Solved Cryptowall 3.0 on W8

Neal Young · May 8, 2015

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.6.8 (05.06.2015:1)
OS: Windows 8.1 x64
Ran by Neal on Fri 05/08/2015 at 16:29:41.87
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Tasks

Successfully deleted: [Task] C:\WINDOWS\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-36197621-1084692692-4235269178-500
Successfully deleted: [Task] C:\WINDOWS\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-4105420370-3369507210-3028615837-1002
Successfully deleted: [Task] C:\WINDOWS\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-4105420370-3369507210-3028615837-1004
Successfully deleted: [Task] C:\WINDOWS\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-4105420370-3369507210-3028615837-500
Successfully deleted: [Task] C:\WINDOWS\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-4250707222-1270404456-2452588184-500

~~~ Registry Values

BluetoothManager REG_EXPAND_SZ rundll32.exe %appdata%\Microsoft\bstack.dll,bs_init
Value Name Type Value Data
========================================================================================
Suspicious HKCU\..\Run entries found. Trojan:JS/Medfos.B?

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 05/08/2015 at 16:34:09.41
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Neal Young · May 8, 2015

Okay. I think I have completed everything so far. I will check back in a few hours- honeydew list.... Thanks very very much! -neal

Broni · May 8, 2015

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

Double-click to run it. When the tool opens click Yes to disclaimer.
Make sure you checkmark Addition.txt box.
Press Scan button.
Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

Neal Young · May 8, 2015

Here is the frst.txt (The addition,txt did not generate this time...???)

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-05-2015 01
Ran by Neal (administrator) on HOMESCHOOL1 on 08-05-2015 17:04:27
Running from C:\Users\Neal\Desktop
Loaded Profiles: Neal (Available profiles: Neal & Sean & Noelle & Administrator)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-08-20] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-24] (Synaptics Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491632 2012-09-10] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2012-09-14] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\qttask.exe [77824 2014-08-18] (Apple Computer, Inc.)
HKU\S-1-5-21-4105420370-3369507210-3028615837-1002\...\Run: [BluetoothManager] => rundll32.exe "%appdata%\Microsoft\bstack.dll",bs_init

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKU\S-1-5-21-4105420370-3369507210-3028615837-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
HKU\S-1-5-21-4105420370-3369507210-3028615837-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
SearchScopes: HKLM -> {72A94EC8-3F90-47F1-9886-E2A151F94BD1} URL = http://www.amazon.com/s/ref=azs_osd...ode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {72A94EC8-3F90-47F1-9886-E2A151F94BD1} URL = http://www.amazon.com/s/ref=azs_osd...ode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4105420370-3369507210-3028615837-1002 -> {72A94EC8-3F90-47F1-9886-E2A151F94BD1} URL = http://www.amazon.com/s/ref=azs_osd...ode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-4105420370-3369507210-3028615837-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\hjieooub.default
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll [2012-08-08] (Adobe Systems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2014-11-14] ()

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-07-04] (Advanced Micro Devices, Inc.) [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [373312 2015-04-14] (WildTangent)
S2 HPConnectedRemote; C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35744 2012-10-12] (Hewlett-Packard)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-09-11] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [91648 2012-08-21] (Advanced Micro Devices)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-03] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-05-08] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-08 16:34 - 2015-05-08 16:34 - 00001607 _____ () C:\Users\Neal\Desktop\JRT.txt
2015-05-08 16:32 - 2015-05-08 16:50 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4105420370-3369507210-3028615837-1002
2015-05-08 16:30 - 2015-05-08 16:30 - 00000207 _____ () C:\WINDOWS\tweaking.com-regbackup-HOMESCHOOL1-Windows-8.1-(64-bit).dat
2015-05-08 16:29 - 2015-05-08 16:29 - 00000000 ____D () C:\RegBackup
2015-05-08 16:29 - 2015-05-08 16:26 - 02716843 _____ (Thisisu) C:\Users\Neal\Desktop\JRT.exe
2015-05-08 16:24 - 2015-05-08 16:26 - 00000000 ____D () C:\AdwCleaner
2015-05-08 16:23 - 2015-05-08 15:49 - 02204160 _____ () C:\Users\Neal\Desktop\adwcleaner_4.203.exe
2015-05-08 15:21 - 2015-05-08 16:22 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-05-08 15:21 - 2015-05-08 15:21 - 00001118 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-08 15:21 - 2015-05-08 15:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-08 15:21 - 2015-05-08 15:21 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-08 15:21 - 2015-05-08 15:21 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-08 15:21 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-05-08 15:21 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-05-08 15:21 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-05-08 15:20 - 2015-05-08 15:18 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Neal\Desktop\mbam-setup-2.1.6.1022.exe
2015-05-08 15:07 - 2015-05-08 15:17 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-05-08 15:07 - 2015-05-08 15:07 - 00035064 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-05-08 15:06 - 2015-05-08 15:05 - 16937048 _____ () C:\Users\Neal\Desktop\RogueKiller.exe
2015-05-08 14:47 - 2015-05-08 14:49 - 00008068 _____ () C:\Users\Neal\Desktop\ESETPoweliksCleaner.exe_20150508.144750.2644.log
2015-05-08 14:47 - 2015-05-08 14:47 - 00000022 _____ () C:\Users\Neal\Desktop\ESETPoweliksCleaner.exe_20150508.144750.2644.zip
2015-05-08 14:47 - 2015-05-08 14:46 - 00221384 _____ (ESET) C:\Users\Neal\Desktop\ESETPoweliksCleaner.exe
2015-05-08 13:32 - 2015-05-08 13:51 - 00042640 _____ () C:\Users\Neal\Desktop\Addition.txt
2015-05-08 12:55 - 2015-05-08 17:04 - 00008565 _____ () C:\Users\Neal\Desktop\FRST.txt
2015-05-08 12:54 - 2015-05-08 12:49 - 02102272 _____ (Farbar) C:\Users\Neal\Desktop\FRST64.exe
2015-05-08 12:49 - 2015-05-08 12:53 - 00000000 ____D () C:\Users\Neal\AppData\Roaming\Local Store
2015-05-08 12:45 - 2015-05-08 12:49 - 02102272 _____ (Farbar) C:\Users\Neal\Downloads\FRST64.exe
2015-05-08 12:40 - 2015-05-08 12:40 - 01141248 _____ (Farbar) C:\Users\Neal\Downloads\FRST.exe
2015-05-08 11:48 - 2015-05-08 11:48 - 00000288 _____ () C:\Users\Neal\Desktop\test.txt
2015-05-08 11:45 - 2015-05-08 11:45 - 00000000 ____D () C:\HP
2015-05-07 15:19 - 2015-05-08 17:04 - 00000000 ____D () C:\FRST
2015-05-07 14:06 - 2015-05-07 14:06 - 00000000 ____D () C:\WINDOWS\pss
2015-05-05 02:17 - 2015-05-07 15:53 - 00000000 ____D () C:\ProgramData\BlueStacks
2015-05-04 22:12 - 2015-05-04 22:12 - 00000000 ____D () C:\Users\Noelle\Documents\julius caesar
2015-04-17 09:45 - 2015-04-17 09:45 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-04-14 19:50 - 2015-03-23 16:59 - 07476032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-04-14 19:50 - 2015-03-23 16:59 - 01733952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-04-14 19:50 - 2015-03-23 16:59 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll
2015-04-14 19:50 - 2015-03-23 16:58 - 01498872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-04-14 19:50 - 2015-03-23 16:45 - 00257216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sechost.dll
2015-04-14 19:50 - 2015-03-19 23:12 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2015-04-14 19:50 - 2015-03-19 23:10 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-04-14 19:50 - 2015-03-19 23:10 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-04-14 19:50 - 2015-03-19 22:17 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\tracerpt.exe
2015-04-14 19:50 - 2015-03-19 21:41 - 00369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tracerpt.exe
2015-04-14 19:50 - 2015-03-19 21:40 - 00950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2015-04-14 19:50 - 2015-03-19 21:16 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2015-04-14 19:50 - 2015-03-14 03:20 - 01385256 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-04-14 19:50 - 2015-03-14 03:13 - 01124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-04-14 19:50 - 2015-03-12 23:32 - 24980480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-04-14 19:50 - 2015-03-12 22:50 - 06025216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-04-14 19:50 - 2015-03-12 22:42 - 19695616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-04-14 19:50 - 2015-03-12 22:00 - 14397440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-04-14 19:50 - 2015-03-12 21:58 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2015-04-14 19:50 - 2015-03-12 21:49 - 04305408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-04-14 19:50 - 2015-03-12 21:37 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2015-04-14 19:50 - 2015-02-20 18:49 - 00780800 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2015-04-14 19:49 - 2015-03-22 17:45 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-04-14 19:49 - 2015-03-22 17:09 - 01111552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-04-14 19:49 - 2015-03-22 17:09 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-04-14 19:49 - 2015-03-22 17:09 - 00769024 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-04-14 19:49 - 2015-03-22 17:09 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-04-14 19:49 - 2015-03-22 17:09 - 00419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-04-14 19:49 - 2015-03-22 17:09 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-04-14 19:49 - 2015-03-14 03:54 - 00133256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-04-14 19:49 - 2015-03-13 20:56 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-04-14 19:49 - 2015-03-13 20:56 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-04-14 19:49 - 2015-03-13 20:51 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll
2015-04-14 19:49 - 2015-03-13 20:37 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-04-14 19:49 - 2015-03-13 20:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-04-14 19:49 - 2015-03-13 19:22 - 03678720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-04-14 19:49 - 2015-03-13 19:12 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-04-14 19:49 - 2015-03-13 19:12 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-04-14 19:49 - 2015-03-13 19:09 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2015-04-14 19:49 - 2015-03-13 19:08 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-04-14 19:49 - 2015-03-13 19:08 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-04-14 19:49 - 2015-03-13 19:06 - 02373632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-04-14 19:49 - 2015-03-13 19:06 - 00891392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-04-14 19:49 - 2015-03-13 19:02 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-04-14 19:49 - 2015-03-13 19:02 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-04-14 19:49 - 2015-03-13 18:59 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-04-14 19:49 - 2015-03-13 18:59 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-04-14 19:49 - 2015-03-12 23:08 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-04-14 19:49 - 2015-03-12 23:07 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-04-14 19:49 - 2015-03-12 22:53 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-04-14 19:49 - 2015-03-12 22:28 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-04-14 19:49 - 2015-03-12 22:26 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-04-14 19:49 - 2015-03-12 22:22 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-04-14 19:49 - 2015-03-12 22:17 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-04-14 19:49 - 2015-03-12 22:16 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-04-14 19:49 - 2015-03-12 22:08 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-04-14 19:49 - 2015-03-12 22:07 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-04-14 19:49 - 2015-03-12 21:50 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-04-14 19:49 - 2015-03-12 21:45 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-04-14 19:49 - 2015-03-12 21:44 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-04-14 19:49 - 2015-03-12 21:34 - 12825600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-04-14 19:49 - 2015-03-12 21:33 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-04-14 19:49 - 2015-03-12 21:22 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-04-14 19:49 - 2015-03-12 21:20 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-04-14 19:49 - 2015-03-12 21:16 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-04-14 19:49 - 2015-03-12 21:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-04-14 19:49 - 2015-03-04 05:25 - 00377152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2015-04-14 19:49 - 2015-03-03 22:04 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll
2015-04-14 19:49 - 2015-03-03 21:19 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll
2015-04-14 19:49 - 2015-02-24 03:32 - 00991552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2015-04-14 19:49 - 2014-12-02 18:09 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2015-04-08 12:05 - 2015-04-08 12:06 - 00000000 ___SD () C:\WINDOWS\system32\GWX
2015-04-08 12:05 - 2015-04-08 12:05 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-08 17:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-05-08 16:27 - 2014-09-11 17:08 - 00000000 __RDO () C:\Users\Neal\OneDrive
2015-05-08 16:27 - 2014-03-18 04:54 - 00058356 _____ () C:\WINDOWS\PFRO.log
2015-05-08 16:27 - 2013-08-22 09:46 - 00424646 _____ () C:\WINDOWS\setupact.log
2015-05-08 16:27 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-08 16:27 - 2013-08-22 08:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-05-08 15:09 - 2014-03-18 05:03 - 00956480 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-05-08 14:33 - 2014-09-11 16:28 - 00000000 ____D () C:\Users\Neal
2015-05-08 11:55 - 2014-08-18 12:57 - 00003934 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{E6DB391A-67E2-49DF-ADDD-A578345A07FB}
2015-05-08 09:17 - 2014-09-11 16:13 - 01818681 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-08 08:48 - 2014-09-11 16:28 - 00000000 ____D () C:\Users\Noelle
2015-05-08 08:48 - 2014-09-11 16:28 - 00000000 ____D () C:\Users\Administrator
2015-05-08 08:48 - 2013-08-22 08:36 - 00000000 __RHD () C:\Users\Default
2015-05-07 15:54 - 2014-12-22 20:58 - 00000000 ____D () C:\Users\Neal\Documents\CyberLink
2015-05-07 15:54 - 2014-11-05 14:25 - 00000000 ____D () C:\Users\Neal\Desktop\noelle
2015-05-07 15:54 - 2014-09-30 15:50 - 00000000 ____D () C:\Users\Neal\Desktop\Master bath
2015-05-07 15:54 - 2014-09-27 08:39 - 00000000 ____D () C:\Users\Neal\Desktop\RN Liscense
2015-05-07 15:54 - 2014-09-13 14:40 - 00000000 ____D () C:\Users\Neal\Desktop\Hurst Review
2015-05-07 15:54 - 2014-09-03 08:33 - 00000000 ____D () C:\Users\Neal\Desktop\STVE
2015-05-07 15:54 - 2014-08-18 01:43 - 00000000 ____D () C:\Users\Neal\Desktop\General Sciencev2-MP3
2015-05-07 15:54 - 2014-08-18 00:52 - 00000000 ____D () C:\Users\Neal\.javaws
2015-05-07 15:53 - 2014-09-11 19:09 - 00000000 __SHD () C:\Recovery
2015-05-07 15:53 - 2014-09-11 16:17 - 00000000 ____D () C:\ProgramData\AMD
2015-05-07 15:53 - 2014-09-11 16:16 - 00000000 ____D () C:\ProgramData\Package Cache
2015-05-07 15:53 - 2014-09-08 07:29 - 00000000 ____D () C:\ProgramData\lx_Cats
2015-05-07 15:53 - 2014-08-18 20:50 - 00000000 ____D () C:\ProgramData\QuickTime
2015-05-07 15:53 - 2014-08-18 13:14 - 00000000 ____D () C:\ProgramData\Mozilla
2015-05-07 15:53 - 2014-07-11 14:35 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\ATI
2015-05-07 15:53 - 2014-07-11 14:35 - 00000000 ____D () C:\Users\Administrator\AppData\Local\ATI
2015-05-07 15:53 - 2014-07-11 14:35 - 00000000 ____D () C:\Users\Administrator\AppData\Local\AMD
2015-05-07 15:53 - 2014-07-11 14:35 - 00000000 ____D () C:\ProgramData\ATI
2015-05-07 15:53 - 2014-07-11 14:24 - 00000000 ____D () C:\ProgramData\Norton
2015-05-07 15:53 - 2014-07-11 14:16 - 00000000 ____D () C:\ProgramData\CyberLink
2015-05-07 15:53 - 2014-07-11 14:00 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Downloaded Installations
2015-05-07 15:53 - 2014-07-11 13:56 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Synaptics
2015-05-07 15:53 - 2014-07-11 13:56 - 00000000 ____D () C:\ProgramData\Synaptics
2015-05-07 15:53 - 2014-07-11 13:53 - 00000000 ____D () C:\ProgramData\Qualcomm Atheros
2015-05-07 15:53 - 2014-07-11 13:52 - 00000000 ____D () C:\ProgramData\Apple
2015-05-07 15:53 - 2012-10-29 21:18 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\FFSJ
2015-05-07 15:53 - 2012-10-29 21:16 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Hewlett-Packard
2015-05-07 15:53 - 2012-10-29 21:16 - 00000000 ____D () C:\ProgramData\WildTangent
2015-05-07 15:53 - 2012-10-29 21:10 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2015-05-07 15:53 - 2012-10-29 21:06 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Windows Live
2015-05-07 15:53 - 2012-10-29 21:06 - 00000000 ____D () C:\ProgramData\Microsoft SkyDrive
2015-05-07 15:53 - 2012-10-29 20:58 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\hpqLog
2015-05-07 15:53 - 2012-10-29 20:58 - 00000000 ____D () C:\ProgramData\install_clap
2015-05-07 15:53 - 2012-10-29 20:55 - 00000000 ___HD () C:\Users\Administrator\Documents\hp.system.package.metadata
2015-05-07 15:53 - 2012-08-03 19:02 - 00000000 __RHD () C:\SYSTEM.SAV
2015-05-07 15:53 - 2012-08-03 19:02 - 00000000 ____D () C:\SWSetup
2015-05-07 15:53 - 2012-08-03 17:29 - 00000000 ____D () C:\ProgramData\PRICache
2015-05-07 15:53 - 2012-08-03 17:28 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2015-05-07 15:52 - 2014-09-11 18:59 - 00000000 ____D () C:\inetpub
2015-05-07 15:52 - 2014-09-11 16:12 - 00000000 ____D () C:\AMD
2015-05-07 15:52 - 2014-08-18 14:51 - 00000000 ___HD () C:\$SysReset
2015-05-07 13:54 - 2012-10-29 21:07 - 00000000 ___RD () C:\Users\Administrator\SkyDrive
2015-05-07 13:25 - 2014-09-08 19:54 - 00007332 _____ () C:\Users\Neal\Desktop\double barn doors.jpg.ezz
2015-05-07 13:25 - 2014-09-08 19:47 - 00009396 _____ () C:\Users\Neal\Desktop\tile size.jpg.ezz
2015-05-07 13:25 - 2014-09-08 19:45 - 00005972 _____ () C:\Users\Neal\Desktop\barn door.jpg.ezz
2015-05-07 13:25 - 2014-09-08 19:38 - 00006772 _____ () C:\Users\Neal\Desktop\imagesCAVYFP72.jpg.ezz
2015-05-07 13:25 - 2014-09-08 19:35 - 00009460 _____ () C:\Users\Neal\Desktop\imagesCA7CH076.jpg.ezz
2015-05-07 13:25 - 2014-09-08 19:30 - 00007556 _____ () C:\Users\Neal\Desktop\imagesCASKJVS5.jpg.ezz
2015-05-07 13:25 - 2014-09-08 19:22 - 00008660 _____ () C:\Users\Neal\Desktop\stone shower.jpg.ezz
2015-05-07 13:25 - 2014-09-08 19:19 - 00072372 _____ () C:\Users\Neal\Desktop\Nice-Rustic-Wooden-Look-in-Western-Style-Bathroom-Interior.jpg.ezz
2015-05-07 13:25 - 2014-09-08 19:14 - 00021940 _____ () C:\Users\Neal\Desktop\stoneshowers3.jpg.ezz
2015-05-07 13:25 - 2014-09-08 19:13 - 00126212 _____ () C:\Users\Neal\Desktop\shower-designs_stone.jpg.ezz
2015-05-07 13:25 - 2014-09-08 19:11 - 00145892 _____ () C:\Users\Neal\Desktop\bathroom-natural-cream-small-bathroom-renovation-idea-with-cream-stone-wall-colorful-border-and-shower-nice-small-bathroom-renovation-ideas-972x650.jpg.ezz
2015-05-07 13:25 - 2014-09-08 19:06 - 00042676 _____ () C:\Users\Neal\Desktop\thumb4_wlshower.jpg.ezz
2015-05-07 13:25 - 2014-08-17 23:39 - 10782340 _____ () C:\Users\Neal\Documents\9781616251185_ApologiaExploringCreationWithG.pdf.ezz
2015-05-07 13:25 - 2014-08-17 23:35 - 24867156 _____ () C:\Users\Neal\Desktop\9781616251345_ApologiaExploringCreationWithB.pdf.ezz
2015-05-07 13:25 - 2014-08-17 21:22 - 10782340 _____ () C:\Users\Neal\Desktop\9781616251185_ApologiaExploringCreationWithG.pdf.ezz
2015-05-07 13:25 - 2014-07-11 16:24 - 01440996 _____ () C:\Users\Neal\Desktop\CRCS Handbook.pdf.ezz
2015-05-07 12:47 - 2015-01-09 01:59 - 00000000 ___RD () C:\Users\Noelle\OneDrive
2015-05-07 01:07 - 2015-01-09 01:55 - 00003942 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C556DA80-233A-4939-81B7-D4F612CB4826}
2015-05-05 14:31 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-05-05 14:31 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-05 14:31 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-05-05 14:31 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-05-05 14:31 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-05 14:31 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-05-05 14:31 - 2013-08-22 10:36 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-05-05 14:31 - 2013-08-22 10:36 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-05-05 14:31 - 2012-10-29 20:58 - 00000000 ____D () C:\ProgramData\Temp
2015-05-05 14:22 - 2014-09-13 14:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-05 14:22 - 2014-09-11 16:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-05-05 14:22 - 2014-08-18 20:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-05-05 14:22 - 2014-08-18 20:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Web Start
2015-05-05 14:22 - 2014-08-18 20:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Rosetta Stone
2015-05-05 14:22 - 2014-08-18 13:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TT Algebra 1
2015-05-05 14:22 - 2014-08-18 12:56 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services
2015-05-05 14:22 - 2014-07-11 14:08 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2015-05-05 14:22 - 2014-07-11 14:00 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2015-05-05 14:22 - 2014-03-18 04:45 - 00000000 __RHD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
2015-05-05 14:22 - 2013-08-22 10:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
2015-05-05 14:22 - 2013-08-22 10:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-05 14:22 - 2013-08-22 10:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-05-05 14:22 - 2013-08-22 10:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-05-05 14:22 - 2012-10-29 21:17 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-05-05 14:22 - 2012-10-29 21:13 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2015-05-05 14:22 - 2012-10-29 21:02 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2015-05-05 14:21 - 2014-09-11 16:28 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-05-05 14:21 - 2014-09-11 16:28 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-05 14:21 - 2014-09-11 16:28 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-05-05 14:21 - 2014-09-11 16:28 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-05-05 14:21 - 2012-08-03 17:28 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Packages
2015-05-05 14:18 - 2014-03-18 04:45 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-05 14:18 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\WindowsPowerShell
2015-05-05 14:18 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Windows Portable Devices
2015-05-05 14:18 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2015-05-05 14:18 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Windows Multimedia Platform
2015-05-05 14:18 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-05-05 14:17 - 2014-09-11 16:12 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies
2015-05-05 14:17 - 2014-07-11 13:52 - 00000000 ____D () C:\Program Files\Bonjour
2015-05-05 14:17 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Common Files\Services
2015-05-05 14:17 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-05-05 14:17 - 2012-09-18 21:56 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2015-05-05 02:16 - 2012-10-29 21:16 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games
2015-05-04 15:46 - 2014-08-15 09:06 - 00000000 ____D () C:\Users\Public\Documents\TT Algebra 1
2015-05-03 15:12 - 2015-03-16 12:27 - 00000000 ____D () C:\Users\Noelle\AppData\Roaming\Mozilla
2015-05-03 15:12 - 2015-01-21 13:05 - 00000000 ____D () C:\Users\Noelle\Documents\CyberLink
2015-05-03 15:12 - 2015-01-09 01:57 - 00000000 ____D () C:\Users\Noelle\AppData\Local\AMD
2015-05-03 15:12 - 2015-01-09 01:55 - 00000000 ____D () C:\Users\Noelle\AppData\Roaming\Adobe
2015-05-03 15:10 - 2014-08-18 13:15 - 00000000 ____D () C:\Users\Neal\AppData\Roaming\Mozilla
2015-05-03 15:10 - 2014-08-18 13:00 - 00000000 ____D () C:\Users\Neal\AppData\Local\AMD
2015-05-03 15:10 - 2014-08-18 12:58 - 00000000 ____D () C:\Users\Neal\AppData\Roaming\Hewlett-Packard
2015-05-03 15:10 - 2014-08-18 12:56 - 00000000 ____D () C:\Users\Neal\AppData\Roaming\Adobe
2015-05-03 15:10 - 2014-08-18 12:53 - 00000000 ____D () C:\Users\Neal\AppData\Local\Power2Go8
2015-04-20 13:56 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-04-18 20:18 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppCompat
2015-04-17 09:45 - 2015-03-29 21:04 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-04-14 20:35 - 2014-08-23 00:19 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-04-14 20:33 - 2014-08-23 00:19 - 128913832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-04-14 20:33 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp

Some content of TEMP:
====================
C:\Users\Neal\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Neal\AppData\Local\Temp\Quarantine.exe
C:\Users\Neal\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-05-08 14:59

==================== End Of Log ============================

Neal Young · May 8, 2015

Should I check the radio box by 'addition' and rescan?

Broni · May 8, 2015

Re-run FRST...
Make sure you checkmark Addition.txt box.

Neal Young · May 8, 2015

Since it told me a scan can not hurt anything.... I ran it before I remembered your instructions at the beginning of this... Gosh I hope this did not do anything negative.

So, anyway, here is the output of that:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-05-2015 01
Ran by Neal at 2015-05-08 17:19:55
Running from C:\Users\Neal\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-4105420370-3369507210-3028615837-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-4105420370-3369507210-3028615837-501 - Limited - Disabled)
Neal (S-1-5-21-4105420370-3369507210-3028615837-1002 - Administrator - Enabled) => C:\Users\Neal
Noelle (S-1-5-21-4105420370-3369507210-3028615837-1004 - Limited - Enabled) => C:\Users\Noelle
Sean (S-1-5-21-4105420370-3369507210-3028615837-1003 - Limited - Enabled) => C:\Users\Sean

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.6.636 - Adobe Systems, Inc.)
Algebra 1 Teaching Textbook (HKLM-x32\...\Algebra 1 Teaching Textbook) (Version: - Teaching Textbooks Inc.)
AMD Catalyst Install Manager (HKLM\...\{3CEC10BE-CD7C-8E99-E3AC-DD31F4416C1C}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot 4 - Power Source (x32 Version: 2.2.0.98 - WildTangent) Hidden
Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2.5712 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.2.2114 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.2.3317 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.2.2110 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.2.2126 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.7.4528 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.5.5811 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE: The Cursed King (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Gardenscapes: Mansion Makeover (x32 Version: 3.0.2.32 - WildTangent) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98 - WildTangent) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP 3D DriveGuard (HKLM\...\{6821D775-9303-46DD-977A-2D97CA18B054}) (Version: 4.2.8.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.0.1218 - Hewlett-Packard)
HP CoolSense (HKLM-x32\...\{8704FEEF-A6A8-4E7E-B124-BD6122C66E2C}) (Version: 2.10.42 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{23C74C03-680C-455D-933F-5BC8683CAE52}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{C2E428EB-116E-41C0-9E84-B22DE9CCA42F}) (Version: 1.1.6232.4245 - Hewlett-Packard)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.8 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.6.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6425.0 - IDT)
Java 2 Runtime Environment, SE v1.4.1_02 (HKLM-x32\...\{EFCE5837-FC21-11D6-9D24-00010240CE95}) (Version: - )
Java Web Start (HKLM-x32\...\Java Web Start) (Version: - )
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mortimer Beckett and the Crimson Thief Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Firefox 32.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.1 (x86 en-US)) (Version: 32.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
QuickTime (HKLM-x32\...\QuickTime) (Version: - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Royal Envoy 2 Collector's Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
Student Management System (HKLM-x32\...\Student Management System) (Version: - )
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.12 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
The Rosetta Stone (HKLM-x32\...\The Rosetta Stone) (Version: - )
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.9.7 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {06EAB617-28D2-4B01-B359-FC14AEDB75DE} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)
Task: {1FD9D182-D027-48BA-8522-0E8CD62C4B1A} - \Optimize Start Menu Cache Files-S-1-5-21-4105420370-3369507210-3028615837-1004 No Task File <==== ATTENTION
Task: {2329F338-363A-4F6B-B9D5-5992F19F4EA1} - \Optimize Start Menu Cache Files-S-1-5-21-4105420370-3369507210-3028615837-500 No Task File <==== ATTENTION
Task: {238CA5C8-F07E-4F6A-A548-45499010B7A7} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-23] (Microsoft Corporation)
Task: {71F80F89-232A-4966-855C-6FE0FB2E1956} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {843F5273-3392-4FFC-A015-0DA84847EF55} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-24] (Synaptics Incorporated)
Task: {C43512FA-BE5A-4012-A14F-BA2B34634288} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {D40E2186-25E0-4499-BFE4-C994389C4EDF} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-10-12] (CyberLink)
Task: {E6B5E745-C45E-4784-B9EE-70FE7C70454E} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {F3799BF6-D57F-47B0-B8B0-717104309832} - System32\Tasks\{B4B196E5-6F81-42F7-9583-FFE3E9689CDE} => pcalua.exe -a E:\autorun.exe -d E:\

==================== Loaded Modules (whitelisted) ==============

2014-09-08 07:29 - 2009-11-04 13:18 - 00189440 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\lxeedrpp.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Neal\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Noelle\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4105420370-3369507210-3028615837-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Neal\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{EB40A931-D85B-4CCA-B3D4-C1A8C51FD92D}] => (Allow) C:\Windows\system32\lxeecoms.exe
FirewallRules: [{5A5CF6C9-6FB3-4CF7-A892-0DB4543C3058}] => (Block) C:\windows\syswow64\java.exe
FirewallRules: [{5D8777C7-815F-459B-9D56-2EF931A5D0ED}] => (Block) C:\windows\syswow64\java.exe
FirewallRules: [UDP Query User{665BB536-0130-4C51-B5B1-1926C4D4DE97}C:\windows\syswow64\java.exe] => (Allow) C:\windows\syswow64\java.exe
FirewallRules: [TCP Query User{ABC0D633-705D-4D01-A6A6-8B3468C3C741}C:\windows\syswow64\java.exe] => (Allow) C:\windows\syswow64\java.exe
FirewallRules: [{BCE893FD-2BA3-4A07-B47D-ADCEA98A6491}] => (Allow) LPort=52000
FirewallRules: [{1E0D5EFE-D8C3-4139-AE6E-CB833453E3CA}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{9E086A13-706A-4014-B1B0-36070A8A5AA6}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{A6EA8DB4-9C8A-4048-BB3F-1DAAAE352B02}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0ADE7D14-E0FA-4290-978B-32F65B660588}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{FE6B40FC-707E-4F2E-90F8-AB1335156BC4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0D7B6C92-A706-4DA9-AD8C-0EAC8E7D30AE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{853DA728-1141-4D89-A895-B7F4DEB5B004}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{5BA0062D-F4B2-4D7F-97C3-9CAED76EC3E8}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{48C8B771-AE46-44F6-B014-46CAC123D294}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{9E825020-25E9-4D5A-A7A6-992E2F31866D}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{2665AFA2-B5CE-4E26-8932-86A7D3F664C4}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{DD21F78F-AF64-47E1-AACD-D58499719F1E}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{FD5EC627-F3BD-4CC8-920D-45F47DE678B7}] => (Allow) LPort=1900
FirewallRules: [{9835CC22-556D-4430-8243-EE8C26B97658}] => (Allow) LPort=2869
FirewallRules: [{CCF723D3-CB8D-4493-82CA-1AF295CE1A00}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{1A0F3415-E39D-4108-99E4-18767F6B3C02}] => (Allow) C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [TCP Query User{96116EB1-F1C1-46B5-94A7-1CBC1542D2A7}C:\windows\syswow64\rundll32.exe] => (Block) C:\windows\syswow64\rundll32.exe
FirewallRules: [UDP Query User{A50AE27D-B959-4457-84B1-A157E463B340}C:\windows\syswow64\rundll32.exe] => (Block) C:\windows\syswow64\rundll32.exe
FirewallRules: [{FDFC7B1A-BB6F-4915-A551-05CC330D201E}] => (Allow) LPort=53000

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (05/08/2015 05:20:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HPConnectedRemoteService.exe, version: 1.0.1218.0, time stamp: 0x5078a573
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17415, time stamp: 0x54505737
Exception code: 0xe0434352
Fault offset: 0x0000000000008b9c
Faulting process id: 0xa5c
Faulting application start time: 0xHPConnectedRemoteService.exe0
Faulting application path: HPConnectedRemoteService.exe1
Faulting module path: HPConnectedRemoteService.exe2
Report Id: HPConnectedRemoteService.exe3
Faulting package full name: HPConnectedRemoteService.exe4
Faulting package-relative application ID: HPConnectedRemoteService.exe5

Error: (05/08/2015 05:20:03 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: HPConnectedRemoteService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.InvalidOperationException
Stack:
at System.ServiceModel.Security.SecurityUtils.GetCertificateFromStoreCore(System.Security.Cryptography.X509Certificates.StoreName, System.Security.Cryptography.X509Certificates.StoreLocation, System.Security.Cryptography.X509Certificates.X509FindType, System.Object, System.ServiceModel.EndpointAddress, Boolean)
at System.ServiceModel.Security.X509CertificateRecipientServiceCredential.SetCertificate(System.Security.Cryptography.X509Certificates.StoreLocation, System.Security.Cryptography.X509Certificates.StoreName, System.Security.Cryptography.X509Certificates.X509FindType, System.Object)
at SwitchBoard.Utils.WCFServiceHostUtil.setupService(System.Object, System.Type, Int32, Boolean)
at SwitchBoard.SwitchBoardService.RunService()
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Threading.ThreadHelper.ThreadStart()

Error: (05/08/2015 05:19:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HPConnectedRemoteService.exe, version: 1.0.1218.0, time stamp: 0x5078a573
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17415, time stamp: 0x54505737
Exception code: 0xe0434352
Fault offset: 0x0000000000008b9c
Faulting process id: 0xdf0
Faulting application start time: 0xHPConnectedRemoteService.exe0
Faulting application path: HPConnectedRemoteService.exe1
Faulting module path: HPConnectedRemoteService.exe2
Report Id: HPConnectedRemoteService.exe3
Faulting package full name: HPConnectedRemoteService.exe4
Faulting package-relative application ID: HPConnectedRemoteService.exe5

Error: (05/08/2015 05:19:57 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: HPConnectedRemoteService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.InvalidOperationException
Stack:
at System.ServiceModel.Security.SecurityUtils.GetCertificateFromStoreCore(System.Security.Cryptography.X509Certificates.StoreName, System.Security.Cryptography.X509Certificates.StoreLocation, System.Security.Cryptography.X509Certificates.X509FindType, System.Object, System.ServiceModel.EndpointAddress, Boolean)
at System.ServiceModel.Security.X509CertificateRecipientServiceCredential.SetCertificate(System.Security.Cryptography.X509Certificates.StoreLocation, System.Security.Cryptography.X509Certificates.StoreName, System.Security.Cryptography.X509Certificates.X509FindType, System.Object)
at SwitchBoard.Utils.WCFServiceHostUtil.setupService(System.Object, System.Type, Int32, Boolean)
at SwitchBoard.SwitchBoardService.RunService()
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Threading.ThreadHelper.ThreadStart()

Error: (05/08/2015 05:19:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HPConnectedRemoteService.exe, version: 1.0.1218.0, time stamp: 0x5078a573
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17415, time stamp: 0x54505737
Exception code: 0xe0434352
Fault offset: 0x0000000000008b9c
Faulting process id: 0x155c
Faulting application start time: 0xHPConnectedRemoteService.exe0
Faulting application path: HPConnectedRemoteService.exe1
Faulting module path: HPConnectedRemoteService.exe2
Report Id: HPConnectedRemoteService.exe3
Faulting package full name: HPConnectedRemoteService.exe4
Faulting package-relative application ID: HPConnectedRemoteService.exe5

Error: (05/08/2015 05:19:51 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: HPConnectedRemoteService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.InvalidOperationException
Stack:
at System.ServiceModel.Security.SecurityUtils.GetCertificateFromStoreCore(System.Security.Cryptography.X509Certificates.StoreName, System.Security.Cryptography.X509Certificates.StoreLocation, System.Security.Cryptography.X509Certificates.X509FindType, System.Object, System.ServiceModel.EndpointAddress, Boolean)
at System.ServiceModel.Security.X509CertificateRecipientServiceCredential.SetCertificate(System.Security.Cryptography.X509Certificates.StoreLocation, System.Security.Cryptography.X509Certificates.StoreName, System.Security.Cryptography.X509Certificates.X509FindType, System.Object)
at SwitchBoard.Utils.WCFServiceHostUtil.setupService(System.Object, System.Type, Int32, Boolean)
at SwitchBoard.SwitchBoardService.RunService()
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Threading.ThreadHelper.ThreadStart()

Error: (05/08/2015 05:19:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HPConnectedRemoteService.exe, version: 1.0.1218.0, time stamp: 0x5078a573
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17415, time stamp: 0x54505737
Exception code: 0xe0434352
Fault offset: 0x0000000000008b9c
Faulting process id: 0xac8
Faulting application start time: 0xHPConnectedRemoteService.exe0
Faulting application path: HPConnectedRemoteService.exe1
Faulting module path: HPConnectedRemoteService.exe2
Report Id: HPConnectedRemoteService.exe3
Faulting package full name: HPConnectedRemoteService.exe4
Faulting package-relative application ID: HPConnectedRemoteService.exe5

Error: (05/08/2015 05:19:45 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: HPConnectedRemoteService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.InvalidOperationException
Stack:
at System.ServiceModel.Security.SecurityUtils.GetCertificateFromStoreCore(System.Security.Cryptography.X509Certificates.StoreName, System.Security.Cryptography.X509Certificates.StoreLocation, System.Security.Cryptography.X509Certificates.X509FindType, System.Object, System.ServiceModel.EndpointAddress, Boolean)
at System.ServiceModel.Security.X509CertificateRecipientServiceCredential.SetCertificate(System.Security.Cryptography.X509Certificates.StoreLocation, System.Security.Cryptography.X509Certificates.StoreName, System.Security.Cryptography.X509Certificates.X509FindType, System.Object)
at SwitchBoard.Utils.WCFServiceHostUtil.setupService(System.Object, System.Type, Int32, Boolean)
at SwitchBoard.SwitchBoardService.RunService()
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Threading.ThreadHelper.ThreadStart()

Error: (05/08/2015 05:19:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HPConnectedRemoteService.exe, version: 1.0.1218.0, time stamp: 0x5078a573
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17415, time stamp: 0x54505737
Exception code: 0xe0434352
Fault offset: 0x0000000000008b9c
Faulting process id: 0x175c
Faulting application start time: 0xHPConnectedRemoteService.exe0
Faulting application path: HPConnectedRemoteService.exe1
Faulting module path: HPConnectedRemoteService.exe2
Report Id: HPConnectedRemoteService.exe3
Faulting package full name: HPConnectedRemoteService.exe4
Faulting package-relative application ID: HPConnectedRemoteService.exe5

Error: (05/08/2015 05:19:38 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: HPConnectedRemoteService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.InvalidOperationException
Stack:
at System.ServiceModel.Security.SecurityUtils.GetCertificateFromStoreCore(System.Security.Cryptography.X509Certificates.StoreName, System.Security.Cryptography.X509Certificates.StoreLocation, System.Security.Cryptography.X509Certificates.X509FindType, System.Object, System.ServiceModel.EndpointAddress, Boolean)
at System.ServiceModel.Security.X509CertificateRecipientServiceCredential.SetCertificate(System.Security.Cryptography.X509Certificates.StoreLocation, System.Security.Cryptography.X509Certificates.StoreName, System.Security.Cryptography.X509Certificates.X509FindType, System.Object)
at SwitchBoard.Utils.WCFServiceHostUtil.setupService(System.Object, System.Type, Int32, Boolean)
at SwitchBoard.SwitchBoardService.RunService()
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Threading.ThreadHelper.ThreadStart()

System errors:
=============
Error: (05/08/2015 05:20:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HP Connected Remote Service service terminated unexpectedly. It has done this 491 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (05/08/2015 05:19:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HP Connected Remote Service service terminated unexpectedly. It has done this 490 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (05/08/2015 05:19:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HP Connected Remote Service service terminated unexpectedly. It has done this 489 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (05/08/2015 05:19:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HP Connected Remote Service service terminated unexpectedly. It has done this 488 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (05/08/2015 05:19:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HP Connected Remote Service service terminated unexpectedly. It has done this 487 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (05/08/2015 05:19:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HP Connected Remote Service service terminated unexpectedly. It has done this 486 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (05/08/2015 05:19:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HP Connected Remote Service service terminated unexpectedly. It has done this 485 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (05/08/2015 05:19:20 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HP Connected Remote Service service terminated unexpectedly. It has done this 484 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (05/08/2015 05:19:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HP Connected Remote Service service terminated unexpectedly. It has done this 483 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (05/08/2015 05:19:08 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HP Connected Remote Service service terminated unexpectedly. It has done this 482 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Microsoft Office Sessions:
=========================
Error: (05/08/2015 05:20:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: HPConnectedRemoteService.exe1.0.1218.05078a573KERNELBASE.dll6.3.9600.1741554505737e04343520000000000008b9ca5c01d089dd20ce0fa0C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exeC:\WINDOWS\system32\KERNELBASE.dll5f1f1815-f5d0-11e4-becf-38eaa7dc590b

Error: (05/08/2015 05:20:03 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: HPConnectedRemoteService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.InvalidOperationException
Stack:
at System.ServiceModel.Security.SecurityUtils.GetCertificateFromStoreCore(System.Security.Cryptography.X509Certificates.StoreName, System.Security.Cryptography.X509Certificates.StoreLocation, System.Security.Cryptography.X509Certificates.X509FindType, System.Object, System.ServiceModel.EndpointAddress, Boolean)
at System.ServiceModel.Security.X509CertificateRecipientServiceCredential.SetCertificate(System.Security.Cryptography.X509Certificates.StoreLocation, System.Security.Cryptography.X509Certificates.StoreName, System.Security.Cryptography.X509Certificates.X509FindType, System.Object)
at SwitchBoard.Utils.WCFServiceHostUtil.setupService(System.Object, System.Type, Int32, Boolean)
at SwitchBoard.SwitchBoardService.RunService()
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Threading.ThreadHelper.ThreadStart()

Error: (05/08/2015 05:19:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: HPConnectedRemoteService.exe1.0.1218.05078a573KERNELBASE.dll6.3.9600.1741554505737e04343520000000000008b9cdf001d089dd1d250bf0C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exeC:\WINDOWS\system32\KERNELBASE.dll5b787ccb-f5d0-11e4-becf-38eaa7dc590b

Error: (05/08/2015 05:19:57 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: HPConnectedRemoteService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.InvalidOperationException
Stack:
at System.ServiceModel.Security.SecurityUtils.GetCertificateFromStoreCore(System.Security.Cryptography.X509Certificates.StoreName, System.Security.Cryptography.X509Certificates.StoreLocation, System.Security.Cryptography.X509Certificates.X509FindType, System.Object, System.ServiceModel.EndpointAddress, Boolean)
at System.ServiceModel.Security.X509CertificateRecipientServiceCredential.SetCertificate(System.Security.Cryptography.X509Certificates.StoreLocation, System.Security.Cryptography.X509Certificates.StoreName, System.Security.Cryptography.X509Certificates.X509FindType, System.Object)
at SwitchBoard.Utils.WCFServiceHostUtil.setupService(System.Object, System.Type, Int32, Boolean)
at SwitchBoard.SwitchBoardService.RunService()
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Threading.ThreadHelper.ThreadStart()

Error: (05/08/2015 05:19:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: HPConnectedRemoteService.exe1.0.1218.05078a573KERNELBASE.dll6.3.9600.1741554505737e04343520000000000008b9c155c01d089dd1974e61fC:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exeC:\WINDOWS\system32\KERNELBASE.dll57cf7dc4-f5d0-11e4-becf-38eaa7dc590b

Error: (05/08/2015 05:19:51 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: HPConnectedRemoteService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.InvalidOperationException
Stack:
at System.ServiceModel.Security.SecurityUtils.GetCertificateFromStoreCore(System.Security.Cryptography.X509Certificates.StoreName, System.Security.Cryptography.X509Certificates.StoreLocation, System.Security.Cryptography.X509Certificates.X509FindType, System.Object, System.ServiceModel.EndpointAddress, Boolean)
at System.ServiceModel.Security.X509CertificateRecipientServiceCredential.SetCertificate(System.Security.Cryptography.X509Certificates.StoreLocation, System.Security.Cryptography.X509Certificates.StoreName, System.Security.Cryptography.X509Certificates.X509FindType, System.Object)
at SwitchBoard.Utils.WCFServiceHostUtil.setupService(System.Object, System.Type, Int32, Boolean)
at SwitchBoard.SwitchBoardService.RunService()
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Threading.ThreadHelper.ThreadStart()

Error: (05/08/2015 05:19:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: HPConnectedRemoteService.exe1.0.1218.05078a573KERNELBASE.dll6.3.9600.1741554505737e04343520000000000008b9cac801d089dd15c34125C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exeC:\WINDOWS\system32\KERNELBASE.dll541f58f6-f5d0-11e4-becf-38eaa7dc590b

Error: (05/08/2015 05:19:45 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: HPConnectedRemoteService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.InvalidOperationException
Stack:
at System.ServiceModel.Security.SecurityUtils.GetCertificateFromStoreCore(System.Security.Cryptography.X509Certificates.StoreName, System.Security.Cryptography.X509Certificates.StoreLocation, System.Security.Cryptography.X509Certificates.X509FindType, System.Object, System.ServiceModel.EndpointAddress, Boolean)
at System.ServiceModel.Security.X509CertificateRecipientServiceCredential.SetCertificate(System.Security.Cryptography.X509Certificates.StoreLocation, System.Security.Cryptography.X509Certificates.StoreName, System.Security.Cryptography.X509Certificates.X509FindType, System.Object)
at SwitchBoard.Utils.WCFServiceHostUtil.setupService(System.Object, System.Type, Int32, Boolean)
at SwitchBoard.SwitchBoardService.RunService()
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Threading.ThreadHelper.ThreadStart()

Error: (05/08/2015 05:19:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: HPConnectedRemoteService.exe1.0.1218.05078a573KERNELBASE.dll6.3.9600.1741554505737e04343520000000000008b9c175c01d089dd12131dc1C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exeC:\WINDOWS\system32\KERNELBASE.dll506db53b-f5d0-11e4-becf-38eaa7dc590b

Error: (05/08/2015 05:19:38 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: HPConnectedRemoteService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.InvalidOperationException
Stack:
at System.ServiceModel.Security.SecurityUtils.GetCertificateFromStoreCore(System.Security.Cryptography.X509Certificates.StoreName, System.Security.Cryptography.X509Certificates.StoreLocation, System.Security.Cryptography.X509Certificates.X509FindType, System.Object, System.ServiceModel.EndpointAddress, Boolean)
at System.ServiceModel.Security.X509CertificateRecipientServiceCredential.SetCertificate(System.Security.Cryptography.X509Certificates.StoreLocation, System.Security.Cryptography.X509Certificates.StoreName, System.Security.Cryptography.X509Certificates.X509FindType, System.Object)
at SwitchBoard.Utils.WCFServiceHostUtil.setupService(System.Object, System.Type, Int32, Boolean)
at SwitchBoard.SwitchBoardService.RunService()
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Threading.ThreadHelper.ThreadStart()

CodeIntegrity Errors:
===================================
Date: 2015-05-07 01:07:46.241
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\ProgramData\{F66CB4EE-546F-4D54-9332-216DE189AAB0}\recovery.dll that did not meet the Windows signing level requirements.

==================== Memory info ===========================

Processor: AMD A8-4500M APU with Radeon(tm) HD Graphics
Percentage of memory in use: 25%
Total physical RAM: 3554.26 MB
Available physical RAM: 2649.55 MB
Total Pagefile: 4194.26 MB
Available Pagefile: 3233.89 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:565.37 GB) (Free:522.8 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:29.6 GB) (Free:3.47 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: 4FBE1E19)

Partition: GPT Partition Type.

==================== End Of Log ============================

Broni · May 8, 2015

You did fine...hold on...

Broni · May 8, 2015

Is your Windows Defender on?

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Neal Young · May 8, 2015

Defender is off. It states an app disabled it...

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-05-2015 01
Ran by Neal at 2015-05-08 17:37:57 Run:4
Running from C:\Users\Neal\Desktop
Loaded Profiles: Neal (Available profiles: Neal & Sean & Noelle & Administrator)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Users\Neal\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Neal\AppData\Local\Temp\Quarantine.exe
C:\Users\Neal\AppData\Local\Temp\sqlite3.dll
Task: {1FD9D182-D027-48BA-8522-0E8CD62C4B1A} - \Optimize Start Menu Cache Files-S-1-5-21-4105420370-3369507210-3028615837-1004 No Task File <==== ATTENTION
Task: {2329F338-363A-4F6B-B9D5-5992F19F4EA1} - \Optimize Start Menu Cache Files-S-1-5-21-4105420370-3369507210-3028615837-500 No Task File <==== ATTENTION
AlternateDataStreams: C:\Users\Neal\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Noelle\OneDrive:ms-properties

*****************

C:\Users\Neal\AppData\Local\Temp\dllnt_dump.dll => Moved successfully.
C:\Users\Neal\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Neal\AppData\Local\Temp\sqlite3.dll => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1FD9D182-D027-48BA-8522-0E8CD62C4B1A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1FD9D182-D027-48BA-8522-0E8CD62C4B1A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimize Start Menu Cache Files-S-1-5-21-4105420370-3369507210-3028615837-1004" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2329F338-363A-4F6B-B9D5-5992F19F4EA1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2329F338-363A-4F6B-B9D5-5992F19F4EA1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimize Start Menu Cache Files-S-1-5-21-4105420370-3369507210-3028615837-500" => Key deleted successfully.
"C:\Users\Neal\OneDrive" => ":ms-properties" ADS not found.
"C:\Users\Noelle\OneDrive" => ":ms-properties" ADS not found.

==== End of Fixlog 17:37:58 ====

Broni · May 8, 2015

Turn Windows Defender on since I don't see any other AV program running.

Last scans....

Download Security Check from here or here and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
- Windows Defender
- Other Services
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

Double click the icon and select Run
Click Next
Select I accept the terms in this license agreement, then click Next twice
Click Install
Click Finish to launch the program
Once the virus database has been updated click Start Scanning
If any threats are found click Details, then View log file... (bottom left hand corner)
Copy and paste the results in your reply
Close the Notepad document, close the Threat Details screen, then click Start cleanup
Click Exit to close the program

Neal Young · May 8, 2015

How to enable Windows Defender?

Security Check log:
Results of screen317's Security Check version 1.001
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
`````````Anti-malware/Other Utilities Check:`````````
Java 2 Runtime Environment, SE v1.4.1_02
Java version 32-bit out of Date!
Mozilla Firefox 32.0.1 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

Broni · May 8, 2015

http://windows.microsoft.com/en-us/...on-off#turn-windows-defender-on-off=windows-7

Neal Young · May 8, 2015

It just keeps saying:
This app has been turned off and isn't monitoring your compute. If you're using another app to check for malicious or unwanted sw, use Security and Maintenance to check that app's status.

Neal Young · May 8, 2015

Farbar Service Scanner Version: 17-01-2015
Ran by Neal (administrator) on 08-05-2015 at 17:58:26
Running from "C:\Users\Neal\Desktop"
Microsoft Windows 8.1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Policy:
========================

Action Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Disabled. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Disabled. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Disabled. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

Broni · May 8, 2015

Press Windows logo key

and start typing the following:
services.msc
Press Enter.

Services window will open.
Scroll down to Windows Defender Service, right click on it and under "Startup type" select "Automatic" from drop down menu.
Do the very same for Background Intelligent Transfer Service (BITS) service.

Restart computer, post fresh FSS log.

Neal Young · May 9, 2015

BITS si now set to Automatic startup.
Defender's Startup Type is ghosted (not available).
When I attempt to start it it says:
Windows could not start the WIndoes Defender Service on Local Computer.
Error 577: Windows cannot verify the dig signature for this file.

Neal Young · May 9, 2015

I will Restart and try again.

Neal Young · May 9, 2015

Error 577 again after reboot.

Broni · May 9, 2015

Something is interfering there.

Please post fresh FSS log.

Neal Young · May 10, 2015

Farbar Service Scanner Version: 17-01-2015
Ran by Neal (administrator) on 10-05-2015 at 06:39:08
Running from "C:\Users\Neal\Desktop"
Microsoft Windows 8.1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Policy:
========================

Action Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Disabled. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Disabled. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

Broni · May 10, 2015

Press Windows logo key

and start typing the following:
services.msc
Press Enter.
Find Security Center service.
Right click on it, click "Properties" and under "Startup type select "Automatic" from drop down menu.

Following steps involve registry editing. Please create new restore point before proceeding!!!
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download WinDefend.reg
Double click on downloaded file and confirm the prompt.
Restart computer.
Post new FSS log.

Neal Young · May 10, 2015

Farbar Service Scanner Version: 17-01-2015
Ran by Neal (administrator) on 10-05-2015 at 16:33:00
Running from "C:\Users\Neal\Desktop"
Microsoft Windows 8.1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Policy:
========================

Action Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Disabled. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

Broni · May 10, 2015

It looks better but we still have issue with Windows Defender.

Download Windows Repair (All in One) from this site

Install the program then run it.

NOTE 1. In Windows Vista, 7 and 8 right click on the program, click "Run As Administrator".
NOTE 2. Disable your antivirus program before running Windows Repair.

Go to Step 3 and click on Check button next to 1. See If Check Disk Is Needed.
If the tool that the Check Disk is needed click on Do It button next to 2. Check Disk.
In that case make sure you restart computer.

Once the above is done go to Step 4 and allow it to run System File Check by clicking on Do It button:

Go to Step 5 and under "System Restore" click on Create button:

Go to Repairs tab and click Open Repairs button.

In next window....
Leave all checkmarks as they're.
Click on Start Repairs button.

Post Windows Repair log which is located in the following folder:
64-bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs

Neal Young · May 11, 2015

Tweaking.com - Windows Repair v3.1.4
--------------------------------------------------------------------------------

System Variables
--------------------------------------------------------------------------------
OS: Windows 8.1
OS Architecture: 64-bit
OS Version: 6.3.9600
OS Service Pack:
Computer Name: HOMESCHOOL1
Windows Drive: C:\
Windows Path: C:\WINDOWS
Program Files: C:\Program Files
Program Files (x86): C:\Program Files (x86)
Current Profile: C:\Users\Neal
Current Profile SID: S-1-5-21-4105420370-3369507210-3028615837-1002
Current Profile Classes: S-1-5-21-4105420370-3369507210-3028615837-1002_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\WINDOWS\ServiceProfiles
Local Settings AppData: C:\Users\Neal\AppData\Local
--------------------------------------------------------------------------------

System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 15:41:37

Process Count: 52
Commit Total: 1.19 GB
Commit Limit: 4.10 GB
Commit Peak: 2.55 GB
Handle Count: 18939
Kernel Total: 311.18 MB
Kernel Paged: 230.15 MB
Kernel Non Paged: 81.03 MB
System Cache: 2.46 GB
Thread Count: 626
--------------------------------------------------------------------------------

Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 3.47 GB
Memory Used: 1.08 GB(31.2128%)
Memory Avail.: 2.39 GB
--------------------------------------------------------------------------------

Cleaning Memory Before Starting Repairs...

Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 3.47 GB
Memory Used: 791.90 MB(22.2803%)
Memory Avail.: 2.70 GB
--------------------------------------------------------------------------------

Starting Repairs...
Started at (5/11/2015 8:11:41 AM)

Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...
Total Missing 'InstallDate' Fixed: 84

01 - Reset Registry Permissions
Restore Windows 8 Default Registry Permissions
Start (5/11/2015 8:11:44 AM)

Decompressing & Updating Windows Permission File hkud.txt
Done, 0.55 seconds.

Decompressing & Updating Windows Permission File hkcu.txt
Done, 0.36 seconds.

Decompressing & Updating Windows Permission File hkcr.txt
Done, 1.47 seconds.

Decompressing & Updating Windows Permission File hklm.txt
Done, 3.47 seconds.

Running Repair Under System Account
Running Repair Under Current User Account
Done (5/11/2015 8:18:53 AM)

03 - Reset Service Permissions
Start (5/11/2015 8:18:53 AM)

Running Repair Under Current User Account
Running Repair Under System Account
Done (5/11/2015 8:19:03 AM)

04 - Register System Files
Start (5/11/2015 8:19:03 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (5/11/2015 8:19:35 AM)

05 - Repair WMI
Start (5/11/2015 8:19:35 AM)

Starting Security Center So We Can Export The Security Info.

Exporting Antivirus Info...
No Antivirus Products Reported.

Exporting AntiSpyware Info...
No AntiSpyware Products Reported.

Exporting 3rd Party Firewall Info...
No Firewall Products Reported.

Running Repair Under Current User Account
Done (5/11/2015 8:27:00 AM)

06 - Repair Windows Firewall
Start (5/11/2015 8:27:00 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (5/11/2015 8:27:38 AM)

07 - Repair Internet Explorer
Start (5/11/2015 8:27:38 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (5/11/2015 8:28:09 AM)

08 - Repair MDAC/MS Jet
Start (5/11/2015 8:28:09 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (5/11/2015 8:28:19 AM)

09 - Repair Hosts File
Start (5/11/2015 8:28:19 AM)
Running Repair Under System Account
Done (5/11/2015 8:28:20 AM)

10 - Remove Policies Set By Infections
Start (5/11/2015 8:28:20 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (5/11/2015 8:28:24 AM)

12 - Repair Icons
Start (5/11/2015 8:28:24 AM)
Running Repair Under Current User Account
Done (5/11/2015 8:28:25 AM)

13 - Repair Winsock & DNS Cache
Start (5/11/2015 8:28:25 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (5/11/2015 8:28:38 AM)

15 - Repair Proxy Settings
Start (5/11/2015 8:28:38 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (5/11/2015 8:28:40 AM)

17 - Repair Windows Updates
Start (5/11/2015 8:28:40 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Setting Windows Updates Files That Are In Use To Be Removed At Next Boot.
Done (5/11/2015 8:29:11 AM)

18 - Repair CD/DVD Missing/Not Working
Start (5/11/2015 8:29:12 AM)
iTunes not found, not applying UpperFilters iTunes Reg Key
Done (5/11/2015 8:29:12 AM)

19 - Repair Volume Shadow Copy Service
Start (5/11/2015 8:29:12 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (5/11/2015 8:29:33 AM)

21 - Repair MSI (Windows Installer)
Start (5/11/2015 8:29:33 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (5/11/2015 8:29:44 AM)

23.01 - Repair bat Association
Start (5/11/2015 8:29:44 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (5/11/2015 8:29:46 AM)

23.02 - Repair cmd Association
Start (5/11/2015 8:29:46 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (5/11/2015 8:29:48 AM)

23.03 - Repair com Association
Start (5/11/2015 8:29:48 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (5/11/2015 8:29:50 AM)

23.04 - Repair Directory Association
Start (5/11/2015 8:29:50 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (5/11/2015 8:29:52 AM)

23.05 - Repair Drive Association
Start (5/11/2015 8:29:52 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (5/11/2015 8:29:55 AM)

23.06 - Repair exe Association
Start (5/11/2015 8:29:55 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (5/11/2015 8:29:57 AM)

23.07 - Repair Folder Association
Start (5/11/2015 8:29:57 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (5/11/2015 8:29:59 AM)

23.08 - Repair inf Association
Start (5/11/2015 8:29:59 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (5/11/2015 8:30:01 AM)

23.09 - Repair lnk (Shortcuts) Association
Start (5/11/2015 8:30:01 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (5/11/2015 8:30:04 AM)

23.10 - Repair msc Association
Start (5/11/2015 8:30:04 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (5/11/2015 8:30:06 AM)

23.11 - Repair reg Association
Start (5/11/2015 8:30:06 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (5/11/2015 8:30:08 AM)

23.12 - Repair scr Association
Start (5/11/2015 8:30:08 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (5/11/2015 8:30:10 AM)

24 - Repair Windows Safe Mode
Start (5/11/2015 8:30:10 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (5/11/2015 8:30:13 AM)

25 - Repair Print Spooler
Start (5/11/2015 8:30:13 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (5/11/2015 8:30:27 AM)

26 - Restore Important Windows Services
Start (5/11/2015 8:30:27 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (5/11/2015 8:30:36 AM)

27 - Set Windows Services To Default Startup
Start (5/11/2015 8:30:36 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (5/11/2015 8:30:41 AM)

28.01 - Repair Windows 8 App Store
Start (5/11/2015 8:30:41 AM)

Decompressing & Updating Windows Permission File hkcu.txt
Done, 0.25 seconds.

Running Repair Under Current User Account
Done (5/11/2015 8:32:07 AM)

29 - Repair Windows 8 Component Store
Start (5/11/2015 8:32:07 AM)
Running Repair Under Current User Account
Done (5/11/2015 9:26:28 AM)

30 - Restore Windows 8 COM+ Unmarshalers
Start (5/11/2015 9:26:28 AM)
Running Repair Under System Account
Processing ACL of: <classes_root\Unmarshalers>

SetACL finished with error(s):
SetACL error message: The call to SetNamedSecurityInfo () failed
Operating system error message: Access is denied.

Done (5/11/2015 9:26:30 AM)

31 - Repair Windows 'New' Submenu
Start (5/11/2015 9:26:31 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (5/11/2015 9:26:33 AM)

33 - Repair Performance Counters
Start (5/11/2015 9:26:33 AM)
Running Repair Under Current User Account
Done (5/11/2015 9:26:52 AM)

Cleaning up empty logs...

All Selected Repairs Done.
Done at (5/11/2015 9:26:53 AM)
Total Repair Time: 01:15:13

...YOU MUST RESTART YOUR SYSTEM...

Solved Cryptowall 3.0 on W8

Posts: 38 +0

Posts: 38 +0

Posts: 56,041 +516

Posts: 38 +0

Posts: 38 +0

Posts: 56,041 +516

Posts: 38 +0

Posts: 56,041 +516

Posts: 56,041 +516

Attachments

Posts: 38 +0

Posts: 56,041 +516

Posts: 38 +0

Posts: 56,041 +516

Posts: 38 +0

Posts: 38 +0

Posts: 56,041 +516

Posts: 38 +0

Posts: 38 +0

Posts: 38 +0

Posts: 56,041 +516

Posts: 38 +0

Posts: 56,041 +516

Posts: 38 +0

Posts: 56,041 +516

Posts: 38 +0

Similar threads