Nathanthwaites

Oh sorry I got annoyed and put the laptop back to factory settings so it is now Windows 7 but is still not working right keeps crashing with a blue screen saying it had to close to aviod damaging the computer

onal scan result of Farbar Recovery Scan Tool (x64) Version: 27-07-2016 Ran by emma davidson (2016-08-01 11:07:15) Running from C:\Users\emma davidson\AppData\Local\Temp\qd2sb22f.tmp Windows 7 Home Premium Service Pack 1 (X64) (2016-07-30 13:15:37) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-4073922747-2697754513-844342624-500 - Administrator - Disabled) emma davidson (S-1-5-21-4073922747-2697754513-844342624-1002 - Administrator - Enabled) => C:\Users\emma davidson Guest (S-1-5-21-4073922747-2697754513-844342624-501 - Limited - Enabled) HomeGroupUser$ (S-1-5-21-4073922747-2697754513-844342624-1003 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AV: Norton Internet Security (Disabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF} AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} AS: Norton Internet Security (Disabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Internet Security (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-4073922747-2697754513-844342624-1002\...\uTorrent) (Version: 3.4.8.42445 - BitTorrent Inc.) Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.3.183.10 - Adobe Systems Incorporated) Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated) Adobe Reader X (10.1.0) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.0 - Adobe Systems Incorporated) Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.1.629 - Adobe Systems, Inc.) Advanced SystemCare 9 (HKLM-x32\...\Advanced SystemCare_is1) (Version: 9.4.0 - IObit) AMD Catalyst Install Manager (HKLM\...\{ACD449FA-9DF3-779D-DA68-11D486963225}) (Version: 3.0.847.0 - Advanced Micro Devices, Inc.) AMD System Monitor (HKLM-x32\...\{6EFD0C42-4CC1-4716-A0CA-21C1A062CF34}) (Version: 1.0.9 - Advanced Micro Devices, Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.18.354 - Avira Operations GmbH & Co. KG) Avira Launcher (HKLM-x32\...\{92a7fd6b-31e5-472f-862e-79214c5032ef}) (Version: 1.1.67.18988 - Avira Operations GmbH & Co. KG) Avira Launcher (x32 Version: 1.1.67.18988 - Avira Operations GmbH & Co. KG) Hidden Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 1.3.1.30415 - Avira Operations GmbH & Co. KG) Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 2.5.5.2425 - Avira Operations GmbH & Co. KG) BBC iPlayer Downloads (HKLM-x32\...\{148784F3-3B6E-4DFA-B7A1-3400B277DAF3}) (Version: 1.14.2 - BBC) Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden Bing Bar (HKLM-x32\...\{9FA13759-5C2B-4177-9DDC-0038F8B5BEFD}) (Version: 7.0.826.0 - Microsoft Corporation) Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden Blio (HKLM-x32\...\{741006D1-7B2B-4E33-B2B0-831F282EEF64}) (Version: 2.2.8188 - K-NFB Reading Technology, Inc.) CCleaner (HKLM\...\CCleaner) (Version: 5.20 - Piriform) Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.0.4528 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard) Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.22 - Evernote Corp.) Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.82 - Google Inc.) Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden Hewlett-Packard ACLM.NET v1.1.2.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden Hola™ 1.15.82 - Better Internet (HKLM\...\Hola) (Version: 1.15.82 - Hola Networks Ltd.) <==== ATTENTION Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden HP Documentation (HKLM-x32\...\{3D5C7E0E-AEC0-40EB-99D3-C40469738040}) (Version: 1.1.0.0 - Hewlett-Packard) HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent) HP Launch Box (HKLM\...\{BF1E75D0-E7AF-4BEA-9FBC-567F0C54BDF9}) (Version: 1.0.12 - Hewlett-Packard Company) HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company) HP Power Manager (HKLM-x32\...\{E44578C7-4667-4124-8BC2-1161BCA54978}) (Version: 1.4.4 - Hewlett-Packard Company) HP Quick Launch (HKLM-x32\...\{285F722C-0E45-47DE-B38E-5B3B10FA4A7C}) (Version: 2.5.2 - Hewlett-Packard Company) HP QuickWeb (HKLM-x32\...\{BB4FC2AD-DF12-4EE1-8AA7-2C0A26B5E2FB}) (Version: 3.1.1.10197 - Hewlett-Packard Company) HP Security Assistant (HKLM\...\{562608FE-2051-4488-BF22-8CE4C03046AC}) (Version: 1.0.12 - Hewlett-Packard) HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15076.3891 - Hewlett-Packard Company) HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.14901.3869 - Hewlett-Packard Company) HP Software Framework (HKLM-x32\...\{AF240B18-034B-4A82-B3FC-0B879C4BAE2E}) (Version: 4.5.1.1 - Hewlett-Packard Company) HP Support Assistant (HKLM-x32\...\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}) (Version: 6.1.12.1 - Hewlett-Packard Company) IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6341.0 - IDT) IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 5.4.0.125 - IObit) Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 4.1.1.5 - PandoraTV) Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden Luxor HD (x32 Version: 2.2.0.98 - WildTangent) Hidden Magic Desktop (HKLM-x32\...\EasyBits Magic Desktop) (Version: 3.0 - EasyBits Software AS) Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Norton Internet Security (HKLM-x32\...\NIS) (Version: 19.1.0.28 - Symantec Corporation) opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation) Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.40.126.2011 - Realtek) Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.83 - Realtek Semiconductor Corp.) REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.11.0706 - REALTEK Semiconductor Corp.) RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) Hidden Safari (HKLM-x32\...\{A08BAD08-9AA3-410F-98F3-C92C8EE37218}) (Version: 5.34.54.16 - Apple Inc.) Skype™ 5.5 (HKLM-x32\...\{AA59DDE4-B672-4621-A016-4C248204957A}) (Version: 5.5.117 - Skype Technologies S.A.) Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.11.0 - Synaptics Incorporated) The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98 - WildTangent) Hidden Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.5.0.0 - Elaborate Bytes) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN) WildTangent Games App (HP Games) (x32 Version: 4.0.5.32 - WildTangent) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH) Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {04495670-04D4-47BC-9154-BB7D62A06C82} - System32\Tasks\Avira System Speedup Tray => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.Systray.exe [2016-07-14] (Avira Operations GmbH & Co. KG) Task: {06E8F76D-B5E2-41A9-9A99-3086352C5C77} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.) Task: {19D1F29B-C816-4751-95F4-35A7D92E496B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe [2011-09-10] (Hewlett-Packard Company) Task: {2831A794-3124-415B-A575-2C8EC3CA3A16} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {40CDD0F7-159E-4964-BC50-A6342C0DD9EF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-10] (Hewlett-Packard Company) Task: {5D73B828-797F-4F91-90FA-7E67F01989D9} - System32\Tasks\HPCeeScheduleForemma davidson => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard) Task: {60C2B9B7-65CB-43CA-B687-433CC0FFE38D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-30] (Adobe Systems Incorporated) Task: {643757D4-B977-4D40-8028-0B7DC45E6F5E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-07-13] (Piriform Ltd) Task: {6679D3EE-7942-48C1-8402-429AAC2CD1D6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-06-14] (Hewlett-Packard) Task: {6DD7FB9D-F99B-4023-9915-ED11BC6DE2FF} - System32\Tasks\HPCeeScheduleForEMMADAVIDSON-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard) Task: {70AA37F9-FE65-445B-9A78-96BFBEA07A55} - System32\Tasks\ASC9_SkipUac_emma davidson => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe [2016-07-28] (IObit) Task: {764C3A50-0FCD-4848-842E-FDABF2931E89} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.) Task: {86A8D7F7-97A8-4F1D-A96E-597DDC456B31} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\SymErr.exe [2011-08-11] (Symantec Corporation) Task: {974C44FB-8DA6-4BD2-BA63-52FEFDF5ED4C} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\WSCStub.exe [2011-08-13] (Symantec Corporation) Task: {9A25E3E3-392C-4040-A8E6-D3C56613EF7F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-10] (Hewlett-Packard Company) Task: {A04468BA-B334-4A79-AD41-E97F3661972C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-30] (Google Inc.) Task: {A661E554-F01A-452E-A575-A256A054E4FD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-30] (Google Inc.) Task: {CCCD1F31-46D4-400A-A224-8B6E058A98DF} - System32\Tasks\Uninstaller_SkipUac_emma_davidson => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2016-06-24] (IObit) Task: {D642F638-2F33-48EB-8082-0DBDCA450173} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.) Task: {EAEA1213-781C-49EB-AEAA-03C58FB8F4FB} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\SymErr.exe [2011-08-11] (Symantec Corporation) Task: {EBCC3DFE-1600-40E8-AEE7-BA3297473397} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\Dependencies\RemEngine.exe [2011-09-29] () Task: {F14F8C01-7D35-470E-916F-867F96029520} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-09-28] (CyberLink) Task: {FE829B80-C227-42DB-AA9B-C9BD630F9A52} - System32\Tasks\ASC9_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe [2016-07-20] (IObit) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\HPCeeScheduleForemma davidson.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe Task: C:\Windows\Tasks\HPCeeScheduleForEMMADAVIDSON-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2011-09-28 14:19 - 2011-09-28 14:19 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll 2011-09-30 18:40 - 2011-09-30 18:40 - 00107320 _____ () C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe 2011-09-28 14:19 - 2011-09-28 14:19 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll 2011-09-28 14:06 - 2011-09-28 14:06 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2011-06-17 21:42 - 2011-06-17 21:42 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll 2016-07-30 16:14 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2016-07-30 16:14 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl 2016-07-30 16:14 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2016-07-30 16:14 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll 2016-07-30 16:14 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll 2016-07-30 16:20 - 2015-12-23 18:32 - 00355616 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madExcept_.bpl 2016-07-30 16:20 - 2015-12-23 18:32 - 00190240 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madBasic_.bpl 2016-07-30 16:20 - 2015-12-23 18:32 - 00057632 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madDisAsm_.bpl 2016-07-30 16:20 - 2015-12-28 13:50 - 00899872 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\webres.dll 2016-07-30 16:20 - 2015-12-28 13:49 - 00629536 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStatistics.dll 2016-07-30 16:20 - 2015-12-23 18:32 - 00190240 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl 2016-07-30 16:20 - 2015-12-23 18:32 - 00057632 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl 2012-03-07 19:15 - 2012-03-07 19:15 - 00087912 _____ () C:\Program Files (x86)\Safari\Apple Application Support\zlib1.dll 2012-03-07 19:15 - 2012-03-07 19:15 - 01242472 _____ () C:\Program Files (x86)\Safari\Apple Application Support\libxml2.dll 2016-07-30 15:42 - 2016-06-28 09:23 - 01665024 _____ () C:\Program Files\Hola\app\chromium\49.0.2623.110\libglesv2.dll 2016-07-30 15:42 - 2016-06-28 09:23 - 00074752 _____ () C:\Program Files\Hola\app\chromium\49.0.2623.110\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-4073922747-2697754513-844342624-1002\...\hola.org -> hxxp://hola.org ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-4073922747-2697754513-844342624-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\emma davidson\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.254 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: GamesAppService => 3 MSCONFIG\startupreg: Magic Desktop for HP notification => "C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe" MSCONFIG\startupreg: VirtualCloneDrive => "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{CD8B3301-C5E8-4319-8E9F-C73CCF354698}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{AE0995DA-699D-4BE0-A7A0-E82020B5A25F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{CB7CD860-C4B1-4657-8280-9CA7C4A3B131}] => (Allow) LPort=2869 FirewallRules: [{B94A7292-BCF5-4935-A648-AD9D6A09A6F5}] => (Allow) LPort=1900 FirewallRules: [{7A0D0B03-796D-4DC7-BD5C-CB266B9AC579}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{72EA8F5E-A93A-4465-878A-AC364C1794E0}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe FirewallRules: [{0E65082C-A64C-4B66-9257-689BF538B64A}] => (Allow) C:\Windows\system32\ezSharedSvcHost.exe FirewallRules: [{EFF791D3-8243-4912-8DD5-E4620AC6D597}] => (Allow) C:\Program Files (x86)\EasyBits For Kids\ezDesktop.exe FirewallRules: [{4C3E173A-40D1-404A-AB8B-6768F516F8E6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{3F12571D-356E-4828-83B1-EE68B073E333}] => (Allow) C:\Users\emma davidson\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{219DFB33-3C11-4097-A662-B2305ECE4386}] => (Allow) C:\Users\emma davidson\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{A9A6D887-7AA4-4FF0-A536-4DB083D72E54}] => (Allow) C:\Users\emma davidson\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{D9EB8607-5AC7-4A2B-A3C6-EFAA2EBD815A}] => (Allow) C:\Users\emma davidson\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{2345E9AC-0552-4E71-8217-05FCBB2B5AF2}] => (Allow) C:\Users\emma davidson\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{1B7FCBFC-64CF-4A22-BBFB-DDE0EEE6F402}] => (Allow) C:\Users\emma davidson\AppData\Roaming\uTorrent\uTorrent.exe StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service ==================== Restore Points ========================= 30-07-2016 14:24:17 Installed Safari 30-07-2016 14:47:10 Avira System Speedup 2.5.5 30-07-2016 15:24:58 Device Driver Package Install: TAP-Windows Provider V9 Network adapters 30-07-2016 23:27:04 Installed BBC iPlayer Downloads ==================== Faulty Device Manager Devices ============= Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (08/01/2016 10:29:19 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/01/2016 09:58:01 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/31/2016 10:53:48 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/31/2016 09:14:15 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80004005 Error: (07/30/2016 09:11:27 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/30/2016 08:38:29 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/30/2016 06:01:21 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program HPSFMsgr.exe version 6.0.0.16 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: d6c Start Time: 01d1ea7d95d74802 Termination Time: 83 Application Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Report Id: 20889eb1-5677-11e6-a3c9-ec9a7458f505 Error: (07/30/2016 04:04:14 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: uTorrent-3-4-6-build-42178.exe, version: 0.0.0.0, time stamp: 0x570431a2 Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7ba58 Exception code: 0xc0000005 Fault offset: 0x0003e991 Faulting process id: 0x1f04 Faulting application start time: 0xuTorrent-3-4-6-build-42178.exe0 Faulting application path: uTorrent-3-4-6-build-42178.exe1 Faulting module path: uTorrent-3-4-6-build-42178.exe2 Report Id: uTorrent-3-4-6-build-42178.exe3 Error: (07/30/2016 03:25:33 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program Avira.SystemSpeedup.UI.Application.exe version 2.5.5.2425 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 14f0 Start Time: 01d1ea6c8c695047 Termination Time: 4236 Application Path: C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.Application.exe Report Id: 585b9f13-5661-11e6-a3c9-ec9a7458f505 Error: (07/30/2016 03:10:43 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (08/01/2016 10:57:04 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service. Error: (08/01/2016 10:18:27 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED} Error: (08/01/2016 09:58:19 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service. Error: (07/31/2016 10:53:01 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Avira Phantom VPN service to connect. Error: (07/31/2016 10:52:26 PM) (Source: BugCheck) (EventID: 1001) (User: ) Description: 0x00000019 (0x0000000000000020, 0xfffffa8006326170, 0xfffffa8006326190, 0x0000000004020003)C:\Windows\MEMORY.DMP073116-22120-01 Error: (07/31/2016 10:52:24 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 22:51:06 on ‎31/‎07/‎2016 was unexpected. Error: (07/31/2016 08:49:40 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the hola_svc service. Error: (07/30/2016 11:23:33 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the hola_svc service. Error: (07/30/2016 09:10:17 PM) (Source: BugCheck) (EventID: 1001) (User: ) Description: 0x00000019 (0x0000000000000020, 0xfffffa8006e91290, 0xfffffa8006e912b0, 0x0000000004020008)C:\Windows\MEMORY.DMP073016-16894-01 Error: (07/30/2016 09:10:17 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 20:56:43 on ‎30/‎07/‎2016 was unexpected. ==================== Memory info =========================== Processor: AMD E2-3000M APU with Radeon(tm) HD Graphics Percentage of memory in use: 70% Total physical RAM: 3561.41 MB Available physical RAM: 1044.42 MB Total Virtual: 7121.01 MB Available Virtual: 2514.21 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:441.79 GB) (Free:389.33 GB) NTFS ==>[system with boot components (obtained from drive)] Drive d: (Recovery) (Fixed) (Total:19.81 GB) (Free:2.1 GB) NTFS ==>[system with boot components (obtained from drive)] Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.08 GB) FAT32 ==================== MBR & Partition Table ================== Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-07-2016 Ran by emma davidson (administrator) on EMMADAVIDSON-HP (01-08-2016 11:05:05) Running from C:\Users\emma davidson\AppData\Local\Temp\qd2sb22f.tmp Loaded Profiles: emma davidson (Available Profiles: emma davidson) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 9 (Default browser: "C:\Program Files (x86)\Safari\Safari.exe" -url "%1") Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe (AMD) C:\Windows\System32\atiesrxx.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (AMD) C:\Windows\System32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe (Hola Networks Ltd.) C:\Program Files\Hola\app\hola_svc.exe (Hola Networks Ltd.) C:\Program Files\Hola\app\hola_updater.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.Systray.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Hola Networks Ltd.) C:\Program Files\Hola\app\hola.exe (IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe () C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avcenter.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Apple Inc.) C:\Program Files (x86)\Safari\Safari.exe (Apple Inc.) C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2011-06-10] (Synaptics Incorporated) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-05-27] (IDT, Inc.) HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [43320 2011-09-30] (Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [hola] => C:\Program Files\Hola\app\hola.exe [2160816 2016-07-20] (Hola Networks Ltd.) <===== ATTENTION HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-09-28] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [HPQuickWebProxy] => C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [169528 2011-10-08] (Hewlett-Packard Company) HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [574008 2011-07-11] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated) HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-09-15] (EasyBits Software AS) HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [67840 2016-07-11] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [831064 2016-07-18] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Avira System Speedup User Starter] => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [17008 2016-07-14] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKU\S-1-5-21-4073922747-2697754513-844342624-1002\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.) HKU\S-1-5-21-4073922747-2697754513-844342624-1002\...\Run: [Advanced SystemCare 9] => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe [2023712 2016-07-27] (IObit) HKU\S-1-5-21-4073922747-2697754513-844342624-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8891608 2016-07-13] (Piriform Ltd) ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2011-10-15] (EasyBits Software Corp.) BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{4FEC5B48-9713-4AE2-8D5E-022965A998FE}: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{C28C5DBE-2B8D-4CC7-B5B8-26ED8F9DFF4A}: [DhcpNameServer] 40.22.1.201 40.22.1.202 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/2 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/2 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/2 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/2 HKU\S-1-5-21-4073922747-2697754513-844342624-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/2 HKU\S-1-5-21-4073922747-2697754513-844342624-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/2 SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKLM -> {6CFE476D-5A9B-4DA2-9845-BBB998B54DB2} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/710-111095-2958-3/4?mpre=hxxp://www.ebay.co.uk/sch/i.html?_nkw={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> {6CFE476D-5A9B-4DA2-9845-BBB998B54DB2} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/710-111095-2958-3/4?mpre=hxxp://www.ebay.co.uk/sch/i.html?_nkw={searchTerms} SearchScopes: HKU\S-1-5-21-4073922747-2697754513-844342624-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-4073922747-2697754513-844342624-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-4073922747-2697754513-844342624-1002 -> {6CFE476D-5A9B-4DA2-9845-BBB998B54DB2} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-4073922747-2697754513-844342624-1002 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKU\S-1-5-21-4073922747-2697754513-844342624-1002 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKU\S-1-5-21-4073922747-2697754513-844342624-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/710-111095-2958-3/4?mpre=hxxp://www.ebay.co.uk/sch/i.html?_nkw={searchTerms} BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2015-11-12] (IObit) BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2011-06-07] (Advanced Micro Devices) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06] (Adobe Systems Incorporated) BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\coIEPlg.dll [2011-08-11] (Symantec Corporation) BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2011-06-07] (Advanced Micro Devices) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\IPS\IPSBHO.DLL [2011-07-25] (Symantec Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.) BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-08-01] (Microsoft Corporation.) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\coIEPlg.dll [2011-08-11] (Symantec Corporation) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-08-01] (Microsoft Corporation.) Toolbar: HKU\S-1-5-21-4073922747-2697754513-844342624-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices) Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices) Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices) Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices) FireFox: ======== FF ProfilePath: C:\Users\emma davidson\AppData\Roaming\Mozilla\Firefox\Profiles\SlCRBLyi.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-30] () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-30] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-04-01] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-08] () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2011-06-06] (Adobe Systems Inc.) FF Extension: Avira Browser Safety - C:\Users\emma davidson\AppData\Roaming\Mozilla\Firefox\Profiles\SlCRBLyi.default\Extensions\abs@avira.com [2016-07-30] FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn [2016-07-30] [not signed] FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn [2016-08-01] [not signed] Chrome: ======= CHR Profile: C:\Users\emma davidson\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\emma davidson\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-07-31] CHR Extension: (Google Drive) - C:\Users\emma davidson\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-31] CHR Extension: (YouTube) - C:\Users\emma davidson\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-31] CHR Extension: (Avira Browser Safety) - C:\Users\emma davidson\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-07-31] CHR Extension: (Google Docs Offline) - C:\Users\emma davidson\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-31] CHR Extension: (ModHeader) - C:\Users\emma davidson\AppData\Local\Google\Chrome\User Data\Default\Extensions\idgpnmonknjnojddfkpgkljpfnnfcklj [2016-07-31] CHR Extension: (Norton Security Toolbar) - C:\Users\emma davidson\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2016-07-31] CHR Extension: (Chrome Web Store Payments) - C:\Users\emma davidson\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-31] CHR Extension: (Gmail) - C:\Users\emma davidson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-31] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\Extensions\Chrome.crx [2012-03-20] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdvancedSystemCareService9; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [452384 2016-07-25] (IObit) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-09-28] (Advanced Micro Devices, Inc.) [File not signed] R2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [989696 2016-07-18] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [472112 2016-07-18] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [472112 2016-07-18] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1453696 2016-07-18] (Avira Operations GmbH & Co. KG) R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [309384 2016-07-11] (Avira Operations GmbH & Co. KG) R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [231256 2016-07-13] (Avira Operations GmbH & Co. KG) R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed] R2 hola_svc; C:\Program Files\Hola\app\hola_svc.exe [5615792 2016-07-20] (Hola Networks Ltd.) <==== ATTENTION R2 hola_updater; C:\Program Files\Hola\app\hola_updater.exe [5615792 2016-07-20] (Hola Networks Ltd.) <==== ATTENTION R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2413056 2011-06-29] (Realsil Microelectronics Inc.) [File not signed] S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2960672 2016-07-20] (IObit) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes) R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe [138760 2011-08-10] (Symantec Corporation) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) R2 SpeedupService; C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe [27632 2016-07-14] (Avira Operations GmbH & Co. KG) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [171752 2016-07-18] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [145984 2016-07-18] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2016-07-18] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [79696 2016-07-18] (Avira Operations GmbH & Co. KG) R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20110819.004\BHDrvx64.sys [1151096 2011-08-19] (Symantec Corporation) R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1301000.01C\ccSetx64.sys [167048 2011-08-08] (Symantec Corporation) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20110726.001\IDSVia64.sys [488568 2011-07-20] (Symantec Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-08-01] (Malwarebytes) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation) S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20110810.019\ENG64.SYS [117880 2011-08-10] (Symantec Corporation) S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20110810.019\EX64.SYS [2048632 2011-08-10] (Symantec Corporation) S3 SRTSP; C:\Windows\system32\drivers\NISx64\1301000.01C\SRTSP64.SYS [729720 2011-08-02] (Symantec Corporation) R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1301000.01C\SRTSPX64.SYS [37496 2011-08-02] (Symantec Corporation) R3 SymDS; C:\Windows\system32\drivers\NISx64\1301000.01C\SYMDS64.SYS [451192 2011-07-25] (Symantec Corporation) R3 SymEFA; C:\Windows\system32\drivers\NISx64\1301000.01C\SYMEFA64.SYS [1084536 2011-07-28] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2012-03-20] (Symantec Corporation) R3 SymIRON; C:\Windows\system32\drivers\NISx64\1301000.01C\Ironx64.SYS [189560 2011-07-25] (Symantec Corporation) R3 SymNetS; C:\Windows\system32\drivers\NISx64\1301000.01C\SYMNETS.SYS [401016 2011-07-25] (Symantec Corporation) ========================== Drivers MD5 ======================= C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit C:\Windows\system32\drivers\afd.sys D5B031C308A409A0A576BFF4CF083D30 C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\amdiox64.sys 6A2EEB0C4133B20773BB3DD0B7B377B4 C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\atikmdag.sys 7979BF4A66EFDADF3D00A052409609B1 C:\Windows\System32\DRIVERS\atikmpag.sys 7D5CDB0161E91951D3DD99E55CEA4D01 C:\Windows\System32\DRIVERS\amdppm.sys ==> MD5 is legit C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49 C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048 C:\Windows\System32\DRIVERS\amd_sata.sys BB4FE7889DB9CBBE61A308E99697F53C C:\Windows\System32\DRIVERS\amd_xata.sys 5631CBA53F1CBEA3F9E88348E6723391 C:\Windows\system32\drivers\appid.sys ==> MD5 is legit C:\Windows\system32\drivers\arc.sys ==> MD5 is legit C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit C:\Windows\System32\drivers\AtihdW76.sys CBD14F698DEF12EE3557604B726CB8EB C:\Windows\System32\DRIVERS\avgntflt.sys E0304A40460FFFB14F3B067660518B9E C:\Windows\System32\DRIVERS\avipbb.sys DBEFDCF8A5258A483B672EB9825E5F7F C:\Windows\System32\DRIVERS\avkmgr.sys 390184FAD8FCC1B6DA25AEBAE928C3B6 C:\Windows\System32\DRIVERS\avnetflt.sys 138A53D17B040F5A3A307D44A89D0905 C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bcmwl664.sys 9E84A931DBEE0292E38ED672F6293A99 C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20110819.004\BHDrvx64.sys 41DA5845E1F8AF445BD626CF085C4541 C:\Windows\system32\drivers\blbdrive.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit C:\Windows\system32\drivers\NISx64\1301000.01C\ccSetx64.sys A8AD33C9DD88C810CAC00ACC7F4329FB C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit C:\Windows\System32\CLFS.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\clwvd.sys 50F92C943F18B070F166D019DFAB3D9A C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit C:\Windows\System32\Drivers\cng.sys ==> MD5 is legit C:\Windows\System32\drivers\compbatt.sys ==> MD5 is legit C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit C:\Windows\System32\drivers\discache.sys ==> MD5 is legit C:\Windows\System32\drivers\disk.sys ==> MD5 is legit C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit C:\Windows\System32\drivers\dxgkrnl.sys A4F408AD1065C7AD2ED332C68025B435 C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit C:\Windows\System32\Drivers\ElbyCDIO.sys BDD265EEB37DF5953A547FE412E2472F C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit C:\Windows\System32\Drivers\Fs_Rec.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\fvevol.sys ==> MD5 is legit C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit C:\Windows\system32\drivers\hidusb.sys ==> MD5 is legit C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20110726.001\IDSVia64.sys 0B97F1A640AD3D159A7B5D2164C42E50 C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit C:\Windows\system32\drivers\intelppm.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit C:\Windows\system32\drivers\kbdclass.sys ==> MD5 is legit C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit C:\Windows\System32\Drivers\ksecdd.sys ==> MD5 is legit C:\Windows\System32\Drivers\ksecpkg.sys ==> MD5 is legit C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit C:\Windows\system32\drivers\mbam.sys 78BFF5425E044086E74E78650A359FBB C:\Windows\system32\drivers\MBAMSwissArmy.sys 78488AF2AB2111D67B3C4044707A519B C:\Windows\system32\drivers\mwac.sys 452ACB7A9914398D9E18CCCFFCF92208 C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit C:\Windows\System32\drivers\modem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit C:\Windows\system32\drivers\mouhid.sys ==> MD5 is legit C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163 C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20110810.019\ENG64.SYS 2DBE90210DE76BE6E1653BB20EC70EC2 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20110810.019\EX64.SYS 346DA70E203B8E2C850277713DE8F71B C:\Windows\System32\drivers\ndis.sys C38B8AE57F78915905064A9A24DC1586 C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit C:\Windows\System32\Drivers\Ntfs.sys A2F74975097F52A00745F9637451FDD8 C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\nvm62x64.sys A85B4F2EF3A7304A5399EF0526423040 C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit C:\Windows\system32\drivers\parport.sys ==> MD5 is legit C:\Windows\System32\drivers\partmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\pci.sys ==> MD5 is legit C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit C:\Windows\system32\drivers\processr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit C:\Windows\System32\Drivers\RDPWD.sys ==> MD5 is legit C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\RtsPStor.sys 1F5E7AF59B390261A85F5BEDB1BB88B3 C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\Rt64win7.sys EA5532868BA76923D75BCB2A1448D810 C:\Windows\System32\DRIVERS\rtl8192Ce.sys F33E70E48A54A7A1BFBEEB4F3B273E4A C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\sdbus.sys 111E0EBC0AD79CB0FA014B907B231CF0 C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit C:\Windows\system32\drivers\serial.sys ==> MD5 is legit C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit C:\Windows\system32\drivers\NISx64\1301000.01C\SRTSP64.SYS 1321A6C3C92BBD3F3BBE1292CFF8E91A C:\Windows\system32\drivers\NISx64\1301000.01C\SRTSPX64.SYS BD129C22C3B8C2E584227269DFA77B09 C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28 C:\Windows\System32\DRIVERS\VSTAZL6.SYS 0C4540311E11664B245A263E1154CEF8 C:\Windows\System32\DRIVERS\VSTDPV6.SYS 02071D207A9858FBE3A48CBFD59C4A04 C:\Windows\System32\DRIVERS\VSTCNXT6.SYS 18E40C245DBFAF36FD0134A7EF2DF396 C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3 C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\stwrt64.sys EBA98394A7D58F7552C52192BD8FA7E6 C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit C:\Windows\system32\drivers\NISx64\1301000.01C\SYMDS64.SYS 8B2430762099598DA40686F754632EFD C:\Windows\system32\drivers\NISx64\1301000.01C\SYMEFA64.SYS FE29B18BF86FFCD55D8733C9B01E5042 C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 36B77F5C9E21F88A8C8EC67AD5415819 C:\Windows\system32\drivers\NISx64\1301000.01C\Ironx64.SYS DD70DA422460FDED831D211DF151D560 C:\Windows\system32\drivers\NISx64\1301000.01C\SYMNETS.SYS BCE4EB2EEF05E388959B46FD21388C2D C:\Windows\System32\DRIVERS\SynTP.sys C447977ED2A4AE9346FE3A0579A34D7C C:\Windows\System32\DRIVERS\tap0901.sys FEB710154EDF9B2A15E863E262B5BEE1 C:\Windows\System32\drivers\tcpip.sys F0E98C00A09FDF791525829A1D14240F C:\Windows\System32\DRIVERS\tcpip.sys F0E98C00A09FDF791525829A1D14240F C:\Windows\System32\drivers\tcpipreg.sys ==> MD5 is legit C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit C:\Windows\System32\drivers\tdtcp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit C:\Windows\system32\drivers\TsUsbGD.sys 9CC2CCAE8A84820EAECB886D477CBCB8 C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\usbccgp.sys 6F1A3157A1C89435352CEB543CDB359C C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit C:\Windows\system32\drivers\usbehci.sys C025055FE7B87701EB042095DF1A2D7B C:\Windows\System32\DRIVERS\usbfilter.sys B7037444DC5138FC7D3D3968B4DE5C4B C:\Windows\system32\drivers\usbhub.sys 287C6C9410B111B68B52CA298F7B8C24 C:\Windows\system32\drivers\usbohci.sys 9840FC418B4CBD632D3D0A667A725C31 C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit C:\Windows\system32\drivers\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6 C:\Windows\system32\drivers\usbuhci.sys 62069A34518BCF9C1FD9E74B3F6DB7CD C:\Windows\System32\Drivers\usbvideo.sys 454800C2BC7F3927CE030141EE4F4C50 C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit C:\Windows\System32\drivers\vga.sys ==> MD5 is legit C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit C:\Windows\System32\drivers\volsnap.sys DF8126BD41180351A093A3AD2FC8903B C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\System32\drivers\wd.sys ==> MD5 is legit C:\Windows\System32\drivers\Wdf01000.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit C:\Windows\System32\drivers\WudfPf.sys ==> MD5 is legit ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Three Months Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-08-01 11:04 - 2016-08-01 11:05 - 00000000 ____D C:\FRST 2016-07-31 22:52 - 2016-07-31 22:52 - 362451605 _____ C:\Windows\MEMORY.DMP 2016-07-31 22:52 - 2016-07-31 22:52 - 00274968 _____ C:\Windows\Minidump\073116-22120-01.dmp 2016-07-31 22:41 - 2016-07-31 22:41 - 00000000 ____D C:\Users\emma davidson\AppData\Roaming\WinRAR 2016-07-31 22:31 - 2016-07-31 22:31 - 01992496 _____ C:\Users\emma davidson\Downloads\winrar-x64-531 (1).exe 2016-07-31 22:31 - 2016-07-31 22:31 - 00000975 _____ C:\Users\Public\Desktop\WinRAR.lnk 2016-07-31 22:31 - 2016-07-31 22:31 - 00000000 ____D C:\Users\emma davidson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2016-07-31 22:31 - 2016-07-31 22:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2016-07-31 22:31 - 2016-07-31 22:31 - 00000000 ____D C:\Program Files\WinRAR 2016-07-31 22:30 - 2016-07-31 22:30 - 01992496 _____ C:\Users\emma davidson\Downloads\winrar-x64-531.exe 2016-07-31 22:29 - 2016-07-31 22:41 - 00000000 ____D C:\Users\emma davidson\Downloads\Melbourne.International.Comedy.Festival.2016.Gala.PDTV.x264-CBFM 2016-07-31 22:28 - 2016-07-31 22:28 - 00017404 _____ C:\Users\emma davidson\Downloads\Melbourne.International.Comedy.Festival.2016.Gala.PDTV.x264-CBFM.torrent 2016-07-31 22:25 - 2016-07-31 22:25 - 00034266 _____ C:\Users\emma davidson\Downloads\Channel.4s.Comedy.Gala.2016.XviD-AFG.torrent 2016-07-31 22:24 - 2016-07-31 22:24 - 00014960 _____ C:\Users\emma davidson\Downloads\Channel.4s.Comedy.Gala.2016.480p.x264-mSD (1).torrent 2016-07-31 22:19 - 2016-07-31 22:19 - 00014960 _____ C:\Users\emma davidson\Downloads\Channel.4s.Comedy.Gala.2016.480p.x264-mSD.torrent 2016-07-31 20:53 - 2016-07-31 20:53 - 00000000 ____D C:\Users\emma davidson\AppData\Local\Avira_Operations_GmbH_&_C 2016-07-31 16:31 - 2016-07-31 16:31 - 00000606 _____ C:\Users\emma davidson\Desktop\KMPlayer.lnk 2016-07-31 16:31 - 2016-07-31 16:31 - 00000000 ____D C:\Users\emma davidson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer 2016-07-31 16:30 - 2016-07-31 22:41 - 00000000 ____D C:\KMPlayer 2016-07-31 16:18 - 2016-07-31 16:18 - 00000933 _____ C:\Users\emma davidson\Desktop\Downloads.lnk 2016-07-31 14:52 - 2016-07-31 14:53 - 00000000 ____D C:\Users\emma davidson\Downloads\True.Detective.S02.HDTV.XviD-AFG 2016-07-31 14:48 - 2016-07-31 14:50 - 00000000 ____D C:\Users\emma davidson\Downloads\Jeff.Ross.Presents.Roast.Battle.S01E01.720p.HEVC.x265-MeGusta 2016-07-31 14:48 - 2016-07-31 14:49 - 00000000 ____D C:\Users\emma davidson\Downloads\Jeff.Ross.Presents.Roast.Battle.S01E02.720p.HEVC.x265-MeGusta 2016-07-31 14:48 - 2016-07-31 14:48 - 00000000 ____D C:\Users\emma davidson\Downloads\Jeff.Ross.Presents.Roast.Battle.S01E03.XviD-AFG 2016-07-30 23:28 - 2016-07-30 23:28 - 00000000 ____D C:\Users\emma davidson\AppData\Roaming\BBCiPlayerDownloads 2016-07-30 23:27 - 2016-07-30 23:27 - 00001226 _____ C:\Users\emma davidson\Desktop\BBC iPlayer Downloads.lnk 2016-07-30 23:27 - 2016-07-30 23:27 - 00000000 ____D C:\Users\emma davidson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BBC iPlayer 2016-07-30 23:27 - 2016-07-30 23:27 - 00000000 ____D C:\Users\emma davidson\AppData\Local\BBC 2016-07-30 20:37 - 2016-07-31 22:52 - 00000000 ____D C:\Windows\Minidump 2016-07-30 18:34 - 2016-07-30 18:49 - 00000000 ____D C:\Users\emma davidson\Downloads\Soaked.in.Bleach.2015.720p.BluRay.DD5.1.x264-playHD 2016-07-30 18:34 - 2016-07-30 18:34 - 00000000 ____D C:\Users\emma davidson\Downloads\The.Fundamentals.of.Caring.2016.HDRip.XviD.AC3-EVO 2016-07-30 16:20 - 2016-07-30 16:29 - 00002262 _____ C:\Users\Public\Desktop\Advanced SystemCare 9.lnk 2016-07-30 16:20 - 2016-07-30 16:23 - 00000000 ____D C:\Users\emma davidson\AppData\LocalLow\IObit 2016-07-30 16:20 - 2016-07-30 16:21 - 00000000 ____D C:\Users\emma davidson\AppData\Roaming\ProductData 2016-07-30 16:20 - 2016-07-30 16:20 - 00003210 _____ C:\Windows\System32\Tasks\ASC9_PerformanceMonitor 2016-07-30 16:20 - 2016-07-30 16:20 - 00002934 _____ C:\Windows\System32\Tasks\Uninstaller_SkipUac_emma_davidson 2016-07-30 16:20 - 2016-07-30 16:20 - 00002898 _____ C:\Windows\System32\Tasks\ASC9_SkipUac_emma davidson 2016-07-30 16:20 - 2016-07-30 16:20 - 00001366 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller.lnk 2016-07-30 16:20 - 2016-07-30 16:20 - 00001354 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk 2016-07-30 16:20 - 2016-07-30 16:20 - 00000000 ____D C:\Windows\Tasks\ImCleanDisabled 2016-07-30 16:20 - 2016-07-30 16:20 - 00000000 ____D C:\ProgramData\ProductData 2016-07-30 16:20 - 2016-07-30 16:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller 2016-07-30 16:20 - 2016-07-30 16:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 2016-07-30 16:20 - 2016-07-30 16:20 - 00000000 ____D C:\ProgramData\{FD6F83C0-EC70-4581-8361-C70CD1AA4B98} 2016-07-30 16:19 - 2016-07-30 16:21 - 00000000 ____D C:\Users\emma davidson\AppData\Roaming\IObit 2016-07-30 16:19 - 2016-07-30 16:20 - 00000000 ____D C:\ProgramData\IObit 2016-07-30 16:19 - 2016-07-30 16:20 - 00000000 ____D C:\Program Files (x86)\IObit 2016-07-30 16:19 - 2016-07-30 16:19 - 00000000 ____D C:\Program Files\Common Files\AV 2016-07-30 16:17 - 2016-07-31 16:20 - 00000000 ____D C:\Users\emma davidson\AppData\Roaming\vlc 2016-07-30 16:17 - 2016-07-30 16:17 - 00001011 _____ C:\Users\emma davidson\Desktop\Hola.lnk 2016-07-30 16:16 - 2016-07-30 16:16 - 00001250 _____ C:\Users\Public\Desktop\Virtual CloneDrive.lnk 2016-07-30 16:16 - 2016-07-30 16:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes 2016-07-30 16:16 - 2016-07-30 16:16 - 00000000 ____D C:\Program Files (x86)\Elaborate Bytes 2016-07-30 16:15 - 2016-07-30 16:15 - 00001391 _____ C:\Users\emma davidson\Desktop\Spybot-S&D Start Center.lnk 2016-07-30 16:15 - 2016-07-30 16:15 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking 2016-07-30 16:15 - 2016-07-30 16:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2016-07-30 16:14 - 2016-07-30 16:30 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2016-07-30 16:14 - 2016-07-30 16:19 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2 2016-07-30 16:14 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe 2016-07-30 16:11 - 2016-07-30 16:11 - 00001066 _____ C:\Users\Public\Desktop\VLC media player.lnk 2016-07-30 16:11 - 2016-07-30 16:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2016-07-30 16:11 - 2016-07-30 16:11 - 00000000 ____D C:\Program Files (x86)\VideoLAN 2016-07-30 16:09 - 2016-07-31 22:42 - 00000000 ____D C:\Users\emma davidson\AppData\Roaming\uTorrent 2016-07-30 16:09 - 2016-07-31 22:32 - 00000000 ___SD C:\Users\emma davidson\AppData\LocalLow\Temp 2016-07-30 16:09 - 2016-07-30 16:09 - 00002676 _____ C:\Users\emma davidson\Desktop\µTorrent.lnk 2016-07-30 16:08 - 2016-07-30 16:08 - 00000000 ____D C:\Users\emma davidson\AppData\Roaming\Avira 2016-07-30 16:04 - 2016-07-31 16:33 - 00000000 ____D C:\Users\emma davidson\AppData\Local\CrashDumps 2016-07-30 15:44 - 2016-08-01 10:40 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-07-30 15:44 - 2016-07-30 15:44 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-07-30 15:44 - 2016-07-30 15:44 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2016-07-30 15:44 - 2016-07-30 15:44 - 00000000 ____D C:\Windows\system32\Macromed 2016-07-30 15:43 - 2016-07-30 15:45 - 00000000 ____D C:\Users\emma davidson\AppData\Local\Adobe 2016-07-30 15:42 - 2016-07-30 15:42 - 00001011 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hola.lnk 2016-07-30 15:42 - 2016-07-30 15:42 - 00000000 ____D C:\Users\emma davidson\AppData\Roaming\Hola 2016-07-30 15:42 - 2016-07-30 15:42 - 00000000 ____D C:\Users\emma davidson\AppData\Local\Chromium 2016-07-30 15:42 - 2016-07-30 15:42 - 00000000 ____D C:\Program Files\Hola 2016-07-30 15:13 - 2016-07-30 15:13 - 00000000 ____D C:\Users\emma davidson\AppData\Local\AviraSpeedup 2016-07-30 15:12 - 2016-07-30 20:37 - 00000356 _____ C:\Windows\Tasks\HPCeeScheduleForEMMADAVIDSON-HP$.job 2016-07-30 15:12 - 2016-07-30 15:12 - 00003232 _____ C:\Windows\System32\Tasks\HPCeeScheduleForEMMADAVIDSON-HP$ 2016-07-30 15:12 - 2016-07-30 15:12 - 00001052 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira Phantom VPN.lnk 2016-07-30 15:12 - 2016-07-30 15:12 - 00001040 _____ C:\Users\Public\Desktop\Avira Phantom VPN.lnk 2016-07-30 15:12 - 2016-07-30 15:12 - 00000000 ____D C:\Users\emma davidson\AppData\Local\Avira 2016-07-30 15:11 - 2016-07-30 15:17 - 00000000 ____D C:\ProgramData\Easybits Magic Desktop for HP 2016-07-30 14:50 - 2016-07-30 14:50 - 00001143 _____ C:\Users\Public\Desktop\Avira System Speedup.lnk 2016-07-30 14:47 - 2016-07-30 14:49 - 00000000 ____D C:\de101f08bb075b00758dc32cd4d8f5 2016-07-30 14:46 - 2016-08-01 10:58 - 00000000 ____D C:\Users\Public\Speedup Sessions 2016-07-30 14:46 - 2016-07-30 14:46 - 00003364 _____ C:\Windows\System32\Tasks\Avira System Speedup Tray 2016-07-30 14:46 - 2016-07-30 14:46 - 00002820 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2016-07-30 14:46 - 2016-07-30 14:46 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk 2016-07-30 14:46 - 2016-07-30 14:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2016-07-30 14:46 - 2016-07-30 14:46 - 00000000 ____D C:\Program Files\CCleaner 2016-07-30 14:45 - 2016-07-30 14:45 - 00002267 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-07-30 14:40 - 2016-08-01 10:56 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-07-30 14:40 - 2016-08-01 10:55 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-07-30 14:40 - 2016-07-30 14:50 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2016-07-30 14:40 - 2016-07-30 14:50 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2016-07-30 14:40 - 2016-07-30 14:47 - 00000000 ____D C:\Users\emma davidson\AppData\Local\Google 2016-07-30 14:39 - 2016-07-30 14:46 - 00000000 ____D C:\Program Files (x86)\Google 2016-07-30 14:37 - 2016-08-01 10:57 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-07-30 14:37 - 2016-07-18 16:23 - 00171752 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2016-07-30 14:37 - 2016-07-18 16:23 - 00145984 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2016-07-30 14:37 - 2016-07-18 16:23 - 00079696 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2016-07-30 14:37 - 2016-07-18 16:23 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2016-07-30 14:36 - 2016-07-30 14:36 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2016-07-30 14:36 - 2016-07-30 14:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-07-30 14:36 - 2016-07-30 14:36 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-07-30 14:36 - 2016-07-30 14:36 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2016-07-30 14:36 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2016-07-30 14:36 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2016-07-30 14:36 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2016-07-30 14:31 - 2016-07-30 14:31 - 00000000 ____D C:\Users\emma davidson\AppData\Roaming\Mozilla 2016-07-30 14:29 - 2016-07-30 15:13 - 00000000 ____D C:\ProgramData\Avira 2016-07-30 14:29 - 2016-07-30 15:12 - 00000000 ____D C:\Program Files (x86)\Avira 2016-07-30 14:29 - 2016-07-30 14:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2016-07-30 14:29 - 2016-07-30 14:29 - 00001206 _____ C:\Users\Public\Desktop\Avira Launcher.lnk 2016-07-30 14:28 - 2016-07-30 14:28 - 00000000 ____D C:\ProgramData\Package Cache 2016-07-30 14:26 - 2016-07-31 17:21 - 00000000 ____D C:\Users\emma davidson\AppData\Roaming\Apple Computer 2016-07-30 14:26 - 2016-07-30 15:54 - 00000000 ____D C:\Users\emma davidson\AppData\Local\Apple Computer 2016-07-30 14:26 - 2016-07-30 14:26 - 00002503 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk 2016-07-30 14:26 - 2016-07-30 14:26 - 00002491 _____ C:\Users\Public\Desktop\Safari.lnk 2016-07-30 14:26 - 2016-07-30 14:26 - 00000000 ____D C:\ProgramData\Apple Computer 2016-07-30 14:26 - 2016-07-30 14:26 - 00000000 ____D C:\Program Files (x86)\Safari 2016-07-30 14:24 - 2016-07-30 14:24 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk 2016-07-30 14:24 - 2016-07-30 14:24 - 00000000 ____D C:\Windows\System32\Tasks\Apple 2016-07-30 14:24 - 2016-07-30 14:24 - 00000000 ____D C:\Users\emma davidson\AppData\Local\Apple 2016-07-30 14:24 - 2016-07-30 14:24 - 00000000 ____D C:\ProgramData\Apple 2016-07-30 14:24 - 2016-07-30 14:24 - 00000000 ____D C:\Program Files (x86)\Apple Software Update 2016-07-30 14:22 - 2016-07-30 15:12 - 00057960 _____ C:\Users\emma davidson\AppData\Local\GDIPFONTCACHEV1.DAT 2016-07-30 14:22 - 2016-07-30 14:22 - 00000000 ____D C:\Users\emma davidson\AppData\Roaming\Macromedia 2016-07-30 14:21 - 2016-07-30 14:21 - 00000000 ____D C:\Users\emma davidson\AppData\Roaming\ATI 2016-07-30 14:21 - 2016-07-30 14:21 - 00000000 ____D C:\Users\emma davidson\AppData\Local\ATI 2016-07-30 14:21 - 2016-07-30 14:21 - 00000000 ____D C:\Users\emma davidson\AppData\Local\AMD 2016-07-30 14:20 - 2016-07-30 23:28 - 00000000 ____D C:\Users\emma davidson\AppData\Roaming\Adobe 2016-07-30 14:20 - 2016-07-30 14:20 - 00001409 _____ C:\Users\emma davidson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk 2016-07-30 14:20 - 2016-07-30 14:20 - 00000000 ____D C:\Users\emma davidson\AppData\Roaming\Synaptics 2016-07-30 14:19 - 2016-08-01 09:56 - 00000364 _____ C:\Windows\Tasks\HPCeeScheduleForemma davidson.job 2016-07-30 14:19 - 2016-07-31 22:56 - 00003234 _____ C:\Windows\System32\Tasks\HPCeeScheduleForemma davidson 2016-07-30 14:19 - 2016-07-31 20:51 - 00003986 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{743FE513-EEA1-4EE6-BADE-2F4B3A0850B6} 2016-07-30 14:19 - 2016-07-30 14:20 - 00001443 _____ C:\Users\emma davidson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2016-07-30 14:18 - 2016-07-31 22:28 - 00000000 ____D C:\Users\emma davidson\AppData\Roaming\Hewlett-Packard 2016-07-30 14:17 - 2016-07-30 14:20 - 00000000 ____D C:\Users\emma davidson\AppData\Roaming\hpqlog 2016-07-30 14:17 - 2016-07-30 14:19 - 00003598 _____ C:\Windows\System32\Tasks\Registration 2016-07-30 14:17 - 2016-07-30 14:19 - 00000000 ____D C:\Users\emma davidson\AppData\Local\Hewlett-Packard 2016-07-30 14:17 - 2016-07-30 14:17 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services 2016-07-30 14:17 - 2016-07-30 14:17 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos 2016-07-30 14:17 - 2016-07-30 14:17 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security 2016-07-30 14:17 - 2016-07-30 14:17 - 00000000 ____D C:\Users\emma davidson\AppData\Local\RemEngine 2016-07-30 14:17 - 2016-07-30 14:17 - 00000000 ____D C:\Users\emma davidson\AppData\Local\Hewlett-Packard_Company 2016-07-30 14:16 - 2016-07-30 14:49 - 00000000 ____D C:\Users\emma davidson\AppData\Local\VirtualStore 2016-07-30 14:16 - 2014-05-14 17:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2016-07-30 14:16 - 2014-05-14 17:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2016-07-30 14:16 - 2014-05-14 17:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2016-07-30 14:16 - 2014-05-14 17:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2016-07-30 14:16 - 2014-05-14 17:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2016-07-30 14:16 - 2014-05-14 17:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2016-07-30 14:16 - 2014-05-14 17:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2016-07-30 14:16 - 2014-05-14 17:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2016-07-30 14:16 - 2014-05-14 17:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2016-07-30 14:16 - 2014-05-14 17:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2016-07-30 14:16 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2016-07-30 14:16 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2016-07-30 14:16 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2016-07-30 14:16 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2016-07-30 14:15 - 2016-07-31 22:56 - 00000000 ____D C:\Users\emma davidson 2016-07-30 14:15 - 2016-07-30 14:15 - 00000020 ___SH C:\Users\emma davidson\ntuser.ini 2016-07-30 14:15 - 2016-07-30 14:15 - 00000000 _SHDL C:\Users\emma davidson\My Documents 2016-07-30 14:15 - 2016-07-30 14:15 - 00000000 _SHDL C:\Users\emma davidson\Documents\My Videos 2016-07-30 14:15 - 2016-07-30 14:15 - 00000000 _SHDL C:\Users\emma davidson\Documents\My Pictures 2016-07-30 14:15 - 2016-07-30 14:15 - 00000000 _SHDL C:\Users\emma davidson\Documents\My Music 2016-07-30 14:15 - 2012-03-20 10:42 - 00000000 ____D C:\Users\emma davidson\AppData\Roaming\Media Center Programs 2016-07-13 15:53 - 2016-07-13 15:53 - 00036872 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys ==================== Three Months Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-08-01 10:36 - 2009-07-14 05:45 - 00031856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-08-01 10:36 - 2009-07-14 05:45 - 00031856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-08-01 10:34 - 2009-07-14 06:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI 2016-08-01 10:34 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf 2016-08-01 10:28 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-08-01 10:22 - 2012-03-20 10:12 - 00000000 ____D C:\Windows\system32\Drivers\NISx64 2016-07-31 21:14 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF 2016-07-30 23:07 - 2009-07-14 06:32 - 00032768 _____ C:\Windows\system32\config\BCD-Template 2016-07-30 22:13 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache 2016-07-30 16:29 - 2007-01-02 02:25 - 00000000 ____D C:\Windows\Panther 2016-07-30 15:44 - 2011-10-15 07:07 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-07-30 15:44 - 2011-10-15 07:07 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2016-07-30 15:09 - 2009-07-14 05:45 - 00275112 _____ C:\Windows\system32\FNTCACHE.DAT 2016-07-30 15:00 - 2012-03-20 09:59 - 00765700 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2016-07-30 14:19 - 2011-02-10 20:23 - 00000000 ____D C:\SWSetup 2016-07-30 14:17 - 2011-10-15 07:27 - 00000000 ___RD C:\Program Files\Online Services 2016-07-30 14:17 - 2011-10-15 07:21 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat 2016-07-30 14:17 - 2011-10-15 07:19 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection 2016-07-30 14:17 - 2011-10-15 07:19 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support 2016-07-30 14:17 - 2011-10-15 07:08 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools 2016-07-30 14:17 - 2011-10-15 07:08 - 00000000 ___RD C:\Program Files (x86)\Online Services 2016-07-30 14:17 - 2011-10-15 07:07 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eReaders and Document Viewers 2016-07-30 14:17 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\Windows Sidebar 2016-07-30 14:17 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar 2016-07-30 14:16 - 2012-03-20 10:12 - 00000000 ____D C:\ProgramData\Norton 2016-07-30 14:16 - 2011-02-10 20:23 - 00000000 ___HD C:\SYSTEM.SAV 2016-07-30 14:15 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Public\Libraries 2016-07-30 14:14 - 2012-03-20 09:48 - 00000056 ____H C:\Windows\SysWOW64\ezsidmv.dat Files to move or delete: ==================== C:\Program Files\Hola\app\hola.exe Some files in TEMP: ==================== C:\Users\emma davidson\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed ==================== BCD ================================ Windows Boot Manager -------------------- identifier {bootmgr} device partition=\Device\HarddiskVolume1 description Windows Boot Manager locale en-US inherit {globalsettings} extendedinput Yes default {current} resumeobject {0d56e759-56a2-11e6-aad2-e47ee23727ce} displayorder {current} toolsdisplayorder {memdiag} timeout 30 customactions 0x1000085000001 0x5400000f custom:5400000f {0d56e75d-56a2-11e6-aad2-e47ee23727ce} Windows Boot Loader ------------------- identifier {current} device partition=C: path \Windows\system32\winload.exe description Windows 7 locale en-US inherit {bootloadersettings} recoverysequence {0d56e75d-56a2-11e6-aad2-e47ee23727ce} recoveryenabled Yes osdevice partition=C: systemroot \Windows resumeobject {0d56e759-56a2-11e6-aad2-e47ee23727ce} nx OptIn detecthal Yes Windows Boot Loader ------------------- identifier {0d56e75d-56a2-11e6-aad2-e47ee23727ce} device ramdisk=[D:]\Recovery\WindowsRE\Winre.wim,{0d56e75e-56a2-11e6-aad2-e47ee23727ce} path \windows\system32\winload.exe description Windows Recovery Environment inherit {bootloadersettings} osdevice ramdisk=[D:]\Recovery\WindowsRE\Winre.wim,{0d56e75e-56a2-11e6-aad2-e47ee23727ce} systemroot \windows nx OptIn winpe Yes Resume from Hibernate --------------------- identifier {0d56e759-56a2-11e6-aad2-e47ee23727ce} device partition=C: path \Windows\system32\winresume.exe description Windows Resume Application locale en-US inherit {resumeloadersettings} filedevice partition=C: filepath \hiberfil.sys debugoptionenabled No Windows Memory Tester --------------------- identifier {memdiag} device partition=\Device\HarddiskVolume1 path \boot\memtest.exe description Windows Memory Diagnostic locale en-US inherit {globalsettings} badmemoryaccess Yes EMS Settings ------------ identifier {emssettings} bootems Yes Debugger Settings ----------------- identifier {dbgsettings} debugtype Serial debugport 1 baudrate 115200 RAM Defects ----------- identifier {badmemory} Global Settings --------------- identifier {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} Boot Loader Settings -------------------- identifier {bootloadersettings} inherit {globalsettings} {hypervisorsettings} Hypervisor Settings ------------------- identifier {hypervisorsettings} hypervisordebugtype Serial hypervisordebugport 1 hypervisorbaudrate 115200 Resume Loader Settings ---------------------- identifier {resumeloadersettings} inherit {globalsettings} Device options -------------- identifier {0d56e75e-56a2-11e6-aad2-e47ee23727ce} description Ramdisk Options ramdisksdidevice partition=D: ramdisksdipath \Recovery\WindowsRE\boot.sdi LastRegBack: 2016-07-30 20:29 ==================== End of FRST.txt ==========

The sick laptop I have was Windows 7 before I upgraded I have the product key but no Windows 7 disc

The spare pc I have that was going to create repair disc from is running windows 7 not 10. My fault I dint cen think

Pc*

Bugger dint think spare cd has Windows 7 I'm really not having much luck here lol

Cool just backing up some files then going to give it a go. Thank you for your help I'll let you know how it went hopefully not really bad lol :-)

Can I use a blank cd that's not dvd but is 700mb

Do I do this on spare PC ? As I can't access anything on the sick one? Sorry if I'm being stupid

Thank you I shall give it ago in the morning and will let you know how I get on would I install that then follow you initial steps?

No Windows on disc or usb I got it as its free update. To be honest wish I never had as have had nothing but problems since I did update it. I have tried everything all normal routes I would use to access safe mode or options or command prompt but I can't even restart and shift from log in screen as something is stopping me getting the option only gives me "shutdown" option

Thank you for your advice but this is the problem I am having I am normally pretty good with a computer but this has stumped me as when I boot and hold the shift key all that comes up is "do you want to turn on filter keys" I do have a spare laptop so am able to download software but I have no way at the moment to be able to get to it on the sick PC!!, really annoying. Thank you again for taking the time to reply.

Sorry and thank you

Hi there, im running Windows 10 ( first mistake!!) I got an error pop up saying " Windows will restart in one minute Windows has encountered a problem please save your work" after this Windows did restart but when it did it gets to the log in screen and allows me to enter my password but when I do the curser jumps back to the start of the text and is unresponsive. I have no way of getting to safe mode as when I go to the restart (power) icon on the right of the screen it only gives me the option to shut down. Also unfortunately there are no restore points set up. I run malwarebytes, avira spy bot ccleaner, advance Windows care so thought I was pretty safe. any advice no assistance would be very appreciated for this mess I have found myself in. many thanks in advance.