6D3D6109561683844535E4178 28672 ----a-w- C:\Windows\Sysnative\sspisrv.dll
2016-03-26 20:05:58 BAB3E8C0C2CFC7A9DC6A52615BC6064E 112640 ----a-w- C:\Windows\Sysnative\smss.exe
2016-03-26 20:05:58 AE92D51D6DF58C9D3C996ECC9262CBC9 210432 ----a-w- C:\Windows\Sysnative\wdigest.dll
2016-03-26 20:05:58 ABE221DB1510A1878399C0692D64A0BF 13312 ----a-w- C:\Windows\Sysnative\wow64cpu.dll
2016-03-26 20:05:58 A98E4419A0116848D449ECB1C308A5E3 60416 ----a-w- C:\Windows\Sysnative\msobjs.dll
2016-03-26 20:05:58 94C5B49D3E89CE9E02A6D6133A4F4321 338432 ----a-w- C:\Windows\Sysnative\conhost.exe
2016-03-26 20:05:58 7FB33A9A2E6B6D5CA9318668B95CA69C 30720 ----a-w- C:\Windows\Sysnative\lsass.exe
2016-03-26 20:05:58 7631804095CEB86A925DBE5102A27AFC 50176 ----a-w- C:\Windows\Sysnative\srclient.dll
2016-03-26 20:05:58 6AB9573BB3939ACF8D78552E03F85292 28160 ----a-w- C:\Windows\Sysnative\secur32.dll
2016-03-26 20:05:58 3A3F7FD8FC36207D4261E1AA5BE2131F 43520 ----a-w- C:\Windows\Sysnative\csrsrv.dll
2016-03-26 20:05:58 3381B6E84547D54E8DB78A0899AA2FE0 135680 ----a-w- C:\Windows\Sysnative\sspicli.dll
2016-03-26 20:05:58 1FA2CA8150B17250935A862913CC26B1 16384 ----a-w- C:\Windows\Sysnative\ntvdm64.dll
2016-03-26 20:05:58 1F7C02AC2950F0472B5C5FC368A52300 296960 ----a-w- C:\Windows\Sysnative\rstrui.exe
2016-03-26 20:05:58 100D0A458DFC159E1FF274EA406BBEB2 146432 ----a-w- C:\Windows\Sysnative\msaudite.dll
2016-03-26 20:05:58 0B3256BA5B4D06C46773B0D22A8E4643 22016 ----a-w- C:\Windows\Sysnative\credssp.dll
2016-03-26 20:05:58 006E72FB24C9FF96DC30CB83964A5498 64000 ----a-w- C:\Windows\Sysnative\auditpol.exe
2016-03-26 20:05:53 C969B7F33F3C47103D302AC086A54483 14336 ----a-w- C:\Windows\Sysnative\dciman32.dll
2016-03-26 20:05:53 C8B4E3DBD1D0A6E5819AA8F546945504 41472 ----a-w- C:\Windows\Sysnative\lpk.dll
2016-03-26 20:05:53 8203AC96912496988983FF7D527D8390 46080 ----a-w- C:\Windows\Sysnative\atmlib.dll
2016-03-26 20:05:53 39092B766B0C28E9C7C4F1B2D5A89B3A 372736 ----a-w- C:\Windows\Sysnative\atmfd.dll
2016-03-26 20:05:53 1CEF42611A2449A85C74429B81EA0809 100864 ----a-w- C:\Windows\Sysnative\fontsub.dll
2016-03-26 20:05:52 05FD1920E7D9965F33DBBBEE58387B24 3211264 ----a-w- C:\Windows\Sysnative\win32k.sys
2016-03-26 20:05:51 62ED9DA33AFE5624A08D9427527536FE 12128 ----a-w- C:\Windows\Sysnative\api-ms-win-crt-locale-l1-1-0.dll
2016-03-26 20:05:51 1EB17F650462EEA820F4CD727D2D3AB1 994760 ----a-w- C:\Windows\Sysnative\ucrtbase.dll
2016-03-26 20:05:50 EBA98AF7BA9FC4696BFD3F03D43CE07B 13664 ----a-w- C:\Windows\Sysnative\api-ms-win-crt-filesystem-l1-1-0.dll
2016-03-26 20:05:50 E9C7DF2BC9C5157F2195737948DBFA0B 19808 ----a-w- C:\Windows\Sysnative\api-ms-win-crt-multibyte-l1-1-0.dll
2016-03-26 20:05:50 D8F7A8440C5B23A587D981E7B9A4892C 15712 ----a-w- C:\Windows\Sysnative\api-ms-win-crt-convert-l1-1-0.dll
2016-03-26 20:05:50 CB20CCF93E34CC08AB4B58A344E76DD1 14176 ----a-w- C:\Windows\Sysnative\api-ms-win-crt-time-l1-1-0.dll
2016-03-26 20:05:50 CAB18EAC01B9FCF6A0CA74E95FADB8B7 20832 ----a-w- C:\Windows\Sysnative\api-ms-win-crt-math-l1-1-0.dll
2016-03-26 20:05:50 C2F694722F8D98990B218ECAB729B0FE 12640 ----a-w- C:\Windows\Sysnative\api-ms-win-crt-heap-l1-1-0.dll
2016-03-26 20:05:50 A98EC7EDB339CD967E5CBD5EEC174CEB 12640 ----a-w- C:\Windows\Sysnative\api-ms-win-crt-conio-l1-1-0.dll
2016-03-26 20:05:50 A4FA9CA07855A7F237D1908E62B5B1C7 12640 ----a-w- C:\Windows\Sysnative\api-ms-win-crt-process-l1-1-0.dll
2016-03-26 20:05:50 92375150AD3F19431B49793DC7111962 63840 ----a-w- C:\Windows\Sysnative\api-ms-win-crt-private-l1-1-0.dll
2016-03-26 20:05:50 6A2C655BC6B7E2EDFC98B632B521697D 17760 ----a-w- C:\Windows\Sysnative\api-ms-win-crt-string-l1-1-0.dll
2016-03-26 20:05:50 4CDCE034568C1177325799A60F987F27 16224 ----a-w- C:\Windows\Sysnative\api-ms-win-crt-runtime-l1-1-0.dll
2016-03-26 20:05:50 1EA4F3D5312C15A64904A6E9E457612D 12128 ----a-w- C:\Windows\Sysnative\api-ms-win-crt-utility-l1-1-0.dll
2016-03-26 20:05:50 0753722E5BD0AF130C1B465F2981477C 12128 ----a-w- C:\Windows\Sysnative\api-ms-win-crt-environment-l1-1-0.dll
2016-03-26 20:05:50 020E0DCC82A7C5AFDEE3FBA57C5F30D3 17760 ----a-w- C:\Windows\Sysnative\api-ms-win-crt-stdio-l1-1-0.dll
2016-03-26 20:05:46 F50C6862DB860F91051625800F61F71E 12288 ----a-w- C:\Windows\Sysnative\wu.upgrade.ps.dll
2016-03-26 20:05:46 F0D39C0EB4DEED96714499518156BC6C 3169792 ----a-w- C:\Windows\Sysnative\wucltux.dll
2016-03-26 20:05:46 F09D8A5175BDD9533F7F900CAD213C91 37888 ----a-w- C:\Windows\Sysnative\wuapp.exe
2016-03-26 20:05:46 D7DBB0C85B065CAFD6C5C888220A31E1 37888 ----a-w- C:\Windows\Sysnative\wups2.dll
2016-03-26 20:05:46 7BD7019E51A13D5CFAFAE8A68C416C64 36864 ----a-w- C:\Windows\Sysnative\wups.dll
2016-03-26 20:05:46 70A3693BE74AE57DEA201DAD89A6B703 192512 ----a-w- C:\Windows\Sysnative\wuwebv.dll
2016-03-26 20:05:46 6B6050BC5BE9F4ADF7766BCBD34B5F6C 98816 ----a-w- C:\Windows\Sysnative\wudriver.dll
2016-03-26 20:05:46 3DC8EC659B29A47D0DD05A454F4C9FF8 709120 ----a-w- C:\Windows\Sysnative\wuapi.dll
2016-03-26 20:05:46 37795555D27002BF1A59135B60268690 91136 ----a-w- C:\Windows\Sysnative\WinSetupUI.dll
2016-03-26 20:05:46 1F0038F5B57D5BDA7C1368EA240B4D57 140288 ----a-w- C:\Windows\Sysnative\wuauclt.exe
2016-03-26 20:05:45 86F11B85102AFA6A1A6101DCE2F09386 2610688 ----a-w- C:\Windows\Sysnative\wuaueng.dll
2016-03-26 20:05:41 73368D36DEF5EBBB199B3585D375DE2D 114688 ----a-w- C:\Windows\Sysnative\ieetwcollector.exe
2016-03-26 20:05:41 530EDBCCA18717998332B45F5E71F01B 2887680 ----a-w- C:\Windows\Sysnative\iertutil.dll
2016-03-26 20:05:41 143B716CCA1E11CC326D3ACEA323D2D0 34304 ----a-w- C:\Windows\Sysnative\iernonce.dll
2016-03-26 20:05:41 06B2FF74CA284C00692D8AC1AC79045E 48640 ----a-w- C:\Windows\Sysnative\ieetwproxystub.dll
2016-03-26 20:05:40 F6B1086C15175B9749A8D856ACA5FE9C 107520 ----a-w- C:\Windows\Sysnative\inseng.dll
2016-03-26 20:05:40 AC21A5E51B9EFBD13E87BF861653E18B 77824 ----a-w- C:\Windows\Sysnative\JavaScriptCollectionAgent.dll
2016-03-26 20:05:40 9E4DB338EFBF08913171B7C83E8B412F 718336 ----a-w- C:\Windows\Sysnative\ie4uinit.exe
2016-03-26 20:05:40 5ED817DF292B92A8090A9D8201549A93 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb
2016-03-26 20:05:39 B3A8B66922B6B97A09F02C8AA5C32F64 152064 ----a-w- C:\Windows\Sysnative\occache.dll
2016-03-26 20:05:38 FB56458B902E3B7F4D09A493FC8CBFFE 1546752 ----a-w- C:\Windows\Sysnative\urlmon.dll
2016-03-26 20:05:38 D43EEF5FD3A6F51FA7F253CB98C9B351 315392 ----a-w- C:\Windows\Sysnative\dxtrans.dll
2016-03-26 20:05:38 81A506305EA2DBA0E0EE33332B642143 968704 ----a-w- C:\Windows\Sysnative\MsSpellCheckingFacility.exe
2016-03-26 20:05:38 548929D367CEC5FFCF9884D41B101B6B 387792 ----a-w- C:\Windows\Sysnative\iedkcs32.dll
2016-03-26 20:05:38 128A43A30C77B8E610ECE3E0D37D8793 4096 ----a-w- C:\Windows\Sysnative\ieetwcollectorres.dll
2016-03-26 20:05:38 0326E57CEEE24A37F39FB43F0F8E7B29 798720 ----a-w- C:\Windows\Sysnative\msfeeds.dll
2016-03-26 20:05:37 59F1834740128C82558092CC774D35F9 800768 ----a-w- C:\Windows\Sysnative\ieapfltr.dll
2016-03-26 20:05:37 41E59B7B8DAFFC5C9BE91B1158E3894B 66560 ----a-w- C:\Windows\Sysnative\iesetup.dll
2016-03-26 20:05:36 A66C23356E24B52B0C877B5147E5005F 571904 ----a-w- C:\Windows\Sysnative\vbscript.dll
2016-03-26 20:05:36 3E116772A7B17F05C6F26EA613949D98 2123264 ----a-w- C:\Windows\Sysnative\inetcpl.cpl
2016-03-26 20:05:36 0933A68F09692D19FC1EC6BC6A2C629F 54784 ----a-w- C:\Windows\Sysnative\jsproxy.dll
2016-03-26 20:05:35 9E0DE6FE9C1790571AE3915DFB4FAB95 615936 ----a-w- C:\Windows\Sysnative\ieui.dll
2016-03-26 20:05:35 820B76DCF5708DD4DB5784C01F9254B4 489984 ----a-w- C:\Windows\Sysnative\dxtmsft.dll
2016-03-26 20:05:35 3DA511916E94D4B75D173E4CD8B7DA51 14613504 ----a-w- C:\Windows\Sysnative\ieframe.dll
2016-03-26 20:05:34 93D65A0011C3DC4F7422624068A6A4FC 1359360 ----a-w- C:\Windows\Sysnative\mshtmlmedia.dll
2016-03-26 20:05:34 89176EBC1F9E152BF444B114AB802D2A 262144 ----a-w- C:\Windows\Sysnative\webcheck.dll
2016-03-26 20:05:34 883F1ED2E13465CD71CA97707ABD3694 144384 ----a-w- C:\Windows\Sysnative\ieUnatt.exe
2016-03-26 20:05:34 85C65082595511D7153C18D3F422E632 92160 ----a-w- C:\Windows\Sysnative\mshtmled.dll
2016-03-26 20:05:34 612B73825E88F6CF137D29A44495BD82 817664 ----a-w- C:\Windows\Sysnative\jscript.dll
2016-03-26 20:05:34 51389B3929CDAE54DE7516ACBC4BE062 814080 ----a-w- C:\Windows\Sysnative\jscript9diag.dll
2016-03-26 20:05:34 26DCAEEFB541175137FCE9406E2AF2B0 6052352 ----a-w- C:\Windows\Sysnative\jscript9.dll
2016-03-26 20:05:33 D46791D9D1F7D2D5DE0A58F7BD35F75B 88064 ----a-w- C:\Windows\Sysnative\MshtmlDac.dll
2016-03-26 20:05:33 C15649DEABA6B45562009663673E23D1 2597376 ----a-w- C:\Windows\Sysnative\wininet.dll
2016-03-26 20:05:33 59571CCC6E1820D43E233BC7D0877B7A 199680 ----a-w- C:\Windows\Sysnative\msrating.dll
2016-03-26 20:05:33 30E0B077DC484292B999C11D77A065F3 417792 ----a-w- C:\Windows\Sysnative\html.iec
2016-03-26 20:05:32 8F84D4D9632C0B95D16C1BB5D74C793B 25816576 ----a-w- C:\Windows\Sysnative\mshtml.dll
2016-03-26 20:05:26 C63EFDE6CA3BA3FEFA4943DDF2051D4B 381440 ----a-w- C:\Windows\Sysnative\mfds.dll
2016-03-26 20:05:25 FE323BDBE00DB71740D5C3A47359B823 76800 ----a-w- C:\Windows\Sysnative\acmigration.dll
2016-03-26 20:05:25 F809935C814853C159F97F5809A8A278 1373184 ----a-w- C:\Windows\Sysnative\appraiser.dll
2016-03-26 20:05:25 B429BEF73402E8D2B2731ECA08D6195F 862208 ----a-w- C:\Windows\Sysnative\oleaut32.dll
2016-03-26 20:05:25 89333E9BCD30DF68821C8DB1D8534971 1168896 ----a-w- C:\Windows\Sysnative\aeinv.dll
2016-03-26 20:05:25 86A6D548E36B0F77138388E3395A04A8 84992 ----a-w- C:\Windows\Sysnative\asycfilt.dll
2016-03-26 20:05:25 84E7911058EC06ACDF1E79EC14F13200 38336 ----a-w- C:\Windows\Sysnative\CompatTelRunner.exe
2016-03-26 20:05:25 6639BE7D8BFD124CBC51D5E3668D695D 499200 ----a-w- C:\Windows\Sysnative\devinv.dll
2016-03-26 20:05:25 63ABD1E5E37D096A54A383CB5F12D1A7 689152 ----a-w- C:\Windows\Sysnative\generaltel.dll
2016-03-26 20:05:25 4A4C972237F6F087021AA0F43CD9B41D 696832 ----a-w- C:\Windows\Sysnative\invagent.dll
2016-03-26 20:05:24 A19623BDD61E66A12AB53992002B4F3A 30720 ----a-w- C:\Windows\Sysnative\seclogon.dll
2016-03-26 20:05:17 4EA9F4738CE519E3D8C31A41AE2DE822 14634496 ----a-w- C:\Windows\Sysnative\wmp.dll
2016-03-26 20:05:16 E6F065C2A34AE8768E355D23A2BE5A63 12625920 ----a-w- C:\Windows\Sysnative\wmploc.DLL
2016-03-26 20:05:16 D341F4F570658CDBB660FC3A1D5F762D 5120 ----a-w- C:\Windows\Sysnative\msdxm.ocx
2016-03-26 20:05:16 D341F4F570658CDBB660FC3A1D5F762D 5120 ----a-w- C:\Windows\Sysnative\dxmasf.dll
2016-03-26 20:05:16 8ABE421AE8A49EA9EAF8E7BC455F138B 9728 ----a-w- C:\Windows\Sysnative\spwmp.dll
====== C:\Windows\Sysnative\drivers =====
2016-03-28 23:17:04 AECE9E699CAC76DC993BB988652B5AD8 37144 ----a-w- C:\Windows\Sysnative\drivers\aswKbd.sys
2016-03-28 17:31:03 9949BBD5BB70C4D317B7549896132579 287016 ----a-w- C:\Windows\Sysnative\drivers\aswVmm.sys
2016-03-28 17:31:02 43F46E7D103F46EC345B1056BDD2A60B 463744 ----a-w- C:\Windows\Sysnative\drivers\aswSP.sys
2016-03-28 17:31:00 1459AAD5C6A66A458C2D57EE6E080FA5 107792 ----a-w- C:\Windows\Sysnative\drivers\aswMonFlt.sys
2016-03-28 17:31:00 0AA12ADF5F87B4A70BDBAED77F54B978 74544 ----a-w- C:\Windows\Sysnative\drivers\aswRvrt.sys
2016-03-28 17:30:59 7E66DFE6B62C6C34FD6B09DB6169E9F6 37656 ----a-w- C:\Windows\Sysnative\drivers\aswHwid.sys
2016-03-28 17:30:56 719B704109B933D819093CDDB156A7F1 1070904 ----a-w- C:\Windows\Sysnative\drivers\aswSnx.sys
2016-03-26 21:29:39 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\Windows\Sysnative\drivers\Msft_Kernel_SynTP_01009.Wdf
2016-03-26 21:27:04 616387BBD83372220B09DE95F4E67BBC 73664 ----a-w- C:\Windows\Sysnative\drivers\disk.sys
2016-03-26 21:26:59 19BEDA57F3E0A06B8D5EB6D619BD5624 39936 ----a-w- C:\Windows\Sysnative\drivers\tssecsrv.sys
2016-03-26 20:05:59 CC1B3B52F33CBC1CE60867DA4E23537C 154560 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys
2016-03-26 20:05:59 8D383CED28332B5F3894658857472F47 129024 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb20.sys
2016-03-26 20:05:59 8856E45D23BFF4D977BF06D0543BCD96 290816 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb10.sys
2016-03-26 20:05:59 07F8F6B0CAEC7ADD30EBD94940A315D7 159232 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb.sys
2016-03-26 20:05:58 211A379BAAB812A7B437319BD85B2435 95680 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys
2016-03-26 20:05:44 47B2D0B31BDC3EBE6090228E2BA3764D 1684416 ----a-w- C:\Windows\Sysnative\drivers\ntfs.sys
2016-03-26 20:05:20 D029DD09E22EB24318A8FC3D8138BA43 91648 ----a-w- C:\Windows\Sysnative\drivers\USBSTOR.SYS
====== C:\Windows\Tasks ======
2016-03-28 23:17:16 357DF27135669973163651A69B472333 3048 ----a-w- C:\Windows\Sysnative\Tasks\SafeZone scheduled Autoupdate 1459207036
2016-03-28 17:31:14 3B9A6AF08C13F1B108F7D1E202B9D47E 3924 ----a-w- C:\Windows\Sysnative\Tasks\avast! Emergency Update
2016-03-28 12:37:19 C16730EA0E2E25D919666629A923A38E 426 ----a-w- C:\Windows\Tasks\Wise Turbo Checker.job
2016-03-28 12:37:19 BBBF892EAB503894893C689FAB2836C9 3092 ----a-w- C:\Windows\Sysnative\Tasks\Wise Turbo Checker
2016-03-28 12:37:18 B59F67D9EA3C22BFA409F2D3B142CC90 2822 ----a-w- C:\Windows\Sysnative\Tasks\Wise Care 365
2016-03-28 12:37:18 88031F3CF9584687A4E9DE175639DFDF 398 ----a-w- C:\Windows\Tasks\Wise Care 365.job
====== C:\Windows\Temp ======
======= C:\Program Files =====

skaler2k · 2016/04/03

Part4:
====== C:\Windows\Temp ======
======= C:\Program Files =====
2016-03-29 18:09:53 -------- d-----w- C:\Program Files\Microsoft Office
2016-03-27 01:31:00 -------- d-----w- C:\Program Files\Synaptics
2016-03-27 00:09:15 -------- d-----w- C:\Program Files\CPUID
======= C:\PROGRA~2 =====
2016-03-29 18:18:36 -------- d-----w- C:\PROGRA~2\Foxit Software
2016-03-29 18:12:01 -------- d-----w- C:\PROGRA~2\Microsoft Works
2016-03-29 18:11:48 -------- d-----w- C:\PROGRA~2\Microsoft Visual Studio
2016-03-29 18:11:48 -------- d-----w- C:\PROGRA~2\COMMON~1\DESIGNER
2016-03-29 18:09:09 -------- d-----w- C:\PROGRA~2\Microsoft Office
2016-03-27 00:40:48 -------- d-----w- C:\PROGRA~2\CyberLink
======= C: =====
2016-03-03 23:23:10 B4E28E2F40B28CDA929787D638ADD421 10690 ----a-w- C:\WirelessDiagLog.csv
====== C:\Users\Onyx\AppData\Roaming ======
2016-04-02 15:15:38 -------- d-----w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp
2016-04-02 15:15:38 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp
2016-04-02 15:15:38 -------- d-----w- C:\Users\Owner\AppData\Local\Temp
2016-04-02 15:15:35 -------- d-----w- C:\Users\Onyx\AppData\Local\Temp
2016-04-02 15:15:35 -------- d-----w- C:\Users\Default\AppData\Local\Temp
2016-04-02 15:15:35 -------- d-----w- C:\Users\Default User\AppData\Local\Temp
2016-03-29 18:18:52 -------- d-----w- C:\Users\Onyx\AppData\Roaming\Foxit Software
2016-03-29 18:18:44 -------- d-----w- C:\Users\Onyx\AppData\Roaming\Foxit AgentInformation
2016-03-29 14:26:08 -------- d-----w- C:\Users\Onyx\AppData\Local\Microsoft Help
2016-03-29 14:17:07 31A4E4B736AC44E4EEC552C8F1489F4E 113056 ----a-w- C:\Users\Onyx\AppData\Local\GDIPFONTCACHEV1.DAT
2016-03-27 00:27:52 -------- d-----w- C:\Users\Onyx\AppData\Local\Aurora Software
2016-03-26 23:37:12 407AAB8C27CF7081EECE071C90A65B83 17 ----a-w- C:\Users\Onyx\AppData\Local\resmon.resmoncfg
2016-03-26 21:38:37 -------- d-----w- C:\Users\Onyx\AppData\Roaming\Synaptics
2016-03-26 20:30:43 -------- d-----w- C:\Users\Onyx\AppData\Roaming\ZHP
2016-03-22 14:56:21 -------- d-----w- C:\Users\Onyx\AppData\Roaming\dvdcss
2016-03-21 21:55:09 -------- d-----w- C:\Users\Onyx\AppData\Roaming\WebApp
====== C:\Users\Onyx ======
2016-04-02 16:56:04 3180FDF6302FB1BF2DD3DE38544C99B7 696320 ----a-w- C:\Users\Onyx\Downloads\TCPOptimizer.exe
2016-03-29 18:18:49 -------- d-----w- C:\Users\Public\Foxit Software
2016-03-29 18:18:44 -------- d-----w- C:\ProgramData\Foxit ContentPlatform
2016-03-29 18:14:58 E142D2AD7549CF499439BC71E6FBFDDD 42900584 ----a-w- C:\Users\Onyx\Downloads\FoxitReader734_enu_Setup_clean.exe
2016-03-29 18:12:59 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2016-03-29 14:26:07 -------- d-----w- C:\ProgramData\Microsoft Help
2016-03-28 17:31:35 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\.oracle_jre_usage
2016-03-28 17:28:12 BF77838A15AE4E72D3438A0693B629E9 5066104 ----a-w- C:\Users\Onyx\Downloads\avast_free_antivirus_setup_online_cnet1.exe
2016-03-27 01:33:50 -------- d-----w- C:\ProgramData\Synaptics
2016-03-27 00:41:44 -------- d-----r- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
2016-03-27 00:36:20 B1CBFE733063C8FE2E758CB9F472E0FA 146374480 ----a-w- C:\Users\Onyx\Downloads\sp54746 (1).exe
2016-03-27 00:25:44 ED4C80E44F03E5F41B9816EE527A2AEC 34548517 ----a-w- C:\Users\Onyx\Downloads\Aurora_Bluray_Media_Player.exe
2016-03-27 00:09:15 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2016-03-27 00:08:47 B923DAEA16238E13007FDC1CB20E6128 1665568 ----a-w- C:\Users\Onyx\Downloads\cpu-z_1.75-en.exe
2016-03-26 20:30:30 39F5F2C9ED5C96B82D344488633BA109 2099200 ----a-w- C:\Users\Onyx\Downloads\ZHPCleaner.exe
2016-03-26 20:05:40 -------- d-----w- C:\ProgramData\HitmanPro
2016-03-26 20:05:18 E5F94A882F851044354B70ABA84C9A5E 11441744 ----a-w- C:\Users\Onyx\Downloads\HitmanPro_x64.exe
2016-03-26 19:11:27 E91D834A4B986A8B665BF1AE78B7F4A7 1610352 ----a-w- C:\Users\Onyx\Downloads\JRT.exe
2016-03-26 19:02:38 086799C07332F3E3C1D29D7B7D6FD114 1530368 ----a-w- C:\Users\Onyx\Downloads\AdwCleaner.exe
2016-03-26 18:54:52 F794E988B53804105BF915ABDAFAFCD7 891392 ----a-w- C:\Users\Onyx\Downloads\MiniToolBox.exe
2016-03-25 14:28:59 D9DE89F0FAF18019BC9595F0F47BCA61 50688 ----a-w- C:\Users\Onyx\Downloads\ATF-Cleaner.exe
2016-03-24 22:05:48 -------- d-----w- C:\ProgramData\install_clap
2016-03-21 20:07:36 -------- d-----r- C:\Users\Onyx\OneDrive

====== C: exe-files ==
2016-04-02 19:31:30 A6FFF61F0A9CBB8F8A19C1DE945F7CB4 36928 ----a-w- C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\ActiveCheck\product_line\Detect_InWarrantyCarePack_AU.exe
2016-04-02 19:31:30 833C72B62DCEFAFF2B35E4E00D636A7D 35904 ----a-w- C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\ActiveCheck\product_line\Detect_HPSmartFriend_v2.exe
2016-04-02 19:31:30 1482E36623D37EAB7007668142D75876 37768 ----a-w- C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\ActiveCheck\product_line\Detect_InstantInk.exe
2016-04-02 16:56:04 3180FDF6302FB1BF2DD3DE38544C99B7 696320 ----a-w- C:\Users\Onyx\Downloads\TCPOptimizer.exe
2016-03-31 21:05:49 C2723D94AC5F6025B78CCFA46284F50D 45010336 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\49.0.2623.110\49.0.2623.110_chrome_installer.exe
2016-03-31 01:14:08 ACDDDCD662CF23936178DCDCE4473D18 3225688 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\49.0.2623.110\49.0.2623.110_49.0.2623.87_chrome_updater.exe
2016-03-29 18:18:57 87D8DAFF16C1226B2F26E17076FD78BD 5144256 ----a-w- C:\Users\Onyx\AppData\Roaming\Foxit Software\Addon\Foxit Reader\FoxitReaderUpdater.exe
2016-03-29 18:18:41 E8F8E4E48C121D7F6119DF469A934BB2 93376 ----a-w- C:\Program Files (x86)\Foxit Software\Foxit Reader\Shell Extensions\FoxitPrevhost.exe
2016-03-29 18:18:41 DEEAF252494C6D01B2FF9BF4B6102ECC 2375872 ----a-w- C:\Program Files (x86)\Foxit Software\Foxit Reader\SendCrashReport.exe
2016-03-29 18:18:40 87D8DAFF16C1226B2F26E17076FD78BD 5144256 ----a-w- C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitUpdater.exe
2016-03-29 18:18:38 225D4A394781A78C3178B17D762EBF03 4511424 ----a-w- C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\Creator\FXC_ProxyProcess.exe
2016-03-29 18:18:38 1A4E9E45D6E5F399598AB055B9CC241B 47720640 ----a-w- C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReader.exe
2016-03-29 18:18:37 304BA689A4FBE4C85C3E3608C53EB818 2004160 ----a-w- C:\Program Files (x86)\Foxit Software\Foxit Reader\UninstallPrint.exe
2016-03-29 18:18:36 EBE673E24A4D29F58F0BA64987CE7448 1482432 ----a-w- C:\Program Files (x86)\Foxit Software\Foxit Reader\unins000.exe
2016-03-29 18:18:36 A7ECFD37B868E01570268DE99C35AB9C 384704 ----a-w- C:\Program Files (x86)\Foxit Software\Foxit Reader\64BitMailAgent.exe
2016-03-29 18:18:36 A653EBCDB3A154D42DA4A08D4123B31F 2462400 ----a-w- C:\Program Files (x86)\Foxit Software\Foxit Reader\TrackReview.exe
2016-03-29 18:14:58 E142D2AD7549CF499439BC71E6FBFDDD 42900584 ----a-w- C:\Users\Onyx\Downloads\FoxitReader734_enu_Setup_clean.exe
2016-03-28 17:32:29 F6E7FEECE69272AECCDB3969F2869EA9 5033816 ----a-w- C:\Program Files (x86)\Google\Update\Download\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}\0.0.0.0\googletoolbarinstaller_en_signed.exe
2016-03-28 17:32:07 CBE6A51D10DA701BAFF2729EAD1BAC6B 398152 ----a-w- C:\Windows\System32\aswBoot.exe
2016-03-28 17:28:12 BF77838A15AE4E72D3438A0693B629E9 5066104 ----a-w- C:\Users\Onyx\Downloads\avast_free_antivirus_setup_online_cnet1.exe
2016-03-27 00:41:45 F960B7ABD5F4A975AA0F9018A1DB4339 75048 ------w- C:\Program Files (x86)\CyberLink\Shared files\brs.exe
2016-03-27 00:41:35 9E4A7FEDB695FC9D1846503F5D88D125 316696 ------w- C:\ProgramData\Temp\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\Setup.exe
2016-03-27 00:36:20 B1CBFE733063C8FE2E758CB9F472E0FA 146374480 ----a-w- C:\Users\Onyx\Downloads\sp54746 (1).exe
2016-03-27 00:25:44 ED4C80E44F03E5F41B9816EE527A2AEC 34548517 ----a-w- C:\Users\Onyx\Downloads\Aurora_Bluray_Media_Player.exe
2016-03-27 00:09:15 B1989CE1482971E430CCFDC9A956BFC0 3370040 ----a-w- C:\Program Files\CPUID\CPU-Z\cpuz.exe
2016-03-27 00:09:15 8C2A7808C334D988B38A39A90DEF9031 719521 ----a-w- C:\Program Files\CPUID\CPU-Z\unins000.exe
2016-03-27 00:08:47 B923DAEA16238E13007FDC1CB20E6128 1665568 ----a-w- C:\Users\Onyx\Downloads\cpu-z_1.75-en.exe
=== C: other files ==
2016-04-02 16:48:39 F46E92DE5CEF3BB5892CACD0B43351DA 615478 ----a-w- C:\Users\Onyx\Downloads\Autoruns.zip
2016-03-29 18:19:16 C4CF19D455D85E177203EE6596B5850C 74712 ----a-w- C:\Users\Public\Foxit Software\Foxit Reader\StartPage 7.3.4\Advertisement\ad.zip
2016-03-28 23:17:04 AECE9E699CAC76DC993BB988652B5AD8 37144 ----a-w- C:\Windows\System32\drivers\aswKbd.sys
2016-03-28 17:31:03 9949BBD5BB70C4D317B7549896132579 287016 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2016-03-28 17:31:02 43F46E7D103F46EC345B1056BDD2A60B 463744 ----a-w- C:\Windows\System32\drivers\aswSP.sys
2016-03-28 17:31:00 1459AAD5C6A66A458C2D57EE6E080FA5 107792 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2016-03-28 17:31:00 0AA12ADF5F87B4A70BDBAED77F54B978 74544 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2016-03-28 17:30:59 7E66DFE6B62C6C34FD6B09DB6169E9F6 37656 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2016-03-28 17:30:56 719B704109B933D819093CDDB156A7F1 1070904 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2016-03-26 21:27:04 616387BBD83372220B09DE95F4E67BBC 73664 ----a-w- C:\Windows\System32\drivers\disk.sys
2016-03-26 21:26:59 19BEDA57F3E0A06B8D5EB6D619BD5624 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys

==== Orphaned Tasks deleted from Registry ======================

avast Emergency Update deleted

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar "= "%ProgramFiles%\Windows\Sidebar.exe /autoRun "

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar "= "%ProgramFiles%\Windows\Sidebar.exe /autoRun "

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin "= "C:\Windows\System32\mctadmin.exe "

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin "= "C:\Windows\System32\mctadmin.exe "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe "= "C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui "

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray "= "C:\Windows\system32\igfxtray.exe "
"HotKeysCmds "= "C:\Windows\system32\hkcmd.exe "
"Persistence "= "C:\Windows\system32\igfxpers.exe "
"SynTPEnh "= "%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BDRegion]
"key "= "SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "BDRegion "
"hkey "= "HKLM "
"command "= "C:\\Program Files (x86)\\Cyberlink\\Shared files\\brs.exe "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NUSB3MON]
"key "= "SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "NUSB3MON "
"hkey "= "HKLM "
"command "= "\ "C:\\Program Files (x86)\\Renesas Electronics\\USB 3.0 Host Controller Driver\\Application\\nusb3mon.exe\" "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RemoteControl10]
"key "= "SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "RemoteControl10 "
"hkey "= "HKLM "
"command "= "\ "C:\\Program Files (x86)\\CyberLink\\PowerDVD10\\PDVD10Serv.exe\" "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\StartCCC]
"key "= "SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "StartCCC "
"hkey "= "HKLM "
"command "= "\ "C:\\Program Files (x86)\\AMD\\ATI.ACE\\Core-Static\\amd64\\CLIStart.exe\" MSRun "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
"key "= "SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "SunJavaUpdateSched "
"hkey "= "HKLM "
"command "= "\ "C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\" "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SysTrayApp]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "SysTrayApp "
"hkey "= "HKLM "
"command "= "C:\\Program Files\\IDT\\WDM\\sttray64.exe "

==== Startup Folders ======================

skaler2k · 2016/04/03

Part5:
==== Startup Folders ======================

2015-05-06 00:16:06 0 ----a-w- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ [Undetermined Task]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ [Undetermined Task]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ [Undetermined Task]
C:\Windows\tasks\HPCeeScheduleForOnyx.job --a------ C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [06/16/2015 10:51 AM]
C:\Windows\tasks\Wise Care 365.job --a------ C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe [03/24/2016 04:47 PM]
C:\Windows\tasks\Wise Turbo Checker.job --a------ C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe [03/24/2016 04:47 PM]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\AMD Updater" [ "C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe"]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\HPCeeScheduleForOnyx" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe]
"C:\Windows\SysNative\tasks\SafeZone scheduled Autoupdate 1459207036" [C:\Program Files\AVAST Software\SZBrowser\launcher.exe]
"C:\Windows\SysNative\tasks\Wise Care 365" [C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe]
"C:\Windows\SysNative\tasks\Wise Turbo Checker" [C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe]
"C:\Windows\SysNative\tasks\AVAST Software\Avast settings backup" [C:\Program Files\Common Files\AV\avast Antivirus\backup.exe]
"C:\Windows\SysNative\tasks\AVAST Software\Avast upgrade utility" [C:\Program Files\Common Files\AV\avast Antivirus\upgrade.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA)" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report" [C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater" [C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources" [C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Firefox Extensions ======================

==== Firefox Plugins ======================

==== Chromium Look ======================

Google Chrome Version: 44.0.2403.157

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
nogdfjjfhknacchjpiccacoimeelkajb - No path found[]

Google Slides - Onyx\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - Onyx\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Onyx\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Onyx\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
selector is not a valid CSS selector - Onyx\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb
Google Search - Onyx\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Sheets - Onyx\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
Google Docs Offline - Onyx\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi
Chrome Web Store Payments - Onyx\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Onyx\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Google Docs - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Avast SafePrice - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Google Docs Offline - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi
Avast Online Security - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Chrome Web Store Payments - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chromium Fix ======================

C:\Users\Onyx\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_pkaclsnffr-a.akamaihd.net_0.localstorage deleted successfully
C:\Users\Onyx\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_pkaclsnffr-a.akamaihd.net_0.localstorage-journal deleted successfully
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ad.doubleclick.net_0.localstorage deleted successfully
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ad.doubleclick.net_0.localstorage-journal deleted successfully
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_adv.rubigame.com_0.localstorage deleted successfully
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_adv.rubigame.com_0.localstorage-journal deleted successfully
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_adx.openadserve.com_0.localstorage deleted successfully
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_adx.openadserve.com_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page "= "http://xfinity.com/ "

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page "= "http://xfinity.com/ "

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope "= "{0633EE93-D776-472f-A0FF-E1416B8B2E3A} "
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope "= "{0633EE93-D776-472f-A0FF-E1416B8B2E3A} "
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope "= "{0633EE93-D776-472f-A0FF-E1416B8B2E3A} "
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable "=dword:00000000

Value(s) after fix:
"ProxyEnable "=dword:00000000

==== Uninstall List x64 ======================

Adobe AIR [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7BBAEC47-1CC0-4CB8-ADB4-531B78DBD1DD}]
Adobe AIR [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe AIR]
Adobe Flash Player 15 Plugin [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin]
Adobe Flash Player 21 ActiveX [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX]
Adobe Shockwave Player 12.1 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Shockwave Player]
AMD Catalyst Control Center [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{20AE3A4E-38CA-C6F8-4E60-5DF41A2CC0AC}]
AMD Drag and Drop Transcoding [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{CF84CD21-FC52-857E-AF41-9DEE9C76D245}]
AMD Install Manager [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4FCD3BAD-1B72-1676-DFB4-0B4DCE679404}]
AMD Install Manager [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager]
AMD Settings - Branding [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{78ACE60E-0CB7-4935-BCD4-F33422105607}]
AMD Wireless Display v3.0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{630E5EF7-72F8-9E5D-BEF5-ED85B698E160}]
Avast Free Antivirus [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Avast]
Catalyst Control Center - Branding [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{11087D24-567D-7D88-69C6-D7A08B5F4C47}]
Catalyst Control Center Graphics Previews Common [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9114BDDB-A6A6-152D-060A-E99307057AD1}]
Catalyst Control Center Localization All [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{315D9E6B-98B1-1E2B-9E93-B36A0B104224}]
CCC Help Chinese Standard [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{703F229F-573E-10E7-3B44-341DB59AD86B}]
CCC Help Chinese Traditional [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{489E5436-B101-CAD9-5571-14746675ECE3}]
CCC Help Czech [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BBA1614E-6470-7841-8A42-ABD5BA7B3FFE}]
CCC Help Danish [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AA0E1433-8F16-AA01-E8E9-E6408579D0D8}]
CCC Help Dutch [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{504819D1-3C0A-2695-0007-BBDFA5936D68}]
CCC Help English [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6C495748-5F03-0B97-568B-76D0368FB460}]
CCC Help Finnish [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D9CBA021-DB41-9736-923F-52E3E426912D}]
CCC Help French [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B03A580A-5D67-DAC5-59A1-7AD7C513381C}]
CCC Help German [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{69DF4822-9B16-CE04-7587-22E09FB5FD1D}]
CCC Help Greek [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{968C0E92-6DA9-5784-9A0B-1061D0CB2C14}]
CCC Help Hungarian [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{11BC8F83-7260-65EB-3E0A-FA7AC894B42D}]
CCC Help Italian [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FE4DC915-D724-E72C-EF86-DC5B89961ACF}]
CCC Help Japanese [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C9353DBC-A47C-2C9B-AF32-5E2C8B4E3D3A}]
CCC Help Korean [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{37DBC990-C514-3821-D6FB-12E0745AA990}]
CCC Help Norwegian [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{79E3071B-8A0C-C105-6442-CF611732601E}]
CCC Help Polish [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A12E8E1A-A77D-94E5-72F8-E83D6256AF11}]
CCC Help Portuguese [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AD5E3969-F0C0-ECBF-45E5-C36B84904281}]
CCC Help Russian [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CFA2067C-AE90-3BF9-06AF-E7E65E679B3D}]
CCC Help Spanish [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{110E4EE7-85A9-B76B-B943-C0C1CF0C2F74}]
CCC Help Swedish [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{42A97797-A255-49F9-4250-D58A9CEA2904}]
CCC Help Thai [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{31BC0B51-0676-A531-3940-1818B609EEA7}]
CCC Help Turkish [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9DB45EC2-90E7-642D-7CF9-5AC2FBDC14F7}]
CPUID CPU-Z 1.75 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\CPUID CPU-Z_is1]
CyberLink PowerDVD [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}]
CyberLink PowerDVD [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}]
D3DX10 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E09C4DB7-630C-4F06-A631-8EA7239923AF}]
ESU for Microsoft Windows 7 SP1 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9945F35E-85EF-4759-A95C-2E10AA34EA58}]
Foxit Reader [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Foxit Reader_is1]
Google Chrome [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BED0D2F3-7407-3B43-A48F-6C33BC3D5DAD}]
Google Update Helper [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}]
Google Update Helper [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}]
HP Customer Experience Enhancements [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C9EF1AAF-B542-41C8-A537-1142DA5D4AEC}]
HP Support Solutions Framework [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E2CB09C1-3C76-4395-BB47-50C066535CF8}]
Intel(R) Chipset Device Software [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{12CB6BC1-4E71-4890-AA0E-26CED6AD7EDD}]
Intel(R) Chipset Device Software [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{fb610cea-ba50-4d4b-a717-cf025419035c}]
Intel(R) Driver Update Utility 2.4 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1766DD04-5D4D-40BC-953A-D80624BCC063}]
Intel(R) Management Engine Components [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1CEAC85D-2590-4760-800F-8DE5E91F3700}]
Intel(R) Management Engine Components [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C2306F93-60AC-4401-B600-453376E771EC}]
Intel(R) Management Engine Components [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DC5AEDF6-DCDB-499A-8A72-AB67388766AA}]
Intel(R) Management Engine Components [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{FE51B16C-A025-418A-A5D6-07D93B643AFB}]
Intel(R) ME UninstallLegacy [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C1B93BF9-9874-4920-8FED-D5CA2FBDE2BB}]
Intel(R) PRO/Wireless Driver [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5196a382-da27-431b-9231-ba49c098fe28}]
Intel(R) Processor Graphics [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}]
Intel(R) Rapid Storage Technology [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{409CB30E-E457-4008-9B1A-ED1B9EA21140}]
Intel(R) Rapid Storage Technology [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9E9C290F-18E8-412D-B4F2-6CD6B45E47C0}]
Intel(R) SDK for OpenCL - CPU Only Runtime Package [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}]
Intelr Driver Update Utility [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{561b5fb5-1d4d-40e8-b3e4-ad52858b217c}]
Intelr PROSet/Wireless Software [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{eddf4201-b72e-4e94-9e7b-ac1ba97c029f}]
Intelr PROSet/Wireless WiFi Software [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1C03A416-D8D5-42F6-87CE-4874A383EBEB}]
Intelr Trusted Connect Service Client [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1B444AF9-1DBE-4884-8F35-969BEFCF69A8}]
Java 8 Update 73 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83218073F0}]
Junk Mail filter update [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}]
Malwarebytes Anti-Malware version 2.2.1.1043 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes Anti-Malware_is1]
Microsoft .NET Framework 4.6.1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033]
Microsoft .NET Framework 4.6.1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{BD6F5371-DAC1-30F0-9DDE-CAC6791E28C3}]
Microsoft Office Professional Plus 2007 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PROPLUS]
Microsoft Silverlight [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}]
Microsoft Visual C++ 2005 Redistributable (x64) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}]
Microsoft Visual C++ 2005 Redistributable (x64) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}]
Microsoft Visual C++ 2005 Redistributable [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}]
Microsoft Visual C++ 2005 Redistributable [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9A25302D-30C0-39D9-BD6F-21E6EC160475}]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F}]
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}]
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}]
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15134cb0-b767-4960-a911-f2d16ae54797}]
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}]
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}]
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}]
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9}]
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}]
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}]
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)]
MSVCRT [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}]
MSVCRT_amd64 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D0B44725-3666-492D-BEF6-587A14BD9BD9}]
MSVCRT110 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}]
MSVCRT110_amd64 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E9FA781F-3E80-4399-825A-AD3E11C28C77}]
Photo Common [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CAA0F57A-BA8C-4AD8-AA03-F32B0E4F5623}]
Realtek Ethernet Controller Driver [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}]
Renesas Electronics USB 3.0 Host Controller Driver [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5442DAB8-7177-49E1-8B22-09A049EA5996}]
Renesas Electronics USB 3.0 Host Controller Driver [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}]
SafeZone Stable 1.48.2066.95 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SafeZone 1.48.2066.95]
swMSM [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{612C34C7-5E90-47D8-9B5C-0F717DD82726}]
Synaptics TouchPad Driver [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\SynTPDeinstKey]
VLC media player [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\VLC media player]
Windows 7 Upgrade Advisor [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}]
Windows Live Communications Platform [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{41C61308-6CFD-4D54-AB6A-7136ED08A18E}]
Windows Live Essentials [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{66B5819D-DE70-42BE-B40F-978FBA12452E}]
Windows Live Essentials [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WinLiveSuite]
Windows Live ID Sign-in Assistant [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{CE52672C-A0E9-4450-8875-88A221D5CD50}]
Windows Live Installer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{659CB81C-B54E-4DF1-B618-F35777393A54}]
Windows Live Mail [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B775C26B-EAA8-4A11-ACBF-76E52DF6B805}]
Windows Live Mail [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BAD27F0E-5165-49A5-BE66-AF5BF73F2FEE}]
Windows Live MIME IFilter [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{25058321-C33E-496B-8915-6FD64D362CAF}]
Windows Live Photo Common [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D6432B4-E24D-405E-A4AB-D7E6D088CBC9}]
Windows Live PIMT Platform [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B2611F8A-EFE7-4E88-875D-19F0EFAE87E4}]
Windows Live SOXE [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CDC1AB00-01FF-4FC7-816A-16C67F0923C0}]
Windows Live SOXE Definitions [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D1893000-EA77-493C-8DDD-E262436E959B}]
Windows Live UX Platform [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{00F9DB8C-65D7-4D47-AB5F-F698EE38580D}]
Windows Live UX Platform Language Pack [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6522F5F9-411B-4513-A75B-CEA00395F032}]
Windows Live Writer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{714E162E-CD4F-4F1B-8302-7F5179409C25}]
Windows Live Writer Resources [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0F974770-76EB-4C38-986E-E7BDD9C0DFC4}]
Wise Care 365 4.11 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wise Care 365_is1]

==== HijackThis Entries ======================

F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\Microsoft Office\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\Microsoft Office\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: CyberLink Product - 2016/03/26 20:41:44 (CLKMSVC10_38F51D56) - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Wise Boot Assistant (WiseBootAssistant) - WiseCleaner.com - C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Onyx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Onyx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Owner\AppData\Local\Mozilla\Firefox\Profiles\86wwk4r1.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Onyx\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=53 folders=27 113672581 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Onyx\AppData\Local\Temp will be emptied at reboot
C:\Users\Owner\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Onyx\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Sat 04/02/2016 at 17:01:24.32 ======================

skaler2k · 2016/04/03

Evan,
Note that I repeated the last line or two so you could see the continuity of the parts.
Last night, I updated the audio driver for my Audio Controller-IDT High DEF Audio CODEC.
I now get the windows opening chime at the same time as the windows desktop screen appears. However, the screen still takes about 65 to 70 seconds to appear after the welcome screen.
I'll see what I can do about taking the screen shot and publishing it on the imgur website.
I've heard of imgur, but haven't a clue about what it is.

skaler2k · 2016/04/03

Evan,
I took a screenshot and saved it via Paint to my photos folder, but got lost on the imgur website. So, I attached it as a png file here in this posting. I see that the file is 161KB and the max permitted is 250KB, so I'm hoping this will do.

Log in or Sign up

Resolved Problems with booting into Windows 7

lj50 SuperGeek WindowsBBS Team Member

skaler2k Well-Known Member Thread Starter

lj50 SuperGeek WindowsBBS Team Member

skaler2k Well-Known Member Thread Starter

Evan Omo Computer Support Technician Staff

skaler2k Well-Known Member Thread Starter

Attached Files:

JRT.txt

Malwarebytes.txt

MTB.txt

securitychk.txt

skaler2k Well-Known Member Thread Starter

Evan Omo Computer Support Technician Staff

skaler2k Well-Known Member Thread Starter

skaler2k Well-Known Member Thread Starter

skaler2k Well-Known Member Thread Starter

skaler2k Well-Known Member Thread Starter

Evan Omo Computer Support Technician Staff

skaler2k Well-Known Member Thread Starter

skaler2k Well-Known Member Thread Starter

skaler2k Well-Known Member Thread Starter

skaler2k Well-Known Member Thread Starter

skaler2k Well-Known Member Thread Starter

skaler2k Well-Known Member Thread Starter

skaler2k Well-Known Member Thread Starter

Attached Files:

autorun.jpg

Share This Page

Log in or Sign up

Resolved Problems with booting into Windows 7

lj50 SuperGeek WindowsBBS Team Member

skaler2k Well-Known Member Thread Starter

lj50 SuperGeek WindowsBBS Team Member

skaler2k Well-Known Member Thread Starter

Evan Omo Computer Support Technician Staff

skaler2k Well-Known Member Thread Starter

Attached Files:

JRT.txt

Malwarebytes.txt

MTB.txt

securitychk.txt

skaler2k Well-Known Member Thread Starter

Evan Omo Computer Support Technician Staff

skaler2k Well-Known Member Thread Starter

skaler2k Well-Known Member Thread Starter

skaler2k Well-Known Member Thread Starter

skaler2k Well-Known Member Thread Starter

Evan Omo Computer Support Technician Staff

skaler2k Well-Known Member Thread Starter

skaler2k Well-Known Member Thread Starter

skaler2k Well-Known Member Thread Starter

skaler2k Well-Known Member Thread Starter

skaler2k Well-Known Member Thread Starter

skaler2k Well-Known Member Thread Starter

skaler2k Well-Known Member Thread Starter

Attached Files:

autorun.jpg

Share This Page

Useful Searches