[SOLVED] Windows 10 detecting available updates, but failing to download them

P

PhilS32767

Member
Joined
Jun 10, 2015
Posts
21
This is a Windows 7 machine that several months ago had some malware removed.
I was seeing periodic Windows Updates succeeding, in Windows Update history.
When I went to upgrade the machine to Win10, I ran into problems though.
The updates kicked off by starting the upgrade process in the GWX app failed with 80072efd errors.
The standalone Windows 10 Upgrade Assistant tool also failed with 80072efd, as did the Windows 10 media download tool.
I ran the media download tool on another machine that had successfully upgraded to Windows 10, made 1 USB installation medium and 2 DVD media, for safekeeping and emergency use (for example, if one of our machines has a hard disk crash).
I used the USB medium to run the Windows 10 upgrade, which succeeded.
Windows 10 is now able to detect available updates, but is not able to download them.
The windowsupdate.log that I can get via powershell get-windowsupdatelog shows 80072efd errors on attempts by BITS to perform the downloads.

Here's the SFCFix.log:

SFCFix version 3.0.0.0 by niemiro.
Start time: 2016-07-24 21:25:53.800
Microsoft Windows 10 Build 10586 - amd64
Not using a script file.








AutoAnalysis::
SUMMARY: No corruptions were detected.
AutoAnalysis:: directive completed successfully.








Successfully processed all directives.
SFCFix version 3.0.0.0 by niemiro has completed.
Currently storing 0 datablocks.
Finish time: 2016-07-24 21:51:30.442
----------------------EOF-----------------------

CBS.zip is attached.
 

Attachments

Let's take a look. Please do the following.

Step#1 - FRST Scan
1. Please download Farbar Recovery Scan Tool and save it to your Desktop.
Note: You need to run the 64-bit Version so please ensure you download that one.
2. Right click to run as administrator. When the tool opens click Yes to disclaimer.
3. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running (if not already).
4. Press Scan button.
5. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
6. Please copy and paste log back here.
7. Another log (Addition.txt - also located in the same directory as FRST64.exe) will be generated Please also paste that along with the FRST.txt into your reply.
 
Thanks for responding!
I didn't get an email notification of your response though (and that's why my response is delayed).
What do I need to do to get email notification of posts to this thread?

Here is frst.txt:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-07-2016
Ran by Jeremy (administrator) on SAMWISE (28-07-2016 15:23:56)
Running from C:\Users\Jeremy\Desktop
Loaded Profiles: Jeremy & DefaultAppPool (Available Profiles: Jeremy & Phil & DefaultAppPool)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials


==================== Processes (Whitelisted) =================


(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)


(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\LMS.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
(Intel Corporation) C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_1.10.22012.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
(CANON INC.) C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE
() C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
() C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Sysinternals - www.sysinternals.com) C:\Program Files (x86)\Sysinternals\ProcessExplorer\procexp.exe
(Sysinternals - www.sysinternals.com) C:\Users\Jeremy\AppData\Local\Temp\procexp64.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe




==================== Registry (Whitelisted) ===========================


(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)


HKLM\...\Run: [picon] => C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe [796696 2009-07-24] (Intel Corporation)
HKLM\...\Run: [MFNetworkScanUtility] => C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE [486552 2012-09-27] (CANON INC.)
HKLM\...\Run: [WrtMon.exe] => C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe [20480 2006-09-20] ()
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe
HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe
HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe
HKLM-x32\...\Run: [SoundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296520 2014-10-20] (RealNetworks, Inc.)
HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [551488 2014-09-23] ()
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Binpif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Binexe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
HKLM Group Policy restriction on software: ** <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bincom <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Binscr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
HKU\S-1-5-21-3805180030-359751056-14507808-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23496872 2016-05-17] (Google)
HKU\S-1-5-21-3805180030-359751056-14507808-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssText3d.scr [232960 2015-10-30] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2015-09-09]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk [2015-09-09]
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Symantec Fax Starter Edition Port.lnk [2015-09-09]
ShortcutTarget: Symantec Fax Starter Edition Port.lnk -> C:\Program Files (x86)\Microsoft Office\Office\1033\OLFSNT40.EXE (Microsoft Corporation)
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION


==================== Internet (Whitelisted) ====================


(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)


Tcpip\Parameters: [DhcpNameServer] 208.59.247.45 208.59.247.46
Tcpip\..\Interfaces\{ff8f0333-8e63-45c1-9cf8-ab1a67ef8058}: [DhcpNameServer] 208.59.247.45 208.59.247.46


Internet Explorer:
==================
HKU\S-1-5-21-3805180030-359751056-14507808-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
HKU\S-1-5-21-3805180030-359751056-14507808-1000\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/1me10IE11ENUS/MSE_WCP
SearchScopes: HKU\S-1-5-21-3805180030-359751056-14507808-1000 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
SearchScopes: HKU\S-1-5-21-3805180030-359751056-14507808-1000 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-04-16] (Belarc, Inc.)
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2000-11-21] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2000-11-21] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2000-11-21] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2000-11-21] (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2000-11-21] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2000-11-21] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2000-11-21] (Microsoft Corporation)


FireFox:
========
FF ProfilePath: C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\5fs2p5jk.default
FF DefaultSearchEngine.US: Google
FF Homepage: hxxps://www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-23] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-23] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=17.0.14.69 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2014-10-20] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.14 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2014-09-26] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.14.69 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2014-10-20] (RealPlayer Cloud)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{4642CD99-8FDF-4550-94E1-63360972C326}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-10-19] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext


Chrome:
=======
CHR Profile: C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-20]
CHR Extension: (Dealz) - C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\manaobgbdfpjjjnheogfghmjbikhjnlf [2016-07-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-12]
CHR HKU\S-1-5-21-3805180030-359751056-14507808-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Jeremy\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-05-14]
CHR HKU\S-1-5-21-3805180030-359751056-14507808-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [eeafbffkmccheohnooflcnppngmobeoe] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3805180030-359751056-14507808-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ellbonkjdmgdghkojcjmomekmjpdffde] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3805180030-359751056-14507808-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fllgpcmelbfhcligbphaaplminjpbiad] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3805180030-359751056-14507808-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hpjocjloojeicikiokfiekcdpojgfefc] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3805180030-359751056-14507808-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jlcgehabolcakkjhgmgpkagpolbjlhfa] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3805180030-359751056-14507808-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jmnkgjdfgnjhmnopgmkcpigenfhgajdj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3805180030-359751056-14507808-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kfbhfniohjdklgcmbmemnpaimpdaikea] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3805180030-359751056-14507808-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3805180030-359751056-14507808-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [manaobgbdfpjjjnheogfghmjbikhjnlf] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3805180030-359751056-14507808-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [oaobejgaaiojgggjojlcpbembaoajbmc] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eeafbffkmccheohnooflcnppngmobeoe] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ellbonkjdmgdghkojcjmomekmjpdffde] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fllgpcmelbfhcligbphaaplminjpbiad] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hpjocjloojeicikiokfiekcdpojgfefc] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jmnkgjdfgnjhmnopgmkcpigenfhgajdj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kfbhfniohjdklgcmbmemnpaimpdaikea] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [manaobgbdfpjjjnheogfghmjbikhjnlf] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [oaobejgaaiojgggjojlcpbembaoajbmc] - hxxps://clients2.google.com/service/update2/crx


==================== Services (Whitelisted) ========================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


S3 dkab_device; C:\Windows\system32\DKabcoms.exe [476568 2006-10-21] ( )
S3 dkab_device; C:\Windows\SysWOW64\DKabcoms.exe [508824 2006-10-21] ( )
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1876816 2014-07-20] (SurfRight B.V.)
R2 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [174616 2009-07-24] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-09-26] ()
R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-10-20] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [31344 2014-09-26] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
R2 UNS; C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2066968 2009-07-24] (Intel Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)


===================== Drivers (Whitelisted) ==========================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


R2 hmpalert; C:\Windows\System32\drivers\hmpalert.sys [93144 2016-05-02] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath


==================== NetSvcs (Whitelisted) ===================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)




==================== One Month Created files and folders ========


(If an entry is included in the fixlist, the file/folder will be moved.)


2016-07-28 15:21 - 2016-07-28 15:23 - 02394112 _____ (Farbar) C:\Users\Jeremy\Desktop\FRST64.exe
2016-07-28 15:21 - 2016-07-28 15:21 - 02394112 _____ (Farbar) C:\Users\Jeremy\Downloads\FRST64 (3).exe
2016-07-24 21:54 - 2016-07-24 21:54 - 00233691 _____ C:\Users\Jeremy\Desktop\CBS.zip
2016-07-24 21:53 - 2016-07-24 21:53 - 00000000 ____D C:\Users\Jeremy\Desktop\CBS
2016-07-24 21:51 - 2016-07-24 21:51 - 00000946 _____ C:\Users\Jeremy\Desktop\SFCFix.txt
2016-07-24 21:51 - 2016-07-24 21:51 - 00000000 ____D C:\SFCFix
2016-07-24 21:44 - 2016-07-24 21:44 - 00036344 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2016-07-24 21:36 - 2016-07-24 21:36 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Games
2016-07-24 21:25 - 2016-07-24 21:51 - 00000000 ____D C:\Users\Jeremy\AppData\Local\niemiro
2016-07-24 21:25 - 2016-07-24 21:25 - 02884096 _____ (niemiro) C:\Users\Jeremy\Downloads\SFCFix.exe
2016-07-23 16:15 - 2016-07-23 16:15 - 376550314 _____ C:\Users\Jeremy\Desktop\BackupSat072320161615.reg
2016-07-23 15:59 - 2016-07-23 15:59 - 00000000 ____D C:\Users\Jeremy\Desktop\ResetWUEng
2016-07-23 15:32 - 2016-07-23 15:32 - 00000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2016-07-23 15:32 - 2016-07-23 15:32 - 00000000 _SHDL C:\Users\DefaultAppPool\My Documents
2016-07-23 15:32 - 2016-07-23 15:32 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Videos
2016-07-23 15:32 - 2016-07-23 15:32 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Pictures
2016-07-23 15:32 - 2016-07-23 15:32 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Music
2016-07-23 15:32 - 2016-07-23 15:32 - 00000000 ____D C:\Users\DefaultAppPool
2016-07-23 15:32 - 2016-07-23 06:46 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\Media Center Programs
2016-07-23 15:32 - 2016-07-23 06:46 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Local\Google
2016-07-23 14:36 - 2016-07-23 14:36 - 00692665 _____ C:\Users\Jeremy\Downloads\ResetWUEng.zip
2016-07-23 14:19 - 2016-07-23 16:05 - 00000000 ____D C:\WINDOWS\system32\Catroot2.bak
2016-07-23 14:06 - 2016-07-23 16:02 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log.bak
2016-07-23 14:06 - 2016-07-23 14:09 - 00000000 ____D C:\WINDOWS\SoftwareDistribution.bak
2016-07-23 14:05 - 2016-07-23 14:05 - 00000432 _____ C:\Users\Jeremy\Desktop\reg-failed-dlls.txt
2016-07-23 13:49 - 2016-07-23 16:05 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-07-23 12:57 - 2016-07-23 12:57 - 00000639 _____ C:\Users\Jeremy\Downloads\WindowsUpdateDiagnostic (4).diagcab
2016-07-23 12:22 - 2016-07-23 12:22 - 00000000 ____D C:\Users\Jeremy\AppData\Local\PeerDistRepub
2016-07-23 12:21 - 2016-07-23 12:21 - 00000639 _____ C:\Users\Jeremy\Downloads\WindowsUpdateDiagnostic (3).diagcab
2016-07-23 12:09 - 2016-07-23 12:34 - 00004571 _____ C:\Users\Jeremy\Downloads\Reset_Reregister_Windows_Update_Components.bat
2016-07-23 11:55 - 2016-07-23 11:55 - 00000000 ____D C:\Users\Jeremy\AppData\Local\MicrosoftEdge
2016-07-23 10:38 - 2016-07-23 06:55 - 00000000 ___DC C:\WINDOWS\Panther
2016-07-23 10:35 - 2016-07-23 10:35 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2016-07-23 10:35 - 2016-07-23 10:35 - 00000000 ____D C:\Windows.old
2016-07-23 10:33 - 2016-07-23 10:33 - 00000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2016-07-23 10:33 - 2016-07-23 10:33 - 00000000 ____D C:\WINDOWS\system32\msmq
2016-07-23 10:33 - 2016-07-23 10:33 - 00000000 ____D C:\WINDOWS\system32\BestPractices
2016-07-23 10:33 - 2016-07-23 10:33 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-07-23 10:33 - 2016-07-23 10:33 - 00000000 ____D C:\Program Files\MSBuild
2016-07-23 10:33 - 2016-07-23 10:33 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-07-23 10:33 - 2016-07-23 10:33 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-07-23 10:33 - 2016-07-23 10:33 - 00000000 ____D C:\inetpub
2016-07-23 10:32 - 2015-10-23 21:47 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2016-07-23 10:32 - 2015-10-23 21:47 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2016-07-23 10:32 - 2015-10-23 21:47 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2016-07-23 10:32 - 2015-10-23 21:46 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2016-07-23 10:32 - 2015-10-23 21:46 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2016-07-23 10:32 - 2015-10-23 21:45 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2016-07-23 08:13 - 2016-07-23 08:13 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-07-23 07:31 - 2016-07-23 07:31 - 06079168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2016-07-23 07:26 - 2016-07-23 07:26 - 00000000 ____D C:\Users\Phil\AppData\Local\Comms
2016-07-23 07:24 - 2016-07-23 07:24 - 00000000 ____D C:\Users\Jeremy\AppData\Local\Comms
2016-07-23 07:15 - 2016-07-23 07:15 - 00000000 ____D C:\Users\Phil\AppData\Local\PeerDistRepub
2016-07-23 07:05 - 2016-07-23 07:05 - 00002372 _____ C:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-07-23 07:05 - 2016-07-23 07:05 - 00000000 ___RD C:\Users\Phil\OneDrive
2016-07-23 07:05 - 2016-07-23 07:05 - 00000000 ____D C:\Users\Phil\AppData\Local\ActiveSync
2016-07-23 07:04 - 2016-07-23 07:04 - 00000000 ____D C:\Users\Phil\AppData\Local\Publishers
2016-07-23 07:03 - 2016-07-23 07:27 - 00000000 ____D C:\Users\Phil\AppData\Local\Packages
2016-07-23 07:03 - 2016-07-23 07:05 - 00000000 ____D C:\Users\Phil\AppData\Roaming\Real
2016-07-23 07:03 - 2016-07-23 07:05 - 00000000 ____D C:\Users\Phil
2016-07-23 07:03 - 2016-07-23 07:03 - 00000020 ___SH C:\Users\Phil\ntuser.ini
2016-07-23 07:03 - 2016-07-23 07:03 - 00000000 _SHDL C:\Users\Phil\My Documents
2016-07-23 07:03 - 2016-07-23 07:03 - 00000000 _SHDL C:\Users\Phil\Documents\My Videos
2016-07-23 07:03 - 2016-07-23 07:03 - 00000000 _SHDL C:\Users\Phil\Documents\My Pictures
2016-07-23 07:03 - 2016-07-23 07:03 - 00000000 _SHDL C:\Users\Phil\Documents\My Music
2016-07-23 07:03 - 2016-07-23 07:03 - 00000000 ____D C:\Users\Phil\AppData\Roaming\Adobe
2016-07-23 07:03 - 2016-07-23 07:03 - 00000000 ____D C:\Users\Phil\AppData\Local\VirtualStore
2016-07-23 07:03 - 2016-07-23 07:03 - 00000000 ____D C:\Users\Phil\AppData\Local\TileDataLayer
2016-07-23 07:03 - 2016-07-23 07:03 - 00000000 ____D C:\Users\Phil\AppData\Local\Google
2016-07-23 07:03 - 2016-07-23 06:46 - 00000000 ____D C:\Users\Phil\AppData\Roaming\Media Center Programs
2016-07-23 07:00 - 2016-07-23 07:00 - 00002407 _____ C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-07-23 07:00 - 2016-07-23 07:00 - 00000000 ___RD C:\Users\Jeremy\OneDrive
2016-07-23 06:58 - 2016-07-23 06:58 - 00000000 ____D C:\Users\Jeremy\AppData\Local\ActiveSync
2016-07-23 06:57 - 2016-07-23 06:57 - 00000000 ____D C:\Users\Jeremy\AppData\Local\Publishers
2016-07-23 06:55 - 2016-07-23 06:55 - 00000020 ___SH C:\Users\Jeremy\ntuser.ini
2016-07-23 06:55 - 2016-07-23 06:55 - 00000000 ____D C:\Users\Jeremy\AppData\Local\TileDataLayer
2016-07-23 06:54 - 2016-07-23 06:54 - 00000000 _SHDL C:\Users\Default\My Documents
2016-07-23 06:54 - 2016-07-23 06:54 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2016-07-23 06:54 - 2016-07-23 06:54 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2016-07-23 06:54 - 2016-07-23 06:54 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2016-07-23 06:54 - 2016-07-23 06:54 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2016-07-23 06:54 - 2016-07-23 06:54 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2016-07-23 06:54 - 2016-07-23 06:54 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2016-07-23 06:53 - 2016-07-23 06:53 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat
2016-07-23 06:46 - 2016-07-23 06:46 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-07-23 06:46 - 2016-07-23 06:46 - 00000000 ____D C:\Users\Default\AppData\Roaming\Media Center Programs
2016-07-23 06:46 - 2016-07-23 06:46 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2016-07-23 06:46 - 2016-07-23 06:46 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Media Center Programs
2016-07-23 06:46 - 2016-07-23 06:46 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2016-07-23 06:43 - 2016-07-23 06:43 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines
2016-07-23 06:42 - 2016-07-23 19:54 - 00000000 ____D C:\Users\Jeremy
2016-07-23 06:42 - 2016-07-23 06:42 - 00000000 _SHDL C:\Users\Jeremy\My Documents
2016-07-23 06:42 - 2016-07-23 06:42 - 00000000 _SHDL C:\Users\Jeremy\Documents\My Videos
2016-07-23 06:42 - 2016-07-23 06:42 - 00000000 _SHDL C:\Users\Jeremy\Documents\My Pictures
2016-07-23 06:42 - 2016-07-23 06:42 - 00000000 _SHDL C:\Users\Jeremy\Documents\My Music
2016-07-23 06:41 - 2016-07-23 16:28 - 01009628 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-07-23 06:41 - 2016-07-23 06:41 - 00965390 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2016-07-23 06:39 - 2016-07-23 06:43 - 00000000 ____D C:\Program Files\Canon
2016-07-23 06:11 - 2016-07-23 06:54 - 00010449 _____ C:\WINDOWS\diagerr.xml
2016-07-23 06:11 - 2016-07-23 06:54 - 00009528 _____ C:\WINDOWS\diagwrn.xml
2016-07-23 06:11 - 2016-07-23 06:18 - 00000000 ___HD C:\$WINDOWS.~BT
2016-07-23 04:41 - 2016-07-23 04:59 - 00000000 ____D C:\WINDOWS\xSoftwareDistribution
2016-07-23 04:13 - 2016-07-23 04:13 - 00000000 ___HD C:\$Windows.~WS
2016-07-23 04:08 - 2016-07-23 04:08 - 00000639 _____ C:\Users\Jeremy\Downloads\WindowsUpdateDiagnostic (2).diagcab
2016-07-22 22:01 - 2016-07-23 04:59 - 00000000 ____D C:\$GetCurrent
2016-07-22 21:56 - 2016-07-23 04:59 - 00000000 ____D C:\Windows10Upgrade
2016-07-18 14:03 - 2016-07-23 05:29 - 00000000 ____D C:\Users\Jeremy\Documents\The Battle for Middle-Earth I & II & Rotwk Online Players BFME 1 Auto Defeat Fixer, Amazing job by THOR!_files
2016-07-18 14:03 - 2016-07-18 14:00 - 00080080 _____ C:\Users\Jeremy\Documents\The Battle for Middle-Earth I & II & Rotwk Online Players BFME 1 Auto Defeat Fixer, Amazing job by THOR!.htm


==================== One Month Modified files and folders ========


(If an entry is included in the fixlist, the file/folder will be moved.)


2016-07-28 15:24 - 2016-05-02 22:07 - 00029521 _____ C:\Users\Jeremy\Desktop\FRST.txt
2016-07-28 15:23 - 2015-08-05 22:32 - 00000000 ____D C:\FRST
2016-07-28 14:51 - 2015-09-11 22:54 - 00000898 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-28 14:31 - 2015-07-13 23:20 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-07-27 21:00 - 2014-07-22 00:26 - 00000000 ____D C:\WINDOWS\CryptoGuard
2016-07-27 17:51 - 2015-09-11 22:54 - 00000894 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-27 16:32 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-07-24 21:39 - 2015-10-30 03:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-07-24 21:36 - 2014-07-06 21:15 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2016-07-24 21:35 - 2014-07-04 15:14 - 00000000 ____D C:\Zip
2016-07-24 17:35 - 2015-10-30 03:21 - 00000000 ____D C:\WINDOWS\INF
2016-07-24 03:27 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\appcompat
2016-07-23 16:24 - 2016-06-09 03:41 - 00003602 _____ C:\WINDOWS\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3805180030-359751056-14507808-1000
2016-07-23 16:24 - 2016-06-09 03:41 - 00003536 _____ C:\WINDOWS\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3805180030-359751056-14507808-1000
2016-07-23 16:24 - 2014-10-28 17:07 - 00000000 ___RD C:\Users\Jeremy\Google Drive
2016-07-23 16:22 - 2016-04-27 02:34 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-07-23 16:13 - 2015-01-19 13:06 - 00921222 _____ C:\WINDOWS\ntbtlog.txt
2016-07-23 16:04 - 2015-10-30 02:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-07-23 12:36 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\AppLocker
2016-07-23 12:22 - 2014-07-04 18:25 - 00000000 ____D C:\Users\Jeremy\AppData\Local\ElevatedDiagnostics
2016-07-23 10:37 - 2015-10-30 03:24 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2016-07-23 10:33 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2016-07-23 10:33 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2016-07-23 10:33 - 2015-10-30 03:19 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqsnap.dll
2016-07-23 10:33 - 2015-10-30 03:19 - 00562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqutil.dll
2016-07-23 10:33 - 2015-10-30 03:19 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.dll
2016-07-23 10:33 - 2015-10-30 03:19 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
2016-07-23 10:33 - 2015-10-30 03:19 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqrt.dll
2016-07-23 10:33 - 2015-10-30 03:19 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.tlb
2016-07-23 10:33 - 2015-10-30 03:19 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa30.tlb
2016-07-23 10:33 - 2015-10-30 03:19 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa20.tlb
2016-07-23 10:33 - 2015-10-30 03:19 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
2016-07-23 10:33 - 2015-10-30 03:19 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa10.tlb
2016-07-23 10:33 - 2015-10-30 03:19 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
2016-07-23 10:33 - 2015-10-30 03:19 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
2016-07-23 10:33 - 2015-10-30 03:19 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqcertui.dll
2016-07-23 10:33 - 2015-10-30 03:19 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
2016-07-23 10:33 - 2015-10-30 03:19 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
2016-07-23 10:33 - 2015-10-30 03:19 - 00009096 _____ C:\WINDOWS\SysWOW64\msmqtrc.mof
2016-07-23 10:33 - 2015-10-30 03:18 - 01417728 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqqm.dll
2016-07-23 10:33 - 2015-10-30 03:18 - 00813056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsnap.dll
2016-07-23 10:33 - 2015-10-30 03:18 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqutil.dll
2016-07-23 10:33 - 2015-10-30 03:18 - 00317440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.dll
2016-07-23 10:33 - 2015-10-30 03:18 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqrt.dll
2016-07-23 10:33 - 2015-10-30 03:18 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
2016-07-23 10:33 - 2015-10-30 03:18 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mqac.sys
2016-07-23 10:33 - 2015-10-30 03:18 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqlogmgr.dll
2016-07-23 10:33 - 2015-10-30 03:18 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.tlb
2016-07-23 10:33 - 2015-10-30 03:18 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa30.tlb
2016-07-23 10:33 - 2015-10-30 03:18 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2016-07-23 10:33 - 2015-10-30 03:18 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa20.tlb
2016-07-23 10:33 - 2015-10-30 03:18 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
2016-07-23 10:33 - 2015-10-30 03:18 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqbkup.exe
2016-07-23 10:33 - 2015-10-30 03:18 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa10.tlb
2016-07-23 10:33 - 2015-10-30 03:18 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsvc.exe
2016-07-23 10:33 - 2015-10-30 03:18 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2016-07-23 10:33 - 2015-10-30 03:18 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqcertui.dll
2016-07-23 10:33 - 2015-10-30 03:18 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2016-07-23 10:33 - 2015-10-30 03:18 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2016-07-23 10:33 - 2015-10-30 03:18 - 00009096 _____ C:\WINDOWS\system32\msmqtrc.mof
2016-07-23 07:31 - 2015-07-13 23:20 - 00003804 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-07-23 07:26 - 2015-10-30 03:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-07-23 07:25 - 2014-07-18 15:45 - 00000000 ____D C:\Users\Jeremy\AppData\Local\Packages
2016-07-23 07:03 - 2016-04-27 02:42 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-07-23 06:58 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\rescache
2016-07-23 06:54 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2016-07-23 06:54 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\Registration
2016-07-23 06:54 - 2015-09-11 22:54 - 00004004 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-07-23 06:54 - 2014-10-19 22:13 - 00003576 _____ C:\WINDOWS\System32\Tasks\RealDownloader Update Check
2016-07-23 06:53 - 2015-10-30 03:24 - 00000000 __RSD C:\WINDOWS\Media
2016-07-23 06:53 - 2015-10-30 03:24 - 00000000 __RHD C:\Users\Public\Libraries
2016-07-23 06:53 - 2015-09-11 22:55 - 00002467 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-07-23 06:53 - 2015-09-11 22:54 - 00003752 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-07-23 06:53 - 2015-07-15 03:35 - 00004586 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-07-23 06:53 - 2014-10-19 22:14 - 00003534 _____ C:\WINDOWS\System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3805180030-359751056-14507808-1000
2016-07-23 06:48 - 2016-04-27 02:29 - 00237304 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-07-23 06:47 - 2016-05-02 22:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro.Alert
2016-07-23 06:47 - 2016-02-15 21:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elvenstar Mod
2016-07-23 06:47 - 2016-02-05 17:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3DS Compatible Action Replay Firmware Update
2016-07-23 06:47 - 2016-02-05 12:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Action Replay PowerSaves 3DS
2016-07-23 06:47 - 2015-10-30 03:24 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2016-07-23 06:47 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-07-23 06:47 - 2015-10-30 02:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-07-23 06:47 - 2015-10-13 20:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Fellowship of the Ring
2016-07-23 06:47 - 2015-09-14 16:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 2.7
2016-07-23 06:47 - 2015-08-25 21:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Action Replay DSi Code Manager
2016-07-23 06:47 - 2015-08-04 19:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-07-23 06:47 - 2015-08-02 19:11 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 2.6
2016-07-23 06:47 - 2015-07-23 20:36 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\SkipSoft Android Toolkit
2016-07-23 06:47 - 2015-05-29 14:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Magic DVD Copier
2016-07-23 06:47 - 2015-02-19 14:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Magic DVD Ripper
2016-07-23 06:47 - 2014-12-10 19:56 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameSpy Arcade
2016-07-23 06:47 - 2014-12-10 18:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2016-07-23 06:47 - 2014-12-09 16:40 - 00000000 ____D C:\WINDOWS\SysWOW64\repositorystartMonitor
2016-07-23 06:47 - 2014-10-28 17:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-07-23 06:47 - 2014-10-19 22:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
2016-07-23 06:47 - 2014-09-05 16:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Action Replay Firmware Update
2016-07-23 06:47 - 2014-08-28 17:17 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-07-23 06:47 - 2014-08-18 17:37 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameFly
2016-07-23 06:47 - 2014-08-02 21:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2016-07-23 06:47 - 2014-07-04 17:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-07-23 06:47 - 2014-07-04 16:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2016-07-23 06:47 - 2014-07-04 16:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MF4700 Series
2016-07-23 06:47 - 2014-07-04 16:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Presto! PageManager 7.15
2016-07-23 06:47 - 2014-07-04 15:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Printers
2016-07-23 06:47 - 2014-07-04 15:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-07-23 06:47 - 2013-10-03 20:58 - 00000000 ____D C:\WINDOWS\system32\RecoveryTools
2016-07-23 06:47 - 2013-10-03 20:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel(R) Management and Security
2016-07-23 06:47 - 2009-07-14 01:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-07-23 06:47 - 2009-07-13 23:20 - 00000000 ____D C:\WINDOWS\SysWOW64\catroot2.bak
2016-07-23 06:46 - 2009-07-13 23:20 - 00000000 ____D C:\Users\Default.migrated
2016-07-23 06:45 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2016-07-23 06:45 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-07-23 06:45 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2016-07-23 06:45 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-07-23 06:45 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-07-23 06:45 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\IME
2016-07-23 06:45 - 2014-07-04 16:22 - 00000000 ____D C:\WINDOWS\SysWOW64\Viewers
2016-07-23 06:45 - 2014-07-04 16:22 - 00000000 ____D C:\WINDOWS\SysWOW64\spool
2016-07-23 06:45 - 2014-07-04 16:05 - 00000000 ____D C:\WINDOWS\SysWOW64\Color
2016-07-23 06:45 - 2013-10-03 20:55 - 00000000 ____D C:\WINDOWS\SysWOW64\x64
2016-07-23 06:45 - 2013-10-03 20:55 - 00000000 ____D C:\WINDOWS\SysWOW64\Lang
2016-07-23 06:44 - 2016-04-27 02:21 - 00000000 ____D C:\WINDOWS\ShellNew
2016-07-23 06:44 - 2015-12-24 19:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sierra
2016-07-23 06:44 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\schemas
2016-07-23 06:44 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-07-23 06:44 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\Help
2016-07-23 06:44 - 2014-12-10 20:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xfire
2016-07-23 06:44 - 2014-12-10 19:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
2016-07-23 06:44 - 2014-07-15 17:49 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2016-07-23 06:44 - 2014-07-06 21:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
2016-07-23 06:44 - 2014-07-04 16:03 - 00000000 ___HD C:\WINDOWS\system32\CanonMF Uninstaller Information
2016-07-23 06:44 - 2013-10-03 20:54 - 00000000 ____D C:\ProgramData\SonicFocus
2016-07-23 06:44 - 2011-04-12 04:28 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-07-23 06:43 - 2015-10-30 03:24 - 00000000 __SHD C:\Program Files\Windows Sidebar
2016-07-23 06:43 - 2015-10-30 03:24 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2016-07-23 06:43 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-07-23 06:43 - 2014-12-16 18:12 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Games
2016-07-23 06:43 - 2014-12-10 19:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameSpy Arcade
2016-07-23 06:43 - 2014-10-23 16:34 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EA GAMES
2016-07-23 06:43 - 2014-10-16 20:59 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2016-07-23 06:43 - 2014-08-02 18:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES
2016-07-23 06:43 - 2014-07-04 16:48 - 00000000 ____D C:\Program Files\Microsoft Games
2016-07-23 06:43 - 2014-07-04 16:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon
2016-07-23 06:43 - 2013-10-03 20:54 - 00000000 ____D C:\Program Files (x86)\Analog Devices
2016-07-23 06:43 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\DVD Maker
2016-07-23 06:43 - 2009-07-13 23:20 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-07-23 06:41 - 2015-10-30 02:28 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-07-23 06:39 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\catroot2.bak2
2016-07-23 06:38 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\tracing
2016-07-23 06:22 - 2009-07-14 00:45 - 00031904 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-23 06:22 - 2009-07-14 00:45 - 00031904 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-23 05:29 - 2014-10-19 22:05 - 00000000 ____D C:\ProgramData\Real
2016-07-23 05:29 - 2014-07-09 16:25 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\My Battle for Middle-earth Files
2016-07-23 05:29 - 2014-07-04 17:58 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-07-23 05:29 - 2014-07-04 17:58 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-07-05 20:56 - 2015-02-01 17:09 - 00000000 ____D C:\Users\Jeremy\AppData\Local\CrashDumps
2016-07-01 03:11 - 2014-07-04 17:38 - 00000000 ____D C:\WINDOWS\system32\MRT


==================== Files in the root of some directories =======


1998-12-08 22:53 - 1998-12-08 22:53 - 0099840 _____ (Symantec Corp.) C:\Program Files (x86)\Common Files\IRAABOUT.DLL
1998-12-08 22:53 - 1998-12-08 22:53 - 0048640 _____ (Symantec Corp., Peter Norton Computing Group) C:\Program Files (x86)\Common Files\IRALPTTR.DLL
1998-12-08 22:53 - 1998-12-08 22:53 - 0070144 _____ (Symantec Corp., Peter Norton Computing Group) C:\Program Files (x86)\Common Files\IRAMDMTR.DLL
1998-12-08 22:53 - 1998-12-08 22:53 - 0186368 _____ (Symantec Corp., Peter Norton Computing Group) C:\Program Files (x86)\Common Files\IRAREG.DLL
1998-12-08 22:53 - 1998-12-08 22:53 - 0017920 _____ (Symantec Corp.) C:\Program Files (x86)\Common Files\IRASRIAL.DLL
1998-12-08 22:53 - 1998-12-08 22:53 - 0031744 _____ (Symantec Corp., Peter Norton Computing Group) C:\Program Files (x86)\Common Files\IRAWEBTR.DLL
2014-07-20 18:06 - 2014-07-20 18:06 - 0000000 _____ () C:\Users\Jeremy\AppData\Roaming\bitlord_log.txt
2014-07-20 18:16 - 2014-07-20 18:16 - 0000218 _____ () C:\Users\Jeremy\AppData\Local\recently-used.xbel
2015-08-11 13:04 - 2015-08-11 13:05 - 0001743 _____ () C:\ProgramData\tempimage.bmp


Files to move or delete:
====================
C:\Users\Jeremy\7z935.exe
C:\Users\Jeremy\DivXInstaller.exe
C:\Users\Jeremy\googleupdatesetup.exe
C:\Users\Jeremy\RealPlayerCloud.exe




Some files in TEMP:
====================
C:\Users\Jeremy\AppData\Local\Temp\procexp64.exe




==================== Bamital & volsnap =================


(There is no automatic fix for files that do not pass verification.)


C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed




LastRegBack: 2016-07-23 06:38


==================== End of FRST.txt ============================

Here is addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-07-2016
Ran by Jeremy (2016-07-28 15:24:45)
Running from C:\Users\Jeremy\Desktop
Windows 10 Pro Version 1511 (X64) (2016-07-23 10:55:32)
Boot Mode: Normal
==========================================================




==================== Accounts: =============================


Administrator (S-1-5-21-3805180030-359751056-14507808-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3805180030-359751056-14507808-503 - Limited - Disabled)
Guest (S-1-5-21-3805180030-359751056-14507808-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3805180030-359751056-14507808-1004 - Limited - Enabled)
Jeremy (S-1-5-21-3805180030-359751056-14507808-1000 - Administrator - Enabled) => C:\Users\Jeremy
Phil (S-1-5-21-3805180030-359751056-14507808-1005 - Administrator - Enabled) => C:\Users\Phil


==================== Security Center ========================


(If an entry is included in the fixlist, it will be removed.)


AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


==================== Installed Programs ======================


(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)


3DS Compatible Action Replay Firmware Update version 1.1 (HKLM\...\3DS Compatible Action Replay Firmware Update_is1) (Version: 1.1 - )
7-Zip 15.05 beta (HKLM-x32\...\7-Zip) (Version: - )
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Action Replay DSi Code Manager (HKLM-x32\...\Action Replay DSi Code Manager_is1) (Version: - )
Action Replay PowerSaves 3DS version 1.42 (HKLM-x32\...\{CD24B06F-0A4D-410A-AEF2-DFE6A28AB4C0}_is1) (Version: 1.42 - Datel Design & Development)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Belarc Advisor 8.4 (HKLM-x32\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)
Canon MF Toolbox 4.9.1.1.mf14 (HKLM-x32\...\{6767DFEE-8909-453A-B553-C7693912B2EB}) (Version: 4.9.1.1.mf14 - CANON INC.)
Canon MF4700 Series (HKLM\...\{47A8DB42-4E21-4d55-9931-D4F44CC3F03B}) (Version: 4.1.0.1 - CANON INC.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Consumer Input Update Helper (x32 Version: 1.3.25.309 - Compete Inc.) Hidden <==== ATTENTION
Dell Software Uninstall (HKLM\...\Dell_HostCD) (Version: - Dell, Inc.)
DSi Compatible Action Replay Firmware Update version 1.0 (HKLM\...\DSi Compatible Action Replay Firmware Update_is1) (Version: 1.0 - )
Elvenstar Mod EN (HKLM-x32\...\{6A38FB30-0DE0-4478-86BA-886461DAA6AE}_is1) (Version: 5.5 EN - Elvenstar Mod Team)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
GameFly Download Manager (HKU\S-1-5-21-3805180030-359751056-14507808-1000\...\7998bdbe8c95db7f) (Version: 1.0.0.98 - GameFly)
GameRanger (HKU\S-1-5-21-3805180030-359751056-14507808-1000\...\GameRanger) (Version: - GameRanger Technologies)
GameSpy Arcade (HKLM-x32\...\GameSpy Arcade) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Drive (HKLM-x32\...\{709316AD-161C-4D5C-9AE7-0B3A822DA271}) (Version: 1.30.2170.0459 - Google, Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Grand Theft Auto - Vice City (HKLM-x32\...\Grand Theft Auto - Vice City) (Version: 1.00 - Rockstar Games)
Grand Theft Auto III (HKLM-x32\...\Grand Theft Auto III) (Version: 1.1 - Rockstar Games)
Grand Theft Auto: San Andreas (HKLM-x32\...\Steam App 12120) (Version: - Rockstar Games)
HitmanPro.Alert (HKLM\...\HitmanPro.Alert) (Version: 2.6.5.77 - SurfRight B.V.)
HP Softpaq SP45813 (HKLM-x32\...\SP45813) (Version: - )
HP Softpaq SP45814 (HKLM-x32\...\SP45814) (Version: - )
Intel(R) Management Engine Interface (HKLM\...\HECI) (Version: - Intel Corporation)
Intel® Active Management Technology (HKLM\...\MESOL) (Version: - Intel Corporation)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
Lord of the Rings: The Fellowship of the Ring (HKLM-x32\...\InstallShield_{49C98C60-BAC3-4C92-AF4F-E890FD312D60}) (Version: 1.00.0000 - Universal Interactive)
Lord of the Rings: The Fellowship of the Ring (x32 Version: 1.00.0000 - Universal Interactive) Hidden
LOTR The Return of the King tm (HKLM-x32\...\{6E298B0A-558C-4138-0096-740677B382CD}) (Version: - )
Magic DVD Copier V9.0.0 (HKLM-x32\...\Magic DVD Copier_is1) (Version: - Magic DVD Software, Inc.)
Magic DVD Ripper V9.0.0 (HKLM-x32\...\Magic DVD Ripper_is1) (Version: - Magic DVD Software, Inc.)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Metric Collection SDK 35 (x32 Version: 1.2.0010.00 - Lenovo Group Limited) Hidden
Microsoft Games for Windows 8 x64 (HKLM\...\{B6047A78-062F-4C6F-A82D-B94DAF72FB73}) (Version: 1.2 - Microsoft)
Microsoft Halo (HKLM-x32\...\Halo) (Version: - Microsoft)
Microsoft Halo Custom Edition (HKLM-x32\...\Halo CE) (Version: - )
Microsoft Office 2000 SR-1 Premium (HKLM-x32\...\{00000409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.9327 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 47.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 en-US)) (Version: 47.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Presto! PageManager 7.15.38 (HKLM-x32\...\{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}) (Version: 7.15.38 - NewSoft Technology Corporation)
Python 2.6 (HKLM-x32\...\{110EB5C4-E995-4CFB-AB80-A5F315BEA9E8}) (Version: 2.6.150 - Python Software Foundation)
Python 2.7.7 (HKLM-x32\...\{049CA433-77A0-4e48-AC76-180A282C4E10}) (Version: 2.7.7150 - Python Software Foundation)
RealDownloader (x32 Version: 17.0.14.26 - RealNetworks) Hidden
RealDownloader (x32 Version: 17.0.14.8 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2005 Runtime (x32 Version: 8.0 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.14 - RealNetworks)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Setup (HKLM-x32\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version: - ) <==== ATTENTION
SoundMAX (HKLM-x32\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.2.7255 - Analog Devices)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
T3A Patch for BFME 1 version 1.06 (HKLM-x32\...\T3APATCH106_is1) (Version: 1.06 - )
The Battle for Middle-earth (tm) (HKLM-x32\...\{962E05CF-3394-496D-0091-850CF1762F6B}) (Version: - )
The Hobbit(TM) (HKLM-x32\...\InstallShield_{023FFB0A-C5DB-4930-B3E4-D48266C21738}) (Version: 1.00.000 - Sierra)
The Hobbit(TM) (x32 Version: 1.00.000 - Sierra) Hidden
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
Video Downloader (x32 Version: 1.0.0 - RealNetworks) Hidden
Warhammer® 40,000™: Dawn of War® II – Retribution™ (HKLM-x32\...\Steam App 56400) (Version: - Relic Entertainment)
Windows Driver Package - Datel Design & Development (usbio) USBIOControlledDevices (04/21/2009 2.40.0.0) (HKLM\...\30853F7174C6EB267FDAABE50A369169D18DA611) (Version: 04/21/2009 2.40.0.0 - Datel Design & Development)
Windows Driver Package - Datel Design & Development (usbio) USBIOControlledDevices (05/21/2012 2.40.0.0) (HKLM\...\7BD98A593B77F7A2CC2A9538524495FE39D5962E) (Version: 05/21/2012 2.40.0.0 - Datel Design & Development)
Windows Driver Package - Datel Design & Development USBIOControlledDevices (04/21/2009 2.40.0.0) (HKLM\...\8555DF8099612EF2F8333DC0EC454113D4537E7B) (Version: 04/21/2009 2.40.0.0 - Datel Design & Development)
Windows Driver Package - Datel Design & Development USBIOControlledDevices (05/21/2012 2.40.0.0) (HKLM\...\66D0EA0FEC96AC8BA6F5D30012E2C0BE83D4A67B) (Version: 05/21/2012 2.40.0.0 - Datel Design & Development)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
Xfire (HKLM-x32\...\Xfire) (Version: - )


==================== Custom CLSID (Whitelisted): ==========================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


CustomCLSID: HKU\S-1-5-21-3805180030-359751056-14507808-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Jeremy\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)


==================== Scheduled Tasks (Whitelisted) =============


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


Task: {000F9FA4-4938-4636-84BF-627378ADD7DD} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {0210421D-D5CB-4374-B49C-E2A4CD295D4A} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {02AA8C4B-6E1D-49FD-B1A1-20CD81ADF36F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {0F590822-42F9-42E4-AB3B-015D95FE6F86} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {169D6CD5-01E5-43B5-A917-B5AD9AC30635} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-11] (Google Inc.)
Task: {2DD8B90D-2589-447F-815A-C66B0A759A6E} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {33DBA7C7-3260-47AE-A8A0-86960F2B6B53} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {38ED2659-EFEB-4EFB-A5B3-CD7EA326A7BC} - \CIMT_S-1-5-21-3805180030-359751056-14507808-1000 -> No File <==== ATTENTION
Task: {396F2D78-499F-4F49-AEB1-74669080AABE} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {415F6A8C-4F8E-4AEB-890F-9B93DE7E5392} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3805180030-359751056-14507808-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2014-09-26] (RealNetworks, Inc.)
Task: {469DADE9-F6BF-44AD-884C-721649DE206A} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {46C16EA2-162F-4327-BCF6-4DD815AF664E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {47708D29-843C-4A47-AA6A-056BE6FE7C2E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {49235513-BF11-4C26-ABE3-497C283E718F} - \ConsumerInputUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {5A83C793-9031-4BE4-A1E5-99207DF6F60F} - \Inst_Rep -> No File <==== ATTENTION
Task: {5AF90A46-6061-42A7-B254-86CB122BF076} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {5F7B4071-1C59-47E4-960A-98AF1FCF9E70} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {625C34CB-6239-40A1-88A1-64BA0137CBD3} - \ConsumerInputUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {6653C791-FC8F-431A-8BDE-73FA481C3E57} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {6AFB74E6-167C-4BEE-9864-35CC0766DA4C} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3805180030-359751056-14507808-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-09-26] (RealNetworks, Inc.)
Task: {6C9183A7-9455-4F39-941A-E7244AD8A500} - \YTDownloader -> No File <==== ATTENTION
Task: {6EBE6656-342D-41E5-A6D5-1A597B9C5306} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {70518FB3-EE4A-4AAB-8F08-8BDBCEE49383} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {78F8F9A1-83C0-4704-8113-9FD2B8212B5F} - \{90279BC4-395E-4E5A-A4A8-AD8EB29C870A} -> No File <==== ATTENTION
Task: {7977107B-8C9B-494A-9CBA-FEBF91D2A49D} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {7A468AF5-3C4C-42CC-BBEE-9A7D40B9C71B} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {7C3B2A57-7FEF-4E68-9736-13E5EFED1379} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {7EA512DA-8CAB-4CA4-8DAC-723D57C7B37F} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {82E8CA62-1EA3-4818-975B-F5A7A85CFB11} - \IBUpd -> No File <==== ATTENTION
Task: {860D2386-E0AE-494C-A1F5-C16E99B1CE07} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {87AB9F89-E1AA-436E-A23B-B5D5E786A7DA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {87DB9771-8AE8-41BF-B54D-8FE23CB2D672} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {8998A528-4EF5-4C66-8948-99C1A1906F4B} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {8F274B20-9973-44CC-80CA-F1F2F01AA54F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {97B0B8C4-9463-47BA-AC92-1BE830A01023} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {97E852C8-B92D-4165-AAD3-BCEA8DFBE29A} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {9B4B78E2-0241-47DE-82CE-4786981A5CF9} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {A2217187-F5D7-43BD-A8D1-84C2BFADC609} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {A4322ED5-F25D-49C3-9110-0196F93C645D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {AFCCA4F6-B8CB-43F3-B1BA-27B07058CCC8} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {BBCF06DB-A9EF-444C-B723-BDEE3FA80BF4} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {BE0FB19A-D933-426B-9362-C1AEDB645FF0} - \PC SpeedUp Service Deactivator -> No File <==== ATTENTION
Task: {C1ACE320-0859-4EB4-A7ED-A58AF8A225CF} - \YTDownloaderUpd -> No File <==== ATTENTION
Task: {C1D32E73-A2B0-4874-B2EB-AC900C816B9C} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {CA3BA574-3AB2-4AF4-8318-3E956C4AD006} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {CC99F6E1-0075-407B-9336-D39434F9EB6F} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [2014-09-23] ()
Task: {D0DDAE97-74E8-4612-AF97-0260B5E0224C} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {D18C79C0-F3D3-43DB-B9E2-5B830579F8C7} - \CIMT_daily_S-1-5-21-3805180030-359751056-14507808-1000 -> No File <==== ATTENTION
Task: {D2BEE5CA-1279-4C30-93C8-5FEA1C89C850} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {D498569F-F2FB-40E8-B75A-70D753A16AFC} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {E059014F-8F94-47DD-83AE-1DB764EA1012} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {E3C23610-BCB5-4749-8901-3408011175A4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-11] (Google Inc.)
Task: {E545568B-098F-4306-BB52-05C709069995} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3805180030-359751056-14507808-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-09-26] (RealNetworks, Inc.)
Task: {E61479D7-38F2-4FDA-9CD2-CC7C0BC6D8B3} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {EA1C8A6F-F17F-4762-A68B-7FAA2987C21F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {EB5D7B6D-5448-4408-95EB-24183B096E60} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-23] (Adobe Systems Incorporated)
Task: {FB7B4F99-52B4-49DD-85F3-7032EBAD69A6} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe


==================== Shortcuts =============================


(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Jeremy\Desktop\Elvenstar Mod 5.5.lnk -> C:\Program Files (x86)\EA GAMES\The Battle for Middle-earth (tm)\ElvModEN.bat ()
Shortcut: C:\Users\Jeremy\AppData\Local\Microsoft\Windows\GameExplorer\{D8572B51-EFEB-4860-8149-21EE0CF1B434}\SupportTasks\1\Support.lnk -> hxxp://techsupport.ea.com/
Shortcut: C:\Users\Jeremy\AppData\Local\Microsoft\Windows\GameExplorer\{D8572B51-EFEB-4860-8149-21EE0CF1B434}\SupportTasks\0\More Games from Microsoft.lnk -> hxxp://www.lordoftherings.ea.com/
Shortcut: C:\Users\Jeremy\AppData\Local\Microsoft\Windows\GameExplorer\{D1A826C3-1120-4775-96A8-D925986EC338}\SupportTasks\0\Support.lnk -> hxxp://www.rockstargames.com/
Shortcut: C:\Users\Jeremy\AppData\Local\Microsoft\Windows\GameExplorer\{BCE00A86-FE58-4113-B7F9-06303C8A7B49}\SupportTasks\0\More Games from Microsoft.lnk -> hxxp://www.lordoftherings.com/
Shortcut: C:\Users\Jeremy\AppData\Local\Microsoft\Windows\GameExplorer\{B6A05C7F-37F9-4999-84E3-B319558BBB1A}\SupportTasks\0\More Games from Microsoft.lnk -> hxxp://www.rockstargames.com/vicecity/
Shortcut: C:\Users\Jeremy\AppData\Local\Microsoft\Windows\GameExplorer\{B178D511-F435-4E95-8F66-2DD18EE97D23}\SupportTasks\1\Support.lnk -> hxxp://support.microsoft.com/
Shortcut: C:\Users\Jeremy\AppData\Local\Microsoft\Windows\GameExplorer\{B178D511-F435-4E95-8F66-2DD18EE97D23}\SupportTasks\0\More Games from Microsoft.lnk -> hxxp://www.microsoft.com/games/halo/
Shortcut: C:\Users\Jeremy\AppData\Local\Microsoft\Windows\GameExplorer\{98649785-0298-46DB-B8B4-710C262D8C3B}\SupportTasks\1\Support.lnk -> hxxp://support.vugames.com/
Shortcut: C:\Users\Jeremy\AppData\Local\Microsoft\Windows\GameExplorer\{98649785-0298-46DB-B8B4-710C262D8C3B}\SupportTasks\0\More Games from Microsoft.lnk -> hxxp://www.thehobbit.sierra.com/
Shortcut: C:\Users\Jeremy\AppData\Local\Microsoft\Windows\GameExplorer\{6930C793-5244-4D39-AD3A-A4314B3C3FDE}\SupportTasks\1\Support.lnk -> hxxp://techsupport.ea.com/
Shortcut: C:\Users\Jeremy\AppData\Local\Microsoft\Windows\GameExplorer\{6930C793-5244-4D39-AD3A-A4314B3C3FDE}\SupportTasks\0\More Games from Microsoft.lnk -> hxxp://www.lordoftherings.eagames.com/


ShortcutWithArgument: C:\Users\Jeremy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dmysearch.com/?prd=set_epc&s=G28zamotn17672,a9ace752-2ad7-4b9b-9b7d-415012e99898,
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dmysearch.com/?prd=set_epc&s=G28zamotn17672,a9ace752-2ad7-4b9b-9b7d-415012e99898,
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www-mysearch.com/?prd=set_epc&s=G28zamotn17672,a9ace752-2ad7-4b9b-9b7d-415012e99898,
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dmysearch.com/?prd=set_epc&s=G28zamotn17672,a9ace752-2ad7-4b9b-9b7d-415012e99898,


==================== Loaded Modules (Whitelisted) ==============


2015-10-30 03:18 - 2015-10-30 03:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2014-09-26 15:14 - 2014-09-26 15:14 - 00031344 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2014-09-26 10:18 - 2014-09-26 10:18 - 00039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2016-04-27 02:10 - 2016-04-27 02:10 - 02654872 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-27 02:24 - 2016-04-27 02:24 - 00044032 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_1.10.22012.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-04-27 02:10 - 2016-04-27 02:10 - 02654872 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-07-23 07:00 - 2016-07-23 07:00 - 00959168 _____ () C:\Users\Jeremy\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2016-04-27 02:10 - 2016-04-27 02:10 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-04-27 02:10 - 2016-04-27 02:10 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-04-27 02:10 - 2016-04-27 02:10 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-04-27 02:10 - 2016-04-27 02:10 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-04-27 02:10 - 2016-04-27 02:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-04-27 02:10 - 2016-04-27 02:10 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2014-07-04 16:08 - 2006-09-20 08:35 - 00020480 _____ () C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
2014-07-04 16:08 - 2006-10-30 16:59 - 00024576 _____ () C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
2014-09-23 14:54 - 2014-09-23 14:54 - 00551488 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
2014-09-26 15:13 - 2014-09-26 15:13 - 00035464 _____ () C:\Program Files (x86)\Real\UpdateService\DL2UpdatePlugin.dll
2014-09-26 15:13 - 2014-09-26 15:13 - 00035976 _____ () C:\Program Files (x86)\Real\UpdateService\RealDownloaderUpdatePlugin.dll
2014-09-26 15:13 - 2014-09-26 15:13 - 00033400 _____ () C:\Program Files (x86)\Real\UpdateService\RPDSUpdatePlugin.dll
2014-09-26 15:13 - 2014-09-26 15:13 - 00034456 _____ () C:\Program Files (x86)\Real\UpdateService\VideoDLUpdatePlugin.dll
2014-10-20 00:16 - 2014-10-20 00:16 - 00865880 _____ () c:\program files (x86)\real\realplayer\RPDS\Plugins\cldplin.dll
2013-10-03 20:55 - 2009-07-24 14:29 - 00077824 _____ () C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\DTMessageLib.dll
2016-04-27 02:24 - 2016-04-27 02:24 - 00151040 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_1.10.22012.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-27 02:24 - 2016-04-27 02:24 - 18818048 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_1.10.22012.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-07-23 07:00 - 2016-07-23 07:00 - 00679624 _____ () C:\Users\Jeremy\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll
2014-09-23 14:05 - 2014-09-23 14:05 - 01382048 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\cpprest100_1_2.dll
2016-07-23 16:24 - 2016-07-23 16:24 - 00098816 ____R () C:\Users\Jeremy\AppData\Local\Temp\_MEI13002\win32api.pyd
2016-07-23 16:24 - 2016-07-23 16:24 - 00110080 ____R () C:\Users\Jeremy\AppData\Local\Temp\_MEI13002\pywintypes27.dll
2016-07-23 16:24 - 2016-07-23 16:24 - 00364544 ____R () C:\Users\Jeremy\AppData\Local\Temp\_MEI13002\pythoncom27.dll
2016-07-23 16:24 - 2016-07-23 16:24 - 00320512 ____R () C:\Users\Jeremy\AppData\Local\Temp\_MEI13002\win32com.shell.shell.pyd
2016-07-23 16:24 - 2016-07-23 16:24 - 00776704 ____R () C:\Users\Jeremy\AppData\Local\Temp\_MEI13002\_hashlib.pyd
2016-07-23 16:24 - 2016-07-23 16:24 - 01176576 ____R () C:\Users\Jeremy\AppData\Local\Temp\_MEI13002\wx._core_.pyd
2016-07-23 16:24 - 2016-07-23 16:24 - 00806400 ____R () C:\Users\Jeremy\AppData\Local\Temp\_MEI13002\wx._gdi_.pyd
2016-07-23 16:24 - 2016-07-23 16:24 - 00816128 ____R () C:\Users\Jeremy\AppData\Local\Temp\_MEI13002\wx._windows_.pyd
2016-07-23 16:24 - 2016-07-23 16:24 - 01067008 ____R () C:\Users\Jeremy\AppData\Local\Temp\_MEI13002\wx._controls_.pyd
2016-07-23 16:24 - 2016-07-23 16:24 - 00733184 ____R () C:\Users\Jeremy\AppData\Local\Temp\_MEI13002\wx._misc_.pyd
2016-07-23 16:24 - 2016-07-23 16:24 - 00682496 ____R () C:\Users\Jeremy\AppData\Local\Temp\_MEI13002\pysqlite2._sqlite.pyd
2016-07-23 16:24 - 2016-07-23 16:24 - 00088064 ____R () C:\Users\Jeremy\AppData\Local\Temp\_MEI13002\_ctypes.pyd
2016-07-23 16:24 - 2016-07-23 16:24 - 00119808 ____R () C:\Users\Jeremy\AppData\Local\Temp\_MEI13002\win32file.pyd
2016-07-23 16:24 - 2016-07-23 16:24 - 00108544 ____R () C:\Users\Jeremy\AppData\Local\Temp\_MEI13002\win32security.pyd
2016-07-23 16:24 - 2016-07-23 16:24 - 00007168 ____R () C:\Users\Jeremy\AppData\Local\Temp\_MEI13002\hashobjs_ext.pyd
2016-07-23 16:24 - 2016-07-23 16:24 - 00017920 ____R () C:\Users\Jeremy\AppData\Local\Temp\_MEI13002\thumbnails_ext.pyd
2016-07-23 16:24 - 2016-07-23 16:24 - 00088064 ____R () C:\Users\Jeremy\AppData\Local\Temp\_MEI13002\usb_ext.pyd
2016-07-23 16:24 - 2016-07-23 16:24 - 00012288 ____R () C:\Users\Jeremy\AppData\Local\Temp\_MEI13002\common.time34.pyd
2016-07-23 16:24 - 2016-07-23 16:24 - 00018432 ____R () C:\Users\Jeremy\AppData\Local\Temp\_MEI13002\win32event.pyd
2016-07-23 16:24 - 2016-07-23 16:24 - 00167936 ____R () C:\Users\Jeremy\AppData\Local\Temp\_MEI13002\win32gui.pyd
2016-07-23 16:24 - 2016-07-23 16:24 - 00046080 ____R () C:\Users\Jeremy\AppData\Local\Temp\_MEI13002\_socket.pyd
2016-07-23 16:24 - 2016-07-23 16:24 - 01208320 ____R () C:\Users\Jeremy\AppData\Local\Temp\_MEI13002\_ssl.pyd
2016-07-23 16:24 - 2016-07-23 16:24 - 00128512 ____R () C:\Users\Jeremy\AppData\Local\Temp\_MEI13002\_elementtree.pyd
2016-07-23 16:24 - 2016-07-23 16:24 - 00127488 ____R () C:\Users\Jeremy\AppData\Local\Temp\_MEI13002\pyexpat.pyd
2016-07-23 16:24 - 2016-07-23 16:24 - 00038912 ____R () C:\Users\Jeremy\AppData\Local\Temp\_MEI13002\win32inet.pyd
2016-07-23 16:24 - 2016-07-23 16:24 - 00036864 ____R () C:\Users\Jeremy\AppData\Local\Temp\_MEI13002\_psutil_windows.pyd
2016-07-23 16:24 - 2016-07-23 16:24 - 00525208 ____R () C:\Users\Jeremy\AppData\Local\Temp\_MEI13002\windows._lib_cacheinvalidation.pyd
2016-07-23 16:24 - 2016-07-23 16:24 - 00011264 ____R () C:\Users\Jeremy\AppData\Local\Temp\_MEI13002\win32crypt.pyd
2016-07-23 16:24 - 2016-07-23 16:24 - 00077312 ____R () C:\Users\Jeremy\AppData\Local\Temp\_MEI13002\wx._html2.pyd
2016-07-23 16:24 - 2016-07-23 16:24 - 00027136 ____R () C:\Users\Jeremy\AppData\Local\Temp\_MEI13002\_multiprocessing.pyd
2016-07-23 16:24 - 2016-07-23 16:24 - 00020480 ____R () C:\Users\Jeremy\AppData\Local\Temp\_MEI13002\_yappi.pyd
2016-07-23 16:24 - 2016-07-23 16:24 - 00035840 ____R () C:\Users\Jeremy\AppData\Local\Temp\_MEI13002\win32process.pyd
2016-07-23 16:24 - 2016-07-23 16:24 - 00686080 ____R () C:\Users\Jeremy\AppData\Local\Temp\_MEI13002\unicodedata.pyd
2016-07-23 16:24 - 2016-07-23 16:24 - 00078848 ____R () C:\Users\Jeremy\AppData\Local\Temp\_MEI13002\wx._animate.pyd
2016-07-23 16:24 - 2016-07-23 16:24 - 00123392 ____R () C:\Users\Jeremy\AppData\Local\Temp\_MEI13002\wx._wizard.pyd
2016-07-23 16:24 - 2016-07-23 16:24 - 00024064 ____R () C:\Users\Jeremy\AppData\Local\Temp\_MEI13002\win32pipe.pyd
2016-07-23 16:24 - 2016-07-23 16:24 - 00010240 ____R () C:\Users\Jeremy\AppData\Local\Temp\_MEI13002\select.pyd
2016-07-23 16:24 - 2016-07-23 16:24 - 00025600 ____R () C:\Users\Jeremy\AppData\Local\Temp\_MEI13002\win32pdh.pyd
2016-07-23 16:24 - 2016-07-23 16:24 - 00017408 ____R () C:\Users\Jeremy\AppData\Local\Temp\_MEI13002\win32profile.pyd
2016-07-23 16:24 - 2016-07-23 16:24 - 00022528 ____R () C:\Users\Jeremy\AppData\Local\Temp\_MEI13002\win32ts.pyd


==================== Alternate Data Streams (Whitelisted) =========


(If an entry is included in the fixlist, only the ADS will be removed.)




==================== Safe Mode (Whitelisted) ===================


(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)




==================== Association (Whitelisted) ===============


(If an entry is included in the fixlist, the registry item will be restored to default or removed.)




==================== Internet Explorer trusted/restricted ===============


(If an entry is included in the fixlist, it will be removed from the registry.)




==================== Hosts content: ===============================


(If needed Hosts: directive could be included in the fixlist to reset Hosts.)


2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts




==================== Other Areas ============================


(Currently there is no automatic fix for this section.)


HKU\S-1-5-21-3805180030-359751056-14507808-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Jeremy\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
DNS Servers: 208.59.247.45 - 208.59.247.46
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.


==================== MSCONFIG/TASK MANAGER disabled items ==


(Currently there is no automatic fix for this section.)


MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun


==================== FirewallRules (Whitelisted) ===============


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [{4E213881-174E-4692-8B07-4F7F24370A0B}] => (Allow) C:\Windows\System32\DKabcoms.exe
FirewallRules: [{3E171E62-83AA-4A88-9CA4-A94AF9A22C26}] => (Allow) C:\Windows\System32\DKabcoms.exe


==================== Restore Points =========================


ATTENTION: System Restore is disabled


==================== Faulty Device Manager Devices =============


Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


Name: Video Controller
Description: Video Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.




==================== Event log errors: =========================


Application errors:
==================
Error: (07/27/2016 08:13:32 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xD0000272
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=TimerEvent


Error: (07/26/2016 08:13:32 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xD0000272
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=TimerEvent


Error: (07/25/2016 08:13:31 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xD0000272
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=TimerEvent


Error: (07/24/2016 08:13:32 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xD0000272
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=NetworkAvailable


Error: (07/24/2016 05:39:07 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={809C849F-A880-4A8E-B47D-E410FE38BEBF}: The user Samwise\Jeremy dialed a connection named Schwarz which has failed. The error code returned on failure is 651.


Error: (07/24/2016 05:37:01 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={5FB42F27-9CE8-4EBB-ACCB-FFE22C841E92}: The user Samwise\Jeremy dialed a connection named Schwarz which has failed. The error code returned on failure is 651.


Error: (07/24/2016 05:36:40 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xD0000272
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=NetworkAvailable


Error: (07/24/2016 05:36:40 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={7DB77088-148F-4FA5-9246-CC564D88E827}: The user Samwise\Jeremy dialed a connection named Schwarz which has failed. The error code returned on failure is 0.


Error: (07/24/2016 05:36:20 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={A37D9B9E-0347-4AB9-AB2A-6A65FF094B79}: The user Samwise\Jeremy dialed a connection named Schwarz which has failed. The error code returned on failure is 651.


Error: (07/24/2016 05:35:54 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={999ED6D7-C3C7-4843-B3AD-D175EAF8585B}: The user Samwise\Jeremy dialed a connection named Schwarz which has failed. The error code returned on failure is 651.




System errors:
=============
Error: (07/25/2016 06:53:10 AM) (Source: DCOM) (EventID: 10016) (User: Samwise)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}SamwiseJeremyS-1-5-21-3805180030-359751056-14507808-1000LocalHost (Using LRPC)Microsoft.Windows.FeatureOnDemand.InsiderHub_10.0.10586.0_neutral_neutral_cw5n1h2txyewyS-1-15-2-4016783169-893401051-2237370320-274899566-412088533-2398988950-2155762795


Error: (07/24/2016 06:53:21 AM) (Source: DCOM) (EventID: 10016) (User: Samwise)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}SamwiseJeremyS-1-5-21-3805180030-359751056-14507808-1000LocalHost (Using LRPC)Microsoft.Windows.FeatureOnDemand.InsiderHub_10.0.10586.0_neutral_neutral_cw5n1h2txyewyS-1-15-2-4016783169-893401051-2237370320-274899566-412088533-2398988950-2155762795


Error: (07/23/2016 04:22:59 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.




Error: (07/23/2016 04:22:57 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 4:05:00 PM on ‎7/‎23/‎2016 was unexpected.


Error: (07/23/2016 04:21:23 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068 = The dependency service or group failed to start.




Error: (07/23/2016 04:21:23 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068 = The dependency service or group failed to start.




Error: (07/23/2016 04:19:15 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068 = The dependency service or group failed to start.




Error: (07/23/2016 04:19:15 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068 = The dependency service or group failed to start.




Error: (07/23/2016 04:16:44 PM) (Source: DCOM) (EventID: 10005) (User: Samwise)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}


Error: (07/23/2016 04:16:38 PM) (Source: DCOM) (EventID: 10005) (User: Samwise)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}




CodeIntegrity:
===================================
Date: 2016-07-28 15:22:34.772
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


Date: 2016-07-28 15:22:34.764
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


Date: 2016-07-28 15:22:34.753
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


Date: 2016-07-24 21:26:23.840
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


Date: 2016-07-24 21:26:23.831
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


Date: 2016-07-24 21:26:23.804
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


Date: 2016-07-24 17:59:34.663
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


Date: 2016-07-24 17:59:34.651
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


Date: 2016-07-24 17:59:34.637
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


Date: 2016-07-24 17:59:34.629
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.




==================== Memory info ===========================


Processor: Intel(R) Core(TM)2 Duo CPU E8500 @ 3.16GHz
Percentage of memory in use: 47%
Total physical RAM: 3991.24 MB
Available physical RAM: 2105.54 MB
Total Virtual: 8343.24 MB
Available Virtual: 6437.01 MB


==================== Drives ================================


Drive c: (Windows) (Fixed) (Total:913.88 GB) (Free:759.99 GB) NTFS


==================== MBR & Partition Table ==================


========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 9D339448)
Partition 1: (Not Active) - (Size=11.7 GB) - (Type=27)
Partition 2: (Active) - (Size=5.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=913.9 GB) - (Type=07 NTFS)


==================== End of Addition.txt ============================
 
I'll review the logs. You should automatically get notified of responses to a thread that you create. You can confirm if it is set up properly by clicking the Thread Tools link at the top right of the screen and if you see the option to Unsubscribe, then it means you are already subscribed. Maybe the email got stuck in a spam filter? It's also possible that an email didn't go out. It happens but not often.

Capture.JPG
 
After reviewing your logs, I believe I may see the cause of your issues. If you had HitmanPro.Alert installed prior to upgrading to Windows 10 then this is likely the cause of your troubles upgrading to Windows 10. Here is examples of people with similar issues upgrading to Windows 10 that had this software installed. HitmanPro.Alert Crashes Windows 10 Upgrade | MCB Systems

I also see a Chrome extension named Dealz which I would suspect would be adware and should be removed.
Code: 
CHR Extension: (Dealz) - C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\manaobgbdfpjjjnheogfghmjbikhjnlf [2016-07-22]

Is there a reason that you have System Restore disabled?
Code: 
ATTENTION: System Restore is disabled

Lastly, it doesn't appear that your Windows 10 system is activated.
Code: 
Error: (07/27/2016 08:13:32 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
 Description: License Activation (slui.exe) failed with the following error code:
 hr=0xD0000272
 Command-line arguments:
 RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=TimerEvent


What I would suggest you do is the following.

1. Temporarily uninstall HimanPro.Alert
2. Run the Windows 10 installer again to repair your current installation. No programs or data will be lost in this process. Steps are below.

a. Download the Media Creation Tool and save this to your desktop. Go ahead and run this as well. Note: Click the Download tool now button when you get to this link.
b. Accept the License Agreement
c. Keep the default Upgrade this PC option and click Next.
d. Let this process complete the upgrade to the newest build and let me know when complete.
 
I see Unsubscribe from this thread... in Thread tools for this thread, but I did not receive notification -- either in my inbox or in my spam folder.
FWIW, my email address forwards from Earthlink (which owns the ix.netcom.com domain) to Gmail -- but I saw no evidence of any message from sysnative.com coming through Earthlink's web mail.

I may not have made myself clear -- I *was* able to upgrade to Win10 using media I created (on another machine) with the Media Creation Tool -- even *without* uninstalling HitmanPro Alert. So that was apparently not my problem.

The problem I am having is with connecting to Windows Update after the upgrade to Windows 10.

If the Windows 10 installation is not activated (as seems to be the case), how do I activate it?
I have the Windows 7 license key from the Windows 7 installation that was on this machine when I upgraded to Windows 10.

I am going to guess that the Windows Update download failures are because the Windows 10 installation is not activated.
(Is hosing a system's activation something that could have been done by malware?)

I'll clean out the Dealz adware -- thanks for noticing that.

I also did not disable System Restore. (Again, is that something that could have been done by malware?)
How do I re-enable it, and how can I tell whether it has been correctly enabled after that?

Thanks...
 
I see Unsubscribe from this thread... in Thread tools for this thread, but I did not receive notification -- either in my inbox or in my spam folder.
FWIW, my email address forwards from Earthlink (which owns the ix.netcom.com domain) to Gmail -- but I saw no evidence of any message from sysnative.com coming through Earthlink's web mail.
Click to expand...
You may want to try a different email temporarily to test if it's not sending or is a communication failure to EarthLink.


I may not have made myself clear -- I *was* able to upgrade to Win10 using media I created (on another machine) with the Media Creation Tool -- even *without* uninstalling HitmanPro Alert. So that was apparently not my problem.

The problem I am having is with connecting to Windows Update after the upgrade to Windows 10.

If the Windows 10 installation is not activated (as seems to be the case), how do I activate it?
I have the Windows 7 license key from the Windows 7 installation that was on this machine when I upgraded to Windows 10.

I am going to guess that the Windows Update download failures are because the Windows 10 installation is not activated.
(Is hosing a system's activation something that could have been done by malware?)
Click to expand...

You were clear and I understand that you are on Windows 10. I'm still suggesting that you follow the steps from my previous post after uninstalling Hitman. It acts like a repair install right over the top of your current Windows 10. I believe this may fix your activation/Windows Update issues.

also did not disable System Restore. (Again, is that something that could have been done by malware?)
How do I re-enable it, and how can I tell whether it has been correctly enabled after that?
Click to expand...

We'll handle that after the repair install.
 
OK. Should I do the repair install with the Windows 10 media I made on my other machine, or do I need to make new media?
I made the media on my other machine on 7/24/16.
If I need to make new media, I will have to do so on the other machine, because the machine unable to download updates also throws an 80072efd error when I try to bring up the Windows 10 Media Creation Tool.
 
OK, I've done the reinstall, after uninstalling Hitman Pro Alert. (I got a warning when I started setup.exe on the install media that I would lose the ability to revert to Windows 7 by doing so.)
HitmanProAlert was *not* the problem.
I did *not* have the symptoms described in the article you linked to.

Same result re. updates.
I can detect updates, but I can't download them.
I can't activate Windows -- I get error 0xD0000272. According to Microsoft, this is a transient error attempting to reach the activation servers.
I also see transient errors (0x80072EFD) in the Windows Update log encountered by BITS.

I am pretty sure that the malware we removed from Win 7 a few months back set up a phony proxy for Windows Update.
Could there be remnants of that still in the internal configuration data of Windows Update?

I don't seem to be able to turn on System Restore -- the button to do so in the Recovery applet in Control Panel is greyed out.

I do have the license key from the Windows 7 installation, if I have to activate by phone :-(.
 
Correction -- I *am* able to turn on System Restore.
I successfully created a restore point, to verify that it is working.

(FWIW I am seeing 3 volumes offered to turn on System Protection, "SYSTEM", C:, and "Recovery". I think "Recovery" is the factory-reset partition that was on the hard disk when we bought the machine -- would wipe C: and reinstall Win7. "SYSTEM" I think is a holdover from Win7. Curiously, when I look at System Protection configuration for another machine we have that successfully upgraded from Win7 to Win10, I only see C: -- no "SYSTEM" partition. On that machine, when I go into Disk Management I do see the Win7 "SYSTEM" partition only it is not offered to me to turn on System Protection on it.)

Still need to figure out the failure to connect to MS activation and BITS servers though.
See previous post.
 
Thanks for the info. Please do the following.

Step#1 - AdWCleaner
1. Please download AdwCleaner by Xplode onto your desktop.
2. Close all open programs and internet browsers.
3. Right-click on AdwCleaner.exe and select Run as administrator to run the tool. Click I agree if you agree with the terms of use.
4. Click on Scan.
5. After the scan is complete, if you get a message that states "AdwCleaner found no malicious program on your computer!" then you can click OK and then click the Logfile button. Notepad will open with some information. Copy/Paste this into your next reply. No need to continue with the rest of the steps for AdwCleaner.
6. If you don't get that message then click on "Clean"
7. Confirm each time with Ok.
8. Your computer will be rebooted automatically. A text file will open after the restart.
9. Please post the content of that logfile with your next answer.
10. If need be, you can also find the logfile at C:\AdwCleaner\AdwCleaner
Danger

.txt

Danger

as well.

Step#2 - JRT by Malwarebytes
1. Download Junkware Removal Tool to your desktop.
2. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
3. The tool will open. Press any key at the Disclaimer screen and the program will create a restore point and then start scanning your system.
4. Please be patient as this can take a while to complete depending on your system's specifications.
5. On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
6. Close the text file and reboot your machine.
7. Post the contents of JRT.txt into your next message.

Items for your next post
1. Adwcleaner log
2. JRT log

 
AdwCleaner log:

# AdwCleaner v5.201 - Logfile created 02/08/2016 at 09:47:47
# Updated 30/06/2016 by ToolsLib
# Database : 2016-08-02.1 [Server]
# Operating system : Windows 10 Pro (X64)
# Username : Jeremy - SAMWISE
# Running from : C:\Users\Jeremy\Desktop\AdwCleaner (1).exe
# Option : Clean
# Support : ToolsLib - Forum: Ask for help or share your experience.


***** [ Services ] *****




***** [ Folders ] *****


[-] Folder Deleted : C:\Users\Jeremy\AppData\Local\Microsoft\Silverlight\OutOfBrowser\Speedchecker.PCSpeedUp
[-] Folder Deleted : C:\Users\Jeremy\AppData\Local\VirtualStore\Program Files (x86)\tencent
[#] Folder Deleted : C:\Users\Jeremy\AppData\Local\VirtualStore\Program Files (x86)\Tencent


***** [ Files ] *****


[-] File Deleted : C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.medianewpagesearch.com_0.localstorage
[-] File Deleted : C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.medianewpagesearch.com_0.localstorage-journal
[-] File Deleted : C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
[-] File Deleted : C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
[-] File Deleted : C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_veohb.net_0.localstorage
[-] File Deleted : C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_veohb.net_0.localstorage-journal


***** [ DLLs ] *****




***** [ WMI ] *****




***** [ Shortcuts ] *****


[-] Shortcut Disinfected : C:\Users\Public\Desktop\Google Chrome.lnk
[-] Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[-] Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[-] Shortcut Disinfected : C:\Users\Jeremy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk


***** [ Scheduled tasks ] *****


[-] Task Deleted : ConsumerInputUpdateTaskMachineCore
[-] Task Deleted : ConsumerInputUpdateTaskMachineUA
[-] Task Deleted : Inst_Rep
[-] Task Deleted : PC SpeedUp Service Deactivator
[-] Task Deleted : YTDownloader
[-] Task Deleted : YTDownloaderUpd
[-] Task Deleted : IBUpd


***** [ Registry ] *****


[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION [wb.exe]
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\BDSWShellExt.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXE
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [ExploreMedia.exe]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [SpeedCheckerService.exe]
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\YTDownloader.exe
[-] Key Deleted : HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\QMContextUninstall
[-] Key Deleted : HKEY_CLASSES_ROOT\Folder\ShellEx\ContextMenuHandlers\QMContextUninstall
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION [DeskBar.exe]
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.qq.qmchext
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\QMContextScan.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\QMContextUninstall.DLL
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION [WeatherBug.exe]
[-] Key Deleted : HKLM\SOFTWARE\Classes\.qbox
[-] Key Deleted : HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\QMContextUninstall
[#] Value Deleted : HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION [wb.exe]
[#] Value Deleted : HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION [SpeedCheckerService.exe]
[-] Key Deleted : HKEY_CLASSES_ROOT\.qmgc
[-] Key Deleted : HKCU\Software\Google\Chrome\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa
[-] Key Deleted : HKLM\SOFTWARE\Classes\AniGIFCtrl.AniGIF
[-] Key Deleted : HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg
[-] Key Deleted : HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2
[-] Key Deleted : HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\BDDownloadProxy.Downloader
[-] Key Deleted : HKLM\SOFTWARE\Classes\BDDownloadProxy.Downloader.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\BDSWShellExt.BDSWShellExtMenu
[-] Key Deleted : HKLM\SOFTWARE\Classes\BDSWShellExt.BDSWShellExtMenu.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\dream.capture
[-] Key Deleted : HKLM\SOFTWARE\Classes\dream.capture.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\metnsd
[-] Key Deleted : HKLM\SOFTWARE\Classes\MTview.bmp
[-] Key Deleted : HKLM\SOFTWARE\Classes\MTview.dib
[-] Key Deleted : HKLM\SOFTWARE\Classes\MTview.emf
[-] Key Deleted : HKLM\SOFTWARE\Classes\MTview.exif
[-] Key Deleted : HKLM\SOFTWARE\Classes\MTview.gif
[-] Key Deleted : HKLM\SOFTWARE\Classes\MTview.ico
[-] Key Deleted : HKLM\SOFTWARE\Classes\MTview.jfif
[-] Key Deleted : HKLM\SOFTWARE\Classes\MTview.jpe
[-] Key Deleted : HKLM\SOFTWARE\Classes\MTview.jpeg
[-] Key Deleted : HKLM\SOFTWARE\Classes\MTview.jpg
[-] Key Deleted : HKLM\SOFTWARE\Classes\MTview.png
[-] Key Deleted : HKLM\SOFTWARE\Classes\MTview.tif
[-] Key Deleted : HKLM\SOFTWARE\Classes\MTview.tiff
[-] Key Deleted : HKLM\SOFTWARE\Classes\MTview.wmf
[-] Key Deleted : HKLM\SOFTWARE\Classes\PCMgrRepairIEExtensions
[-] Key Deleted : HKLM\SOFTWARE\Classes\PCSU.Registry
[-] Key Deleted : HKLM\SOFTWARE\Classes\PCSU.Registry.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\PCSU.SysUtils
[-] Key Deleted : HKLM\SOFTWARE\Classes\PCSU.SysUtils.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\qmbfile
[-] Key Deleted : HKLM\SOFTWARE\Classes\QMContextUninstall.QMContextUninstallMenu
[-] Key Deleted : HKLM\SOFTWARE\Classes\QMContextUninstall.QMContextUninstallMenu.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\qmgcfiles
[-] Key Deleted : HKLM\SOFTWARE\Classes\qpakfile
[-] Key Deleted : HKLM\SOFTWARE\Classes\QQPCMgr.qbox
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A8B81847-1462-4756-9D4A-F506BC5361CD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1E9BD312-7C8C-4422-906D-897F6D7714F2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7A30415C-ABEE-4674-B64B-4CA145EEB0CA}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{70DE12EA-79F4-46BC-9812-86DB50A2FD64}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B89F5C49-51DB-4974-AB5A-E25901AA339C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E9B5B0D2-D08A-49FC-8B5C-159B60BAA268}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9FC9D48D-C233-4FAB-99C1-46CE5A3AD105}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{91B5E4DE-4C97-41CD-9F94-84BFAABB7371}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11292110-6F8D-4D56-863C-44902A1E7880}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2A563926-CF4B-4363-A760-F71E46205B7E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{117270FA-48AC-45BB-9171-B63D1B42A910}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{08ACFB57-8187-47F0-AF93-56360D03634A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{29B6CFD5-0064-411A-8C42-9890C83F9921}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8FF10FED-2F0A-4F7F-BE87-B04F1DCD4319}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DC82D15-92F2-11D1-A255-00A0C932C7DF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD20C151-A061-4097-955D-682F317A7035}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B3732AA-F6D4-4F16-9E22-49EDC52C9514}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9FC9D48D-C233-4FAB-99C1-46CE5A3AD105}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8F7D0A5-7074-40B8-9BDC-1174BDD0A132}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D14D64BC-A0E4-42E3-BB72-FB41EA43C198}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DD1F043F-ABC8-4643-8B95-D2C5B22BB019}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F3E8F9-F747-4DD6-BA6B-82A6CE1E0860}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED0B64D4-BF27-4521-AD27-190F49BF5EA7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{023E9EC8-B147-40EB-B0B3-DF90618FB371}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0522D9A4-4D57-437D-978D-E5B3B6C9005D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07F41522-AF7D-4F26-B394-094F059FDB8A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0C40F472-7407-4467-8914-1DEA7C326972}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{212E6D43-6062-492A-B8CC-144669FF11ED}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{224FE662-1E6D-4BC0-AEBB-9E2FB4057BE9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A807417-B46D-4D37-8C9A-19AC6DE204F9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3CC60715-D6C5-429D-830E-43FA3F86C61D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4517D94C-19BA-46FA-BE66-2A30CEAC4A85}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{555D7146-94A8-4C94-AE76-C39CDC7F7705}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59D188FA-757A-424E-8C93-F58FFD896BD7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8120D9D6-785C-4413-9C0C-DF2028C56FAD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{823AE2EB-E62C-4847-B192-C99B91B92416}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9B4F7CFE-987D-410E-A8E4-20182E0B3C24}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9B9A45F4-18FC-484A-BACA-076D78273D8E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A6D54287-7939-466A-8579-92546D946C8C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A78EDAFB-926F-4D93-AB13-8232D7378EB1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C42038D-817A-472C-8C2A-EF46F1DA576D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{873C7DA8-195D-4D5A-B830-C5E2831901EA}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D4801E96-E7A1-45F6-B124-7A36DFB40B81}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{655847A1-FA36-46ED-923B-A5CD523696EA}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EBBC143E-44AC-4B9C-BCCE-9A0E42921F2A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{70891BDB-3BE3-45A9-96B6-184ABA962091}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3157E247-2784-4028-BF0F-52D6DDC70E1B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{35627C7C-DB28-4772-9A6F-7607FFCBF9FF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{445E3964-15B0-472A-95F4-6242DD2EA066}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C049F583-D724-4BAB-8F47-F13BCA41B808}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{29B6CFD5-0064-411A-8C42-9890C83F9921}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{29B6CFD5-0064-411A-8C42-9890C83F9921}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{79F768ED-0B12-42EF-8257-36751A0ECF3A}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved [{11292110-6F8D-4D56-863C-44902A1E7880}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved [{63332668-8CE1-445D-A5EE-25929176714E}]
[-] Key Deleted : HKCU\Software\APN PIP
[-] Key Deleted : HKCU\Software\DAILYPCCLEAN
[-] Key Deleted : HKCU\Software\Microsoft\Tinstalls
[-] Key Deleted : HKCU\Software\Speedchecker Limited
[-] Key Deleted : HKCU\Software\tstamptoken
[-] Key Deleted : HKCU\Software\WEBAPP
[-] Key Deleted : HKCU\Software\YTDownloader
[-] Key Deleted : HKCU\Software\STA
[-] Key Deleted : HKCU\Software\MICROSOFT\IDSC
[-] Key Deleted : HKCU\Software\INSTALLPATH\STATUS
[-] Key Deleted : HKCU\Software\winmnt
[-] Key Deleted : HKCU\Software\Classes\Software\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}
[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\shopperz
[-] Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Key Deleted : HKLM\SOFTWARE\CompeteInc
[-] Key Deleted : HKLM\SOFTWARE\SmartDNS
[-] Key Deleted : HKLM\SOFTWARE\Speedchecker Limited
[-] Key Deleted : HKLM\SOFTWARE\Tutorials
[-] Key Deleted : HKLM\SOFTWARE\YTDownloader
[-] Key Deleted : HKLM\SOFTWARE\DataHelper
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C42C5197-0EE9-4940-893B-F4EF047DFF0F}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SU
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{730E03E4-350E-48E5-9D3E-4329903D454D}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Ebonmedia
[-] Key Deleted : [x64] HKLM\SOFTWARE\Speedchecker Limited
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\Compete
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\4E30E037E0535E84D9E3349209D354D4
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\blu-ray-player-for-windows.en.softonic.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\st.chatango.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\veohb.net
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SCService


***** [ Web browsers ] *****


[-] [C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : jlcgehabolcakkjhgmgpkagpolbjlhfa


*************************


:: "Tracing" keys deleted
:: Winsock settings cleared


*************************


C:\AdwCleaner\AdwCleaner
Danger

.txt - [15297 bytes] - [02/08/2016 09:47:47]
C:\AdwCleaner\AdwCleaner[C3].txt - [11085 bytes] - [11/09/2015 00:41:53]
C:\AdwCleaner\AdwCleaner[R0].txt - [5952 bytes] - [04/08/2015 22:26:04]
C:\AdwCleaner\AdwCleaner[R1].txt - [1207 bytes] - [05/08/2015 00:13:50]
C:\AdwCleaner\AdwCleaner[S0].txt - [5466 bytes] - [04/08/2015 22:27:54]
C:\AdwCleaner\AdwCleaner[S1].txt - [17722 bytes] - [05/08/2015 00:15:10]
C:\AdwCleaner\AdwCleaner[S3].txt - [10186 bytes] - [11/09/2015 00:40:41]


########## EOF - C:\AdwCleaner\AdwCleaner

Danger

.txt - [15812 bytes] ##########

JRT log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 10 Pro x64
Ran by Jeremy (Administrator) on Tue 08/02/2016 at 9:56:17.72
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~








File System: 0








Registry: 2


Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} (Registry Key)








~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 08/02/2016 at 9:58:16.51
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 
OK, let's focus on your activation issues. Did your machine come with Windows 7 OEM pre-installed or was it a Retail copy of Windows 7 that was installed? What version of Windows 7 was it (i.e. Home, Professional).
 
It's a refurbished former business machine, which came with Win 7 Pro installed.
There is a license key sticker on it with the license key for the Win 7 Pro for refurbished machines product.
(There's also the license key sticker from its original manufacture, marked as no longer valid because of the refurbishing.)
The Win 10 installation did not prompt for a license key, so it must have found a valid Win 7 Pro installation.
(This was true both times -- the initial install-from-media that I did, and the one you had me redo with HitmanPro Alert uninstalled.)

One thought: is it possible that something destroyed the certificates or encryption keys necessary for a Windows machine to talk to the Windows Update servers?
However, I would not expect the errors I am seeing (0xD00000272 for validation, 0x80072EFD for BITS) in that case -- those appear to be connectivity related errors.
(Unless Windows activation and Windows Update return those errors to unauthorized clients so as not to reveal that the credentials failed authorization?)

The possibility that this really is a connectivity problem leads to a second thought: is it possible that there are remnants of connectivity settings for a phony Windows Update server or proxy still on the machine?
 
There is a license key sticker on it with the license key for the Win 7 Pro for refurbished machines product.
Click to expand...

I wasn't aware that the refurbished keys were eligible for a Windows 10 upgrade? I think the first step is for you to contact Microsoft and get your machine activated or confirm if it qualifies or not.

To start Product Activation:

  • Go to Start, then select Settings, choose Update & security, and then select Activation.
  • If your device is not activated, the Activate by phone option will be available.


Let me know how it goes and what they say.
 
You must log in or register to reply here.

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top