TechSpot

Computer running sluggish

By NorGitram
Oct 21, 2015
  1. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-10-2015 01
    Ran by Rena (administrator) on RENA-PC (21-10-2015 17:13:49)
    Running from C:\Users\Rena\Desktop
    Loaded Profiles: Rena (Available Profiles: Rena & DefaultAppPool)
    Platform: Windows 10 Home (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    (LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (Microsoft Corporation) C:\Windows\System32\mqsvc.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    (Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
    (Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    (Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
    (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    () C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
    (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
    (Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
    (Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8492800 2015-06-24] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor)
    HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe
    HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe
    HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe
    HKLM\...\Run: [RtkOSD] => C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe [995840 2010-01-12] (Realtek Semiconductor Corp.)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-07-17] (Synaptics Incorporated)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-23] (Apple Inc.)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
    HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
    HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-02-15] (Samsung Electronics Co., Ltd.)
    HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [586296 2010-11-09] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
    HKU\S-1-5-21-3992802703-709660175-4188682519-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2010-02-22] (Hewlett-Packard Company)
    HKU\S-1-5-21-3992802703-709660175-4188682519-1000\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard)
    HKU\S-1-5-21-3992802703-709660175-4188682519-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564992 2014-02-15] (Samsung)
    HKU\S-1-5-21-3992802703-709660175-4188682519-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-01-22] (Google Inc.)
    HKU\S-1-5-21-3992802703-709660175-4188682519-1000\...\Run: [Google Update] => C:\Users\Rena\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.)
    HKU\S-1-5-21-3992802703-709660175-4188682519-1000\...\Run: [Dropbox Update] => C:\Users\Rena\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-25] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File
    ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File
    ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File
    ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File
    ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rena\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rena\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rena\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2014-11-23]
    ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{2fa37fa0-bda4-4a53-bcf9-27a325f26a3d}: [DhcpNameServer] 97.64.168.12 97.64.183.165
    Tcpip\..\Interfaces\{3321d445-571f-48b1-a5d9-57f6a8c5ef3d}: [DhcpNameServer] 192.168.0.1

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-3992802703-709660175-4188682519-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-3992802703-709660175-4188682519-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://www.google.com/?gws_rd=ssl
    SearchScopes: HKLM -> {1901F8C0-9737-4C34-A329-752B9D54F2BA} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> {1901F8C0-9737-4C34-A329-752B9D54F2BA} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-3992802703-709660175-4188682519-1000 -> {1901F8C0-9737-4C34-A329-752B9D54F2BA} URL =
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-23] (Google Inc.)
    BHO: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files\WOT\WOT.dll [2013-09-02] ()
    BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
    BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-06-30] (Hewlett-Packard Co.)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-10-20] (Oracle Corporation)
    BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-23] (Google Inc.)
    BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll [2009-07-16] (Microsoft Corp.)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-20] (Oracle Corporation)
    BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
    BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-06-30] (Hewlett-Packard Co.)
    Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2013-09-02] ()
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-23] (Google Inc.)
    Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll [2009-07-16] (Microsoft Corp.)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-23] (Google Inc.)
    Toolbar: HKU\S-1-5-21-3992802703-709660175-4188682519-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-23] (Google Inc.)
    DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
    Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
    Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
    Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll [2013-09-02] ()
    Handler-x32: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll [2013-09-02] ()

    FireFox:
    ========
    FF ProfilePath: C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\2xzp95lq.default
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-16] ()
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-16] ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1219160.dll [2015-07-23] (Adobe Systems, Inc.)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
    FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-08-26] (Google, Inc.)
    FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-20] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-20] (Oracle Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-3992802703-709660175-4188682519-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Rena\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
    FF Plugin HKU\S-1-5-21-3992802703-709660175-4188682519-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Rena\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
    FF Plugin HKU\S-1-5-21-3992802703-709660175-4188682519-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Rena\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-11-25] (Unity Technologies ApS)
    FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-03-24] [not signed]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
    R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-02-22] (Hewlett-Packard Company) [File not signed]
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
    R2 MSMQ; C:\Windows\system32\mqsvc.exe [26112 2015-07-29] (Microsoft Corporation)
    U2 OneSyncSvc_Session23; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
    U2 OneSyncSvc_Session23; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
    U3 PimIndexMaintenanceSvc_Session23; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
    U3 PimIndexMaintenanceSvc_Session23; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
    R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-06] ()
    R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [303360 2015-06-24] (Realtek Semiconductor)
    R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
    R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
    R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-07-17] (Synaptics Incorporated)
    U3 UnistoreSvc_Session23; C:\WINDOWS\System32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
    U3 UnistoreSvc_Session23; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
    U3 UserDataSvc_Session23; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
    U3 UserDataSvc_Session23; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
    S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [84480 2015-07-29] (Microsoft Corporation)
    R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [578560 2015-07-29] (Microsoft Corporation)
    R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
    R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2015-10-21] (Malwarebytes)
    R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
    R3 MQAC; C:\Windows\System32\drivers\mqac.sys [175104 2015-07-29] (Microsoft Corporation)
    R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
    R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek )
    R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-07-17] (Synaptics Incorporated)
    S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
    S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
    R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
    R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
    U3 idsvc; no ImagePath
    S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
    U3 wpcsvc; no ImagePath

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-10-21 17:13 - 2015-10-21 17:15 - 00020945 _____ C:\Users\Rena\Desktop\FRST.txt
    2015-10-21 17:13 - 2015-10-21 17:13 - 00000000 ____D C:\FRST
    2015-10-21 17:07 - 2015-10-21 17:13 - 02196480 _____ (Farbar) C:\Users\Rena\Desktop\FRST64.exe
    2015-10-21 17:02 - 2015-10-21 17:02 - 00016148 _____ C:\WINDOWS\system32\RENA-PC_Rena_HistoryPrediction.bin
    2015-10-18 17:27 - 2015-10-10 01:40 - 21875712 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2015-10-18 17:27 - 2015-10-10 01:07 - 18806272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2015-10-18 17:27 - 2015-10-05 22:03 - 16708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
    2015-10-18 17:27 - 2015-10-05 21:46 - 13027840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
    2015-10-18 17:27 - 2015-09-30 23:00 - 08020320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2015-10-18 17:27 - 2015-09-24 23:01 - 02573768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
    2015-10-18 17:27 - 2015-09-24 22:56 - 22322624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
    2015-10-18 17:27 - 2015-09-24 22:33 - 01997336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
    2015-10-18 17:27 - 2015-09-24 22:26 - 20858360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
    2015-10-18 17:27 - 2015-09-24 22:17 - 24595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2015-10-18 17:27 - 2015-09-24 22:09 - 12504064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2015-10-18 17:27 - 2015-09-24 22:02 - 07523840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2015-10-18 17:27 - 2015-09-24 22:01 - 04792320 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2015-10-18 17:27 - 2015-09-24 22:01 - 03586560 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2015-10-18 17:27 - 2015-09-24 21:48 - 19325952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2015-10-18 17:27 - 2015-09-24 21:38 - 03580416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2015-10-18 17:27 - 2015-09-24 21:36 - 11262976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2015-10-18 17:27 - 2015-09-24 21:36 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2015-10-18 17:26 - 2015-10-10 02:12 - 00078528 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
    2015-10-18 17:26 - 2015-09-30 23:01 - 01294352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
    2015-10-18 17:26 - 2015-09-30 23:01 - 01123400 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
    2015-10-18 17:26 - 2015-09-30 23:01 - 01018568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
    2015-10-18 17:26 - 2015-09-30 23:01 - 00858408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
    2015-10-18 17:26 - 2015-09-30 22:03 - 00757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
    2015-10-18 17:26 - 2015-09-24 23:01 - 00498016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
    2015-10-18 17:26 - 2015-09-24 22:52 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
    2015-10-18 17:26 - 2015-09-24 22:11 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
    2015-10-18 17:26 - 2015-09-24 22:11 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
    2015-10-18 17:26 - 2015-09-24 22:07 - 01276416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
    2015-10-18 17:26 - 2015-09-24 22:04 - 02178560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
    2015-10-18 17:26 - 2015-09-24 22:04 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
    2015-10-18 17:26 - 2015-09-24 22:04 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
    2015-10-18 17:26 - 2015-09-24 22:03 - 00796160 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
    2015-10-18 17:26 - 2015-09-24 22:03 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2015-10-18 17:26 - 2015-09-24 22:02 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
    2015-10-18 17:26 - 2015-09-24 22:02 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
    2015-10-18 17:26 - 2015-09-24 22:02 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
    2015-10-18 17:26 - 2015-09-24 22:00 - 01423872 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
    2015-10-18 17:26 - 2015-09-24 22:00 - 01382400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
    2015-10-18 17:26 - 2015-09-24 22:00 - 00856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
    2015-10-18 17:26 - 2015-09-24 22:00 - 00752640 _____ (Microsoft Corporation)
     
  2. NorGitram

    NorGitram TS Enthusiast Topic Starter Posts: 112

    C:\WINDOWS\system32\AppXDeploymentExtensions.dll
    2015-10-18 17:26 - 2015-09-24 21:59 - 01205248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
    2015-10-18 17:26 - 2015-09-24 21:59 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
    2015-10-18 17:26 - 2015-09-24 21:59 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
    2015-10-18 17:26 - 2015-09-24 21:59 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
    2015-10-18 17:26 - 2015-09-24 21:59 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
    2015-10-18 17:26 - 2015-09-24 21:59 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll
    2015-10-18 17:26 - 2015-09-24 21:58 - 01871360 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
    2015-10-18 17:26 - 2015-09-24 21:47 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
    2015-10-18 17:26 - 2015-09-24 21:47 - 00172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
    2015-10-18 17:26 - 2015-09-24 21:38 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
    2015-10-18 17:26 - 2015-09-24 21:38 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
    2015-10-18 17:26 - 2015-09-24 21:38 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2015-10-18 17:26 - 2015-09-24 21:37 - 00766976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
    2015-10-18 17:26 - 2015-09-24 21:37 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
    2015-10-18 17:26 - 2015-09-24 21:37 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
    2015-10-18 17:26 - 2015-09-24 21:34 - 00928256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
    2015-10-18 17:26 - 2015-09-24 21:34 - 00625152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
    2015-10-18 17:26 - 2015-09-24 21:34 - 00579584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
    2015-10-18 17:26 - 2015-09-24 21:34 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
    2015-10-18 17:26 - 2015-09-24 21:34 - 00525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
    2015-10-18 17:26 - 2015-09-24 21:33 - 00131072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll
    2015-10-18 17:26 - 2015-09-24 21:32 - 01594368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
    2015-10-18 17:26 - 2015-09-24 21:32 - 00466432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
    2015-10-17 15:58 - 2015-10-17 15:58 - 00070214 _____ C:\Users\Rena\Downloads\UserFile
    2015-10-16 13:39 - 2015-10-16 13:39 - 00000000 ____D C:\Users\Rena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
    2015-10-04 07:35 - 2015-10-04 07:35 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
    2015-10-03 03:58 - 2015-10-03 03:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2015-10-03 03:57 - 2015-10-03 03:58 - 00000000 ____D C:\Program Files (x86)\iTunes
    2015-10-03 03:57 - 2015-10-03 03:57 - 00000000 ____D C:\Program Files\iPod
    2015-10-03 03:55 - 2015-10-03 03:55 - 00000000 ____D C:\Program Files\Bonjour
    2015-10-03 03:55 - 2015-10-03 03:55 - 00000000 ____D C:\Program Files (x86)\Bonjour
    2015-10-03 03:54 - 2015-10-03 03:54 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
    2015-10-03 03:54 - 2015-10-03 03:54 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
    2015-10-01 17:40 - 2015-09-17 01:50 - 02464216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
    2015-10-01 17:40 - 2015-09-17 01:50 - 01563392 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
    2015-10-01 17:40 - 2015-09-17 01:50 - 00099664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
    2015-10-01 17:40 - 2015-09-17 01:50 - 00088384 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
    2015-10-01 17:40 - 2015-09-17 01:49 - 06487248 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
    2015-10-01 17:40 - 2015-09-17 01:49 - 01563472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
    2015-10-01 17:40 - 2015-09-17 01:49 - 00894256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Wdf01000.sys
    2015-10-01 17:40 - 2015-09-17 01:49 - 00553808 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
    2015-10-01 17:40 - 2015-09-17 01:48 - 02824248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
    2015-10-01 17:40 - 2015-09-17 01:48 - 02494712 _____ C:\WINDOWS\system32\CoreUIComponents.dll
    2015-10-01 17:40 - 2015-09-17 01:48 - 02432336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
    2015-10-01 17:40 - 2015-09-17 01:48 - 02156400 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
    2015-10-01 17:40 - 2015-09-17 01:48 - 01983824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
    2015-10-01 17:40 - 2015-09-17 01:48 - 00809352 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
    2015-10-01 17:40 - 2015-09-17 01:48 - 00784136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
    2015-10-01 17:40 - 2015-09-17 01:48 - 00584656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
    2015-10-01 17:40 - 2015-09-17 01:48 - 00555768 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
    2015-10-01 17:40 - 2015-09-17 01:48 - 00537080 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
    2015-10-01 17:40 - 2015-09-17 01:48 - 00516448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
    2015-10-01 17:40 - 2015-09-17 01:48 - 00505696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
    2015-10-01 17:40 - 2015-09-17 01:48 - 00476760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
    2015-10-01 17:40 - 2015-09-17 01:48 - 00395088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
    2015-10-01 17:40 - 2015-09-17 01:48 - 00332624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
    2015-10-01 17:40 - 2015-09-17 01:48 - 00243760 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
    2015-10-01 17:40 - 2015-09-17 01:47 - 01397088 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
    2015-10-01 17:40 - 2015-09-17 01:44 - 00781976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
    2015-10-01 17:40 - 2015-09-17 01:43 - 00966416 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
    2015-10-01 17:40 - 2015-09-17 01:37 - 01295712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
    2015-10-01 17:40 - 2015-09-17 01:28 - 05120056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
    2015-10-01 17:40 - 2015-09-17 01:28 - 02154808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
    2015-10-01 17:40 - 2015-09-17 01:28 - 01357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
    2015-10-01 17:40 - 2015-09-17 01:28 - 00441168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
    2015-10-01 17:40 - 2015-09-17 01:28 - 00074880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
    2015-10-01 17:40 - 2015-09-17 01:27 - 01766952 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
    2015-10-01 17:40 - 2015-09-17 01:27 - 00454512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
    2015-10-01 17:40 - 2015-09-17 01:26 - 02446648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
    2015-10-01 17:40 - 2015-09-17 01:26 - 01895568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll
    2015-10-01 17:40 - 2015-09-17 01:26 - 00646672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
    2015-10-01 17:40 - 2015-09-17 01:26 - 00508248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
    2015-10-01 17:40 - 2015-09-17 01:26 - 00434376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
    2015-10-01 17:40 - 2015-09-17 01:26 - 00428128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
    2015-10-01 17:40 - 2015-09-17 01:25 - 00962400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
    2015-10-01 17:40 - 2015-09-17 01:21 - 00658528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
    2015-10-01 17:40 - 2015-09-17 01:20 - 00764416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
    2015-10-01 17:40 - 2015-09-17 01:09 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
    2015-10-01 17:40 - 2015-09-17 01:08 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
    2015-10-01 17:40 - 2015-09-17 01:06 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll
    2015-10-01 17:40 - 2015-09-17 01:06 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
    2015-10-01 17:40 - 2015-09-17 01:06 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
    2015-10-01 17:40 - 2015-09-17 01:05 - 02226688 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
    2015-10-01 17:40 - 2015-09-17 01:05 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
    2015-10-01 17:40 - 2015-09-17 01:04 - 07569408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
    2015-10-01 17:40 - 2015-09-17 01:04 - 00910848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
    2015-10-01 17:40 - 2015-09-17 01:03 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
    2015-10-01 17:40 - 2015-09-17 01:03 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
    2015-10-01 17:40 - 2015-09-17 01:00 - 03248640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
    2015-10-01 17:40 - 2015-09-17 01:00 - 02417664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
    2015-10-01 17:40 - 2015-09-17 01:00 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
    2015-10-01 17:40 - 2015-09-17 01:00 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KeywordDetectorMsftSidAdapter.dll
    2015-10-01 17:40 - 2015-09-17 00:58 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
    2015-10-01 17:40 - 2015-09-17 00:57 - 02228736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
    2015-10-01 17:40 - 2015-09-17 00:57 - 00403456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
    2015-10-01 17:40 - 2015-09-17 00:57 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
    2015-10-01 17:40 - 2015-09-17 00:57 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
    2015-10-01 17:40 - 2015-09-17 00:56 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
    2015-10-01 17:40 - 2015-09-17 00:56 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
    2015-10-01 17:40 - 2015-09-17 00:55 - 02236416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2015-10-01 17:40 - 2015-09-17 00:55 - 01601536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
    2015-10-01 17:40 - 2015-09-17 00:55 - 00671232 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFx02000.dll
    2015-10-01 17:40 - 2015-09-17 00:55 - 00366592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
    2015-10-01 17:40 - 2015-09-17 00:55 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
    2015-10-01 17:40 - 2015-09-17 00:55 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
    2015-10-01 17:40 - 2015-09-17 00:54 - 03781120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
    2015-10-01 17:40 - 2015-09-17 00:54 - 00780288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
    2015-10-01 17:40 - 2015-09-17 00:53 - 07055872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
    2015-10-01 17:40 - 2015-09-17 00:52 - 06572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
    2015-10-01 17:40 - 2015-09-17 00:52 - 01181696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
    2015-10-01 17:40 - 2015-09-17 00:52 - 00591360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
    2015-10-01 17:40 - 2015-09-17 00:52 - 00570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
    2015-10-01 17:40 - 2015-09-17 00:52 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
    2015-10-01 17:40 - 2015-09-17 00:52 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
    2015-10-01 17:40 - 2015-09-17 00:52 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
    2015-10-01 17:40 - 2015-09-17 00:51 - 02660864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
    2015-10-01 17:40 - 2015-09-17 00:51 - 01812480 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
    2015-10-01 17:40 - 2015-09-17 00:51 - 01203712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
    2015-10-01 17:40 - 2015-09-17 00:51 - 01067520 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
    2015-10-01 17:40 - 2015-09-17 00:51 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
    2015-10-01 17:40 - 2015-09-17 00:50 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
    2015-10-01 17:40 - 2015-09-17 00:50 - 00312832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
    2015-10-01 17:40 - 2015-09-17 00:50 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\buttonconverter.sys
    2015-10-01 17:40 - 2015-09-17 00:49 - 02740224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2015-10-01 17:40 - 2015-09-17 00:49 - 01290240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
    2015-10-01 17:40 - 2015-09-17 00:49 - 01010176 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
    2015-10-01 17:40 - 2015-09-17 00:49 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationWiFiAdapter.dll
    2015-10-01 17:40 - 2015-09-17 00:48 - 02093056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
    2015-10-01 17:40 - 2015-09-17 00:48 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
    2015-10-01 17:40 - 2015-09-17 00:48 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
    2015-10-01 17:40 - 2015-09-17 00:48 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
    2015-10-01 17:40 - 2015-09-17 00:48 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
    2015-10-01 17:40 - 2015-09-17 00:48 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
    2015-10-01 17:40 - 2015-09-17 00:47 - 00513536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
    2015-10-01 17:40 - 2015-09-17 00:47 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
    2015-10-01 17:40 - 2015-09-17 00:47 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
    2015-10-01 17:40 - 2015-09-17 00:46 - 00928256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
    2015-10-01 17:40 - 2015-09-17 00:46 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
    2015-10-01 17:40 - 2015-09-17 00:46 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
    2015-10-01 17:40 - 2015-09-17 00:46 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
    2015-10-01 17:40 - 2015-09-17 00:46 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
    2015-10-01 17:40 - 2015-09-17 00:46 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
    2015-10-01 17:40 - 2015-09-17 00:45 - 01331200 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
    2015-10-01 17:40 - 2015-09-17 00:45 - 00869376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
    2015-10-01 17:40 - 2015-09-17 00:45 - 00832512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
    2015-10-01 17:40 - 2015-09-17 00:45 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
    2015-10-01 17:40 - 2015-09-17 00:44 - 01844736 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
    2015-10-01 17:40 - 2015-09-17 00:44 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
    2015-10-01 17:40 - 2015-09-17 00:43 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
    2015-10-01 17:40 - 2015-09-17 00:43 - 00378368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
    2015-10-01 17:40 - 2015-09-17 00:43 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
    2015-10-01 17:40 - 2015-09-17 00:42 - 02646528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
    2015-10-01 17:40 - 2015-09-17 00:41 - 00217088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
    2015-10-01 17:40 - 2015-09-17 00:40 - 06101504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
    2015-10-01 17:40 - 2015-09-17 00:40 - 01918464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
    2015-10-01 17:40 - 2015-09-17 00:40 - 01162240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
    2015-10-01 17:40 - 2015-09-17 00:39 - 00587264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
    2015-10-01 17:40 - 2015-09-17 00:38 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
    2015-10-01 17:40 - 2015-09-17 00:37 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
    2015-10-01 17:40 - 2015-09-17 00:35 - 05079552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
    2015-10-01 17:40 - 2015-09-17 00:35 - 02207232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2015-10-01 17:40 - 2015-09-17 00:35 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
    2015-10-01 17:40 - 2015-09-17 00:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
    2015-10-01 17:40 - 2015-09-17 00:34 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
    2015-10-01 17:40 - 2015-09-17 00:32 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
    2015-10-01 17:40 - 2015-09-17 00:32 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
    2015-10-01 17:40 - 2015-09-17 00:32 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
    2015-10-01 17:40 - 2015-09-17 00:31 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
    2015-10-01 17:40 - 2015-09-17 00:30 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
    2015-10-01 17:40 - 2015-09-17 00:29 - 01104384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
    2015-10-01 17:40 - 2015-09-17 00:29 - 00701952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
    2015-10-01 17:40 - 2015-09-17 00:29 - 00677888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
    2015-10-01 17:40 - 2015-09-17 00:29 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
    2015-10-01 17:40 - 2015-09-17 00:26 - 00899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
    2015-10-01 17:40 - 2015-09-17 00:16 - 00512000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
    2015-10-01 17:40 - 2015-09-12 21:05 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
    2015-10-01 17:40 - 2015-09-12 20:41 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
    2015-10-01 17:39 - 2015-09-19 00:14 - 00102304 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
    2015-10-01 17:39 - 2015-09-17 01:49 - 00501008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
    2015-10-01 17:39 - 2015-09-17 01:48 - 00406864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
    2015-10-01 17:39 - 2015-09-17 01:48 - 00278352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
    2015-10-01 17:39 - 2015-09-17 01:37 - 01168736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
    2015-10-01 17:39 - 2015-09-17 01:28 - 00407608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
    2015-10-01 17:39 - 2015-09-17 01:11 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
    2015-10-01 17:39 - 2015-09-17 01:10 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
    2015-10-01 17:39 - 2015-09-17 01:09 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
    2015-10-01 17:39 - 2015-09-17 01:08 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Speech.Pal.dll
    2015-10-01 17:39 - 2015-09-17 01:08 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
    2015-10-01 17:39 - 2015-09-17 01:04 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
    2015-10-01 17:39 - 2015-09-17 01:03 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
    2015-10-01 17:39 - 2015-09-17 01:03 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
    2015-10-01 17:39 - 2015-09-17 01:03 - 00154624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
    2015-10-01 17:39 - 2015-09-17 01:02 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
    2015-10-01 17:39 - 2015-09-17 01:02 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
    2015-10-01 17:39 - 2015-09-17 00:56 - 00317440 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
    2015-10-01 17:39 - 2015-09-17 00:55 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
    2015-10-01 17:39 - 2015-09-17 00:55 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
    2015-10-01 17:39 - 2015-09-17 00:55 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwancfg.dll
    2015-10-01 17:39 - 2015-09-17 00:54 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
    2015-10-01 17:39 - 2015-09-17 00:52 - 01216512 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcenter.dll
    2015-10-01 17:39 - 2015-09-17 00:52 - 00856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
    2015-10-01 17:39 - 2015-09-17 00:52 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
    2015-10-01 17:39 - 2015-09-17 00:51 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
    2015-10-01 17:39 - 2015-09-17 00:50 - 00421888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
    2015-10-01 17:39 - 2015-09-17 00:50 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPeWiFi.dll
    2015-10-01 17:39 - 2015-09-17 00:50 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPeCell.dll
    2015-10-01 17:39 - 2015-09-17 00:49 - 00439296 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationWebproxy.dll
    2015-10-01 17:39 - 2015-09-17 00:49 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationGeofences.dll
    2015-10-01 17:39 - 2015-09-17 00:49 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
    2015-10-01 17:39 - 2015-09-17 00:49 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationCrowdsource.dll
    2015-10-01 17:39 - 2015-09-17 00:49 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPeIP.dll
    2015-10-01 17:39 - 2015-09-17 00:49 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Speech.Pal.dll
    2015-10-01 17:39 - 2015-09-17 00:46 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
    2015-10-01 17:39 - 2015-09-17 00:46 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncmlhook.dll
    2015-10-01 17:39 - 2015-09-17 00:45 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
    2015-10-01 17:39 - 2015-09-17 00:44 - 00599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
    2015-10-01 17:39 - 2015-09-17 00:44 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncutil.dll
    2015-10-01 17:39 - 2015-09-17 00:43 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
    2015-10-01 17:39 - 2015-09-17 00:39 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
    2015-10-01 17:39 - 2015-09-17 00:36 - 01171456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcenter.dll
    2015-10-01 17:39 - 2015-09-17 00:28 - 00473088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
    2015-09-30 12:32 - 2015-09-30 12:32 - 366087871 _____ C:\WINDOWS\MEMORY.DMP
    2015-09-30 12:32 - 2015-09-30 12:32 - 00277560 _____ C:\WINDOWS\Minidump\093015-22984-01.dmp
    2015-09-30 12:32 - 2015-09-30 12:32 - 00000000 ____D C:\WINDOWS\Minidump
    2015-09-27 09:19 - 2015-09-27 09:19 - 00010240 _____ C:\Users\Rena\Documents\coverlettercurrent.wps

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-10-21 17:06 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\AppReadiness
    2015-10-21 17:03 - 2015-07-29 13:32 - 00006812 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2015-10-21 17:03 - 2015-07-25 12:26 - 00000914 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3992802703-709660175-4188682519-1000UA.job
    2015-10-21 17:03 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\sru
    2015-10-21 17:02 - 2015-07-10 07:22 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
    2015-10-21 17:02 - 2014-11-19 12:16 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2015-10-21 14:25 - 2015-07-30 12:17 - 00004148 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{39A1A474-E8BF-4B8B-BCD5-EF89D272294F}
    2015-10-21 14:25 - 2015-07-18 08:00 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3992802703-709660175-4188682519-1000UA.job
    2015-10-21 14:22 - 2014-01-22 15:46 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2015-10-21 12:48 - 2014-01-22 15:46 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2015-10-21 12:46 - 2013-12-30 18:56 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2015-10-21 12:03 - 2015-02-28 03:03 - 00000000 ____D C:\Users\Rena\AppData\Roaming\Apple Computer
    2015-10-21 11:37 - 2015-07-25 12:26 - 00000862 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3992802703-709660175-4188682519-1000Core.job
    2015-10-20 23:31 - 2015-07-29 13:27 - 00022200 _____ C:\WINDOWS\PFRO.log
    2015-10-20 23:31 - 2015-07-10 07:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2015-10-20 23:31 - 2015-07-10 04:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
    2015-10-20 21:36 - 2015-07-10 05:55 - 00000000 ____D C:\WINDOWS\CbsTemp
    2015-10-20 20:38 - 2014-10-17 13:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2015-10-20 20:37 - 2015-08-22 06:23 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
    2015-10-20 20:37 - 2015-08-22 06:23 - 00000000 ____D C:\Users\Rena\.oracle_jre_usage
    2015-10-20 20:36 - 2015-08-22 06:22 - 00000000 ____D C:\Program Files (x86)\Java
    2015-10-20 09:50 - 2014-08-13 18:07 - 00000000 ____D C:\Users\Rena\AppData\Local\Packages
    2015-10-19 15:09 - 2015-07-10 06:00 - 00000922 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk
    2015-10-19 15:09 - 2014-12-02 06:04 - 00000000 ____D C:\AdwCleaner
    2015-10-18 21:21 - 2015-07-29 13:34 - 00000000 ____D C:\Users\Rena
    2015-10-18 21:17 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
    2015-10-18 17:59 - 2010-03-24 13:28 - 00000000 ____D C:\ProgramData\Microsoft Help
    2015-10-18 17:56 - 2014-08-15 10:06 - 00000000 ____D C:\WINDOWS\system32\MRT
    2015-10-18 17:48 - 2014-08-15 10:06 - 143481208 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2015-10-17 15:52 - 2014-01-20 16:46 - 00003924 _____ C:\Users\Rena\AppData\Roaming\wklnhst.dat
    2015-10-17 15:51 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
    2015-10-17 13:00 - 2014-03-01 08:16 - 00003260 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForRENA-PC$
    2015-10-17 13:00 - 2014-03-01 08:16 - 00000340 _____ C:\WINDOWS\Tasks\HPCeeScheduleForRENA-PC$.job
    2015-10-16 20:59 - 2015-07-10 07:20 - 00023740 _____ C:\WINDOWS\setupact.log
    2015-10-16 13:39 - 2014-03-01 08:44 - 00000000 ____D C:\Users\Rena\AppData\Roaming\Dropbox
    2015-10-16 13:08 - 2014-11-23 06:54 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
    2015-10-16 13:07 - 2014-12-31 10:21 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
    2015-10-16 12:58 - 2015-02-18 11:33 - 00001171 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-10-16 12:58 - 2014-11-19 12:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-10-16 12:58 - 2014-11-19 12:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-10-15 22:10 - 2015-07-10 06:06 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2015-10-15 22:10 - 2015-07-10 06:06 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2015-10-09 07:01 - 2015-02-28 03:03 - 00000000 ____D C:\Users\Rena\AppData\Local\Apple Computer
    2015-10-09 06:52 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
    2015-10-08 14:04 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\NDF
    2015-10-07 02:25 - 2015-07-18 08:00 - 00000868 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3992802703-709660175-4188682519-1000Core.job
    2015-10-05 09:50 - 2014-11-19 12:16 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
    2015-10-05 09:50 - 2014-11-19 12:16 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
    2015-10-05 09:50 - 2014-11-19 12:16 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
    2015-10-04 07:37 - 2014-07-06 14:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
    2015-10-03 11:33 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\rescache
    2015-10-03 03:58 - 2015-02-28 03:02 - 00000000 ____D C:\Program Files\iTunes
    2015-10-03 03:57 - 2015-02-28 02:59 - 00000000 ____D C:\Program Files\Common Files\Apple
    2015-10-03 03:54 - 2015-02-28 03:00 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
    2015-10-02 14:46 - 2015-07-10 06:04 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
    2015-10-02 14:46 - 2015-07-10 06:04 - 00000000 ___SD C:\WINDOWS\system32\F12
    2015-10-02 14:46 - 2015-07-10 06:04 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
    2015-10-02 14:46 - 2015-07-10 06:04 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
    2015-10-02 14:46 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
    2015-10-02 14:46 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
    2015-10-02 14:46 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\Provisioning
    2015-10-02 14:46 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\L2Schemas
    2015-10-02 08:51 - 2014-01-18 20:35 - 00000052 _____ C:\WINDOWS\SysWOW64\DOErrors.log
    2015-10-01 05:17 - 2015-07-29 14:11 - 00002368 _____ C:\Users\Rena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2015-10-01 05:17 - 2015-07-29 14:11 - 00000000 ___RD C:\Users\Rena\OneDrive
    2015-09-30 18:24 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\LiveKernelReports
    2015-09-29 06:35 - 2015-07-10 07:20 - 00276824 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2015-09-29 06:30 - 2015-07-10 08:14 - 00000000 ____D C:\Program Files\Windows Journal
    2015-09-29 06:28 - 2014-12-21 04:47 - 00000344 _____ C:\WINDOWS\Tasks\HPCeeScheduleForRena.job
    2015-09-27 07:15 - 2014-07-14 08:37 - 00009728 _____ C:\Users\Rena\Documents\cover letter.wps
    2015-09-25 08:21 - 2014-12-21 04:47 - 00003232 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForRena
    2015-09-24 00:45 - 2014-01-22 15:46 - 00000000 ____D C:\Users\Rena\AppData\Local\Google

    ==================== Files in the root of some directories =======

    2014-07-06 15:19 - 2014-11-19 11:43 - 0000153 _____ () C:\Users\Rena\AppData\Roaming\WB.CFG
    2014-01-20 16:46 - 2015-10-17 15:52 - 0003924 _____ () C:\Users\Rena\AppData\Roaming\wklnhst.dat
    2014-08-02 13:48 - 2014-08-02 13:48 - 0003584 _____ () C:\Users\Rena\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2013-12-30 01:47 - 2015-10-21 14:22 - 0000191 _____ () C:\ProgramData\HPWALog.txt
    2010-03-24 03:29 - 2010-03-24 03:29 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
    2010-03-24 14:30 - 2010-03-24 14:30 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
    2010-03-24 03:28 - 2010-03-24 03:28 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
    2010-03-24 14:24 - 2010-03-24 14:25 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
    2010-03-24 03:28 - 2010-03-24 03:28 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
    2010-03-24 03:29 - 2010-03-24 03:29 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
    2010-03-24 14:24 - 2010-03-24 14:24 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
    2010-03-24 14:25 - 2010-03-24 14:30 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
    2010-03-24 03:29 - 2010-03-24 03:29 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

    Some files in TEMP:
    ====================
    C:\Users\Rena\AppData\Local\Temp\jre-8u65-windows-au.exe
    C:\Users\Rena\AppData\Local\Temp\mpgjfx68.dll
    C:\Users\Rena\AppData\Local\Temp\Quarantine.exe
    C:\Users\Rena\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-10-21 08:42

    ==================== End of FRST.txt ============================
     
  3. NorGitram

    NorGitram TS Enthusiast Topic Starter Posts: 112

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:21-10-2015 01
    Ran by Rena (2015-10-21 17:16:08)
    Running from C:\Users\Rena\Desktop
    Windows 10 Home (X64) (2015-07-29 19:04:24)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-3992802703-709660175-4188682519-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-3992802703-709660175-4188682519-503 - Limited - Disabled)
    Guest (S-1-5-21-3992802703-709660175-4188682519-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-3992802703-709660175-4188682519-1002 - Limited - Enabled)
    Rena (S-1-5-21-3992802703-709660175-4188682519-1000 - Administrator - Enabled) => C:\Users\Rena

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.144 - Adobe Systems Incorporated)
    Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
    Adobe Shockwave Player (HKLM-x32\...\{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}) (Version: 11.5.1.601 - Adobe Systems, Inc.)
    Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.9.160 - Adobe Systems, Inc.)
    Apple Application Support (32-bit) (HKLM-x32\...\{A50679D9-6CBD-4FCD-BACB-62EF3894F6F3}) (Version: 4.0.3 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{1F72FDD5-A069-45B4-928F-D0F16492DC69}) (Version: 4.0.3 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
    Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.0 - Atheros)
    Bejeweled 2 Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Blackhawk Striker 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Blasterball 3 (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    Build-a-lot 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Cake Mania (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Chuzzle Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2216 - CyberLink Corp.)
    CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 4.1.3419 - CyberLink Corp.)
    CyberLink PowerDVD 8 (HKLM-x32\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.1.1110 - CyberLink Corp.)
    CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2201 - CyberLink Corp.)
    Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Dora's Carnival Adventure (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Dropbox (HKU\S-1-5-21-3992802703-709660175-4188682519-1000\...\Dropbox) (Version: 3.10.8 - Dropbox, Inc.)
    Escape Rosecliff Island (x32 Version: 2.2.0.82 - WildTangent) Hidden
    ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
    ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
    Faerie Solitaire (x32 Version: 2.2.0.82 - WildTangent) Hidden
    FATE (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
    Google Photos Backup (HKU\S-1-5-21-3992802703-709660175-4188682519-1000\...\Google Photos Backup) (Version: 1.1.1.259 - Google, Inc.)
    Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6904.2028 - Google Inc.)
    Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
    Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
    HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.9512.3162 - Hewlett-Packard)
    HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.80 - WildTangent)
    HP Quick Launch (HKLM-x32\...\{EB58480C-0721-483C-B354-9D35A147999F}) (Version: 2.3.6 - Hewlett-Packard Company)
    HP Setup (HKLM-x32\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard)
    HP Smart Web Printing (HKLM-x32\...\HP Smart Web Printing) (Version: 131.1.35898 - Hewlett-Packard)
    HP Software Framework (HKLM-x32\...\{223E2363-6643-49CB-A062-59A9858EE8EE}) (Version: 3.5.17.1 - Hewlett-Packard Company)
    HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
    HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)
    HP User Guides 0178 (HKLM-x32\...\{9A4317FB-5775-4FB3-BDC9-995595106F1F}) (Version: 1.02.0000 - Hewlett-Packard)
    HP Wireless Assistant (HKLM-x32\...\{54CC7901-804D-4155-B353-21F0CC9112AB}) (Version: 3.50.9.1 - Hewlett-Packard)
    iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
    Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
    Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2086 - Intel Corporation)
    Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
    iTunes (HKLM\...\{96984DE8-1DB8-425C-AC8C-3098BC696F04}) (Version: 12.3.0.44 - Apple Inc.)
    Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
    Jewel Quest 3 (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Jewel Quest Solitaire 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
    LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2215 - CyberLink Corp.)
    LabelPrint (x32 Version: 2.5.2215 - CyberLink Corp.) Hidden
    LightScribe System Software (HKLM-x32\...\{6AFDE3BE-BC01-45A4-9D06-BBF5AD207313}) (Version: 1.18.12.1 - LightScribe)
    LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.98 - LSI Corporation)
    Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
    Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.566.0 - Microsoft Live Search Toolbar)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
    muvee Reveal (HKLM-x32\...\{43BA31BA-04BD-2EA3-0A60-A9C54E06D3F2}) (Version: 7.0.43.11502 - muvee Technologies Pte Ltd)
    Mystery P.I. - The New York Fortune (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Penguins! (x32 Version: 2.2.0.82 - WildTangent) Hidden
    PHD 2 version 2.2.1 (HKLM-x32\...\PHD 2_is1) (Version: 2.2.1 - )
    Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.140.248 - Google, Inc.)
    PictureMover (HKLM-x32\...\{1896E712-2B3D-45eb-BCE9-542742A51032}) (Version: 3.3.1.18 - Hewlett-Packard Company)
    Plants vs. Zombies (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Poker Superstars III (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Polar Bowler (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Polar Golfer (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3415 - CyberLink Corp.)
    Power2Go (x32 Version: 6.0.3415 - CyberLink Corp.) Hidden
    PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3420 - CyberLink Corp.)
    PowerDirector (x32 Version: 7.0.3420 - CyberLink Corp.) Hidden
    QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
    Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.11.1127.2009 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
    Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30105 - Realtek Semiconductor Corp.)
    Recovery Manager (x32 Version: 5.5.2214 - CyberLink Corp.) Hidden
    Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
    Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.)
    Samsung Kies (x32 Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.) Hidden
    SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.33.0 - SAMSUNG Electronics Co., Ltd.)
    Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
    ShopAtHome.com Toolbar (HKU\S-1-5-21-3992802703-709660175-4188682519-1000\...\ShopAtHome.com Toolbar) (Version: 7.10.2.10 - ShopAtHome.com) <==== ATTENTION
    SSAG 4.0 Drivers (HKLM-x32\...\Orion StarShoot Autoguider Drivers (including PH~77786628_is1) (Version: 4.0 - Orion)
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.95 - Synaptics Incorporated)
    TextTwist 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Unity Web Player (HKU\S-1-5-21-3992802703-709660175-4188682519-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    Virtual Families (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Virtual Villagers - The Secret City (x32 Version: 2.2.0.82 - WildTangent) Hidden
    VoiceOver Kit (HKLM\...\{703D47B8-2869-4A50-B988-BDE18772A474}) (Version: 1.43.128.3 - Apple Inc.)
    Wheel of Fortune 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
    Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
    Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
    Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
    WOT for Internet Explorer (HKLM\...\{373B90E1-A28C-434C-92B6-7281AFA6115A}) (Version: 13.9.2.0 - WOT Services Oy)
    Zuma's Revenge (x32 Version: 2.2.0.82 - WildTangent) Hidden

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-3992802703-709660175-4188682519-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Rena\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3992802703-709660175-4188682519-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Rena\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3992802703-709660175-4188682519-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Rena\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-3992802703-709660175-4188682519-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Rena\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-3992802703-709660175-4188682519-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Rena\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3992802703-709660175-4188682519-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
    CustomCLSID: HKU\S-1-5-21-3992802703-709660175-4188682519-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
    CustomCLSID: HKU\S-1-5-21-3992802703-709660175-4188682519-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
    CustomCLSID: HKU\S-1-5-21-3992802703-709660175-4188682519-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
    CustomCLSID: HKU\S-1-5-21-3992802703-709660175-4188682519-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
    CustomCLSID: HKU\S-1-5-21-3992802703-709660175-4188682519-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
    CustomCLSID: HKU\S-1-5-21-3992802703-709660175-4188682519-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
    CustomCLSID: HKU\S-1-5-21-3992802703-709660175-4188682519-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File

    ==================== Restore Points =========================

    02-10-2015 06:56:56 Scheduled Checkpoint
    10-10-2015 09:28:58 Windows Backup
    18-10-2015 17:45:18 Windows Update

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 21:34 - 2014-08-15 09:03 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {00BC7528-DED5-4E4B-B1E4-3DF4C3941CD7} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
    Task: {042FE20A-0ABA-417B-8FEF-5A9FFC1544FF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2015-09-22] (Microsoft)
    Task: {071D6AF5-93B4-4EB0-BEB9-C860F607E658} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
    Task: {0A1BF346-88EA-4C5F-B65E-B6367CCCA35A} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
    Task: {0C9FD0F6-15B5-427D-80D3-CAB7BF0EECB5} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {0F5D7BE0-97F1-43D2-B74C-7C8642266886} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
    Task: {1527C4DA-53F5-4CDC-84F6-A39A52AD9BA5} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
    Task: {1649C22E-B10D-4396-8A4E-D33E63C525B7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
    Task: {1BA543D8-6F00-4EAF-B958-F1C49B786F11} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {1F581872-2E56-43DA-BD40-BB12672D2F45} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
    Task: {2345BBA5-5879-4BC4-A82C-E08CD464EB30} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
    Task: {23A50BD5-C462-4A78-8756-0B3CECE3FC4E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {243BB742-F17E-43B1-9600-F631633AB2B5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {24C76337-5F8C-4550-A5D7-931E11B74B95} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
    Task: {2D2E3815-E1E3-4D7A-ADDA-C55CEFD95E1B} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
    Task: {30C6DE8B-65EE-4076-872D-3CE2CB1002F8} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
    Task: {34B0F8D3-7DA2-41A2-97D5-D409A2EF28AA} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
    Task: {3AF93EB7-ABB0-4DBC-B09A-D986B8A87D54} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3992802703-709660175-4188682519-1000UA => C:\Users\Rena\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
    Task: {4312144E-4AD9-4D94-9171-CF81207474E1} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
    Task: {50CC1035-0C25-4D94-BD47-0FE54A02FACE} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-10-18] (Microsoft Corporation)
    Task: {5345CC65-108F-4B75-8C41-A01618F2B05F} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
    Task: {55F75CD8-D123-498D-A608-1C213E104320} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
    Task: {56505324-9C80-48C3-8A98-59B330AB9CCB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
    Task: {583C55BF-2C3E-4C48-9AD5-4540F2F36921} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {63B9018F-CA54-42B2-9FB6-65F6082653BA} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
    Task: {64184870-BE68-4CD6-8663-F59DA16513A9} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {678A6707-169C-435C-9352-3DFF8ECDD233} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3992802703-709660175-4188682519-1000UA => C:\Users\Rena\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-07-25] (Dropbox, Inc.)
    Task: {6CB1C3EA-08B1-4FAE-8E82-2E47A3C34BC9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
    Task: {72DD56C8-4708-4AD6-891E-85C5BA751D6A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {76155563-B5FC-4685-9656-F82C765E6938} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
    Task: {786A82A5-4E54-4522-AFEC-9ABA973841AF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {7F8034CB-F870-48FF-9A27-8E5B6D3DAB38} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
    Task: {83C42C14-F063-40DF-8C22-67D1DB2B7F53} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3992802703-709660175-4188682519-1000Core => C:\Users\Rena\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-07-25] (Dropbox, Inc.)
    Task: {8D3116C6-278A-42D9-B16B-C3F78BE9FD7F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
    Task: {8EF0C711-AF4C-4BA1-975F-A7D8C9A7BC88} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-16] (Adobe Systems Incorporated)
    Task: {945F516B-225D-4905-B9C4-CB2D488B0392} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
    Task: {969F4A1F-17BC-413A-8616-A751C4B5290C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-09-29] (Hewlett-Packard)
    Task: {9802F36E-8FB7-40F0-8583-6BD4743AEC16} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
    Task: {9A93946D-3252-4518-A3F1-F0D0B139357E} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {9C5C00B8-BE9E-473F-967E-FB343DF60343} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {A0718309-68B3-4A3C-BD7E-FF74CD5B90ED} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
    Task: {B23BC103-DFD3-497F-8E08-04D3303185A0} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
    Task: {B9EE0286-9D29-4C66-9C51-18ED443FD6AE} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
    Task: {BC50F3D8-4945-45CD-9790-879C2B552B63} - System32\Tasks\HPCeeScheduleForRENA-PC$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
    Task: {CF6D9A3E-859E-4FE0-B824-70640C36EC81} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
    Task: {D00F706C-36B4-4F5C-9270-53BB158F8AFD} - System32\Tasks\HPCeeScheduleForRena => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
    Task: {D231481E-B3B5-4673-B462-0850B0FA30F7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
    Task: {D33F9457-3766-4FA0-B5DF-7EDECCACF31F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {D92B21F8-68BB-45AD-9C2E-3962DC5A636D} - System32\Tasks\{F09E2938-BA9F-4E6C-8593-EC872CA29342} => pcalua.exe -a C:\PROGRA~2\SearchProtect\Main\bin\uninstall.exe -c /S <==== ATTENTION
    Task: {DA0FB318-5E67-4F81-B698-14EC1D1D7AFD} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-07] ()
    Task: {DCE565A5-4AA9-4CEB-99DC-75B4CCB1A122} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
    Task: {F3F90119-C64F-4F63-A221-A0D639632A9D} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
    Task: {F960C79F-936D-4B50-8828-F5FD6AE3B20F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3992802703-709660175-4188682519-1000Core => C:\Users\Rena\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3992802703-709660175-4188682519-1000Core.job => C:\Users\Rena\AppData\Local\Dropbox\Update\DropboxUpdate.exe
    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3992802703-709660175-4188682519-1000UA.job => C:\Users\Rena\AppData\Local\Dropbox\Update\DropboxUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3992802703-709660175-4188682519-1000Core.job => C:\Users\Rena\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3992802703-709660175-4188682519-1000UA.job => C:\Users\Rena\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\HPCeeScheduleForRENA-PC$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
    Task: C:\WINDOWS\Tasks\HPCeeScheduleForRena.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

    ==================== Loaded Modules (Whitelisted) ==============

    2015-07-10 06:00 - 2015-07-10 06:00 - 00028160 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
    2015-07-29 15:17 - 2015-07-29 15:17 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
    2015-02-13 06:20 - 2015-02-13 06:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-09-23 17:47 - 2015-09-23 17:47 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2015-08-19 06:53 - 2015-08-11 04:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
    2010-03-24 14:30 - 2009-07-06 14:20 - 00247152 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    2015-10-01 17:40 - 2015-09-17 01:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
    2015-10-01 17:40 - 2015-09-17 00:43 - 02028544 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RulesService.dll
    2015-10-01 17:39 - 2015-09-17 00:42 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2015-10-01 17:39 - 2015-09-17 00:42 - 00619008 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SignalsManager.dll
    2015-10-01 17:40 - 2015-09-17 01:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
    2015-10-01 17:40 - 2015-09-17 00:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
    2015-07-10 05:59 - 2015-07-10 05:59 - 00143360 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll
    2015-10-01 17:40 - 2015-09-17 00:44 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
    2015-10-01 17:39 - 2015-09-17 00:42 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
    2015-10-01 17:40 - 2015-09-17 00:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
    2015-07-10 06:00 - 2015-07-10 08:14 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
    2009-07-01 17:44 - 2009-07-01 17:44 - 00632888 _____ () C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
    2010-02-22 13:19 - 2010-02-22 13:19 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
    2010-02-22 13:19 - 2010-02-22 13:19 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
    2010-02-22 13:19 - 2010-02-22 13:19 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
    2009-09-29 17:25 - 2009-09-29 17:25 - 00061440 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
    2009-09-29 17:25 - 2009-09-29 17:25 - 00131072 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
    2009-09-29 17:25 - 2009-09-29 17:25 - 00040960 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
    2009-09-29 17:25 - 2009-09-29 17:25 - 00005632 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
    2009-09-29 17:25 - 2009-09-29 17:25 - 00018944 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
    2009-09-29 17:25 - 2009-09-29 17:25 - 00036864 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
    2009-09-29 17:25 - 2009-09-29 17:25 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
    2009-09-29 17:25 - 2009-09-29 17:25 - 00007680 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\Users\Rena\Downloads\resume Rena (1).eml:OECustomProperty
    AlternateDataStreams: C:\Users\Rena\Downloads\resume Rena.eml:OECustomProperty

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3992802703-709660175-4188682519-1000\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg
    DNS Servers: 192.168.0.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3992802703-709660175-4188682519-1000\...\StartupApproved\Run: => "Dropbox Update"
    HKU\S-1-5-21-3992802703-709660175-4188682519-1000\...\StartupApproved\Run: => "KiesPreload"
    HKU\S-1-5-21-3992802703-709660175-4188682519-1000\...\StartupApproved\Run: => "OneDrive"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
    FirewallRules: [UDP Query User{F214B16C-3EED-45CB-8318-DC1F603BDB37}C:\program files (x86)\phdguiding2\phd2.exe] => (Allow) C:\program files (x86)\phdguiding2\phd2.exe
    FirewallRules: [TCP Query User{D34CC04C-8448-4FA8-8F32-C48CE0FD5013}C:\program files (x86)\phdguiding2\phd2.exe] => (Allow) C:\program files (x86)\phdguiding2\phd2.exe
    FirewallRules: [UDP Query User{F882FE46-4394-4A4F-AA4C-3547E6EE170C}C:\users\rena\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\rena\appdata\roaming\dropbox\bin\dropbox.exe
    FirewallRules: [TCP Query User{F4BBC4B3-BC32-4C11-91BA-EBD29891762A}C:\users\rena\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\rena\appdata\roaming\dropbox\bin\dropbox.exe
    FirewallRules: [{63C995B2-35BF-4FF5-8628-4DA88BA060D7}] => (Allow) C:\Program Files (x86)\Bench\Proxy\pwdg.exe
    FirewallRules: [{3F13CB83-6A67-45F7-99D3-3710CC4A4A49}] => (Allow) C:\Program Files (x86)\Bench\Proxy\proc.exe
    FirewallRules: [{E7A2D84A-B588-446C-A83B-D079F87B0D8B}] => (Allow) C:\Users\Rena\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [{AA75F44F-8F6E-47F3-9449-FEA3B3FDECD7}] => (Allow) C:\Users\Rena\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [{A2937BC7-163A-4D13-97A7-81E707FAB960}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD8\PowerDVD8.EXE
    FirewallRules: [{89C9B58B-112C-4192-9CAF-4910910E50E5}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE
    FirewallRules: [{126E4740-E2D9-428A-8324-FA72FC064952}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
    FirewallRules: [{7B0924B8-6B1C-43BE-B022-64A27E3CAB09}] => (Allow) svchost.exe
    FirewallRules: [{5F48C91A-91E7-43F9-9336-8A1BB855B603}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    FirewallRules: [{A1DFE63E-EB30-4B30-B265-F87A8F85B274}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
    FirewallRules: [{6A731958-6E29-47C6-9265-2324881477CA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{1B79A7C8-0F83-42BC-949C-0FD600A0EE22}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{B88AD3EA-54B3-4B29-A357-2799E03EB869}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{280D9745-3E16-4C2E-B121-4CE951C7CB2E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{6FB1377D-0626-47A2-A196-221DA425724F}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [{31E7E955-47C6-429B-A621-CF89F2146884}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (10/21/2015 05:03:47 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
    Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

    Error: (10/21/2015 05:03:47 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
    Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

    Error: (10/21/2015 02:25:26 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
    Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

    Error: (10/21/2015 02:25:26 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
    Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

    Error: (10/21/2015 12:51:48 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RENA-PC)
    Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (10/21/2015 10:25:58 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
    Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

    Error: (10/21/2015 10:25:58 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
    Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

    Error: (10/21/2015 07:48:13 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
    Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

    Error: (10/21/2015 07:48:13 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
    Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

    Error: (10/20/2015 11:36:12 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
    Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.


    System errors:
    =============
    Error: (10/21/2015 02:37:02 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
    Description: 4

    Error: (10/21/2015 12:51:48 PM) (Source: DCOM) (EventID: 10010) (User: RENA-PC)
    Description: CortanaUI.AppXtpp90jhw9p0njjb85kvhxpppgrqfp117.mca

    Error: (10/21/2015 12:51:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The User Data Access_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (10/21/2015 12:51:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The User Data Storage_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (10/21/2015 12:51:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Contact Data_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (10/21/2015 12:51:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Sync Host_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (10/21/2015 09:18:57 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
    Description: 4

    Error: (10/21/2015 07:47:48 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

    Error: (10/21/2015 12:23:36 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
    Description: 4

    Error: (10/20/2015 11:32:34 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
    Description: 4


    CodeIntegrity:
    ===================================
    Date: 2015-10-21 17:15:38.963
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-10-21 17:15:38.900
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-10-21 17:09:45.066
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-10-21 17:09:45.014
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-10-21 12:46:26.609
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-10-21 12:46:26.579
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-10-21 12:46:26.550
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-10-21 12:46:18.685
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-10-21 12:46:18.656
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-10-21 12:46:12.732
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


    ==================== Memory info ===========================

    Processor: Pentium(R) Dual-Core CPU T4500 @ 2.30GHz
    Percentage of memory in use: 65%
    Total physical RAM: 3002.92 MB
    Available physical RAM: 1036.31 MB
    Total Virtual: 6074.92 MB
    Available Virtual: 3821.65 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:283.76 GB) (Free:221.95 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive d: (RECOVERY) (Fixed) (Total:14.03 GB) (Free:2.3 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive e: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 298.1 GB) (Disk ID: 79120785)
    Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=283.8 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=14 GB) - (Type=07 NTFS)
    Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

    ==================== End of Addition.txt ============================
     
  4. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===================================

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2
    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
    [​IMG] Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
    NOTE. If you already have MBAM 2.0 installed scroll down.
    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    If you already have MBAM 2.0 installed:
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    How to get logs:
    (Export log to save as txt)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • Attach that saved log to your next reply.
    (Copy to clipboard for pasting into forum replies or tickets)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.
    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
  5. NorGitram

    NorGitram TS Enthusiast Topic Starter Posts: 112

    RogueKiller V10.11.2.0 [Oct 20 2015] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/software/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 10 (10.0.10240) 64 bits version
    Started in : Normal mode
    User : Rena [Administrator]
    Started from : C:\Users\Rena\Desktop\RogueKiller.exe
    Mode : Delete -- Date : 10/22/2015 04:03:05

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 0 ¤¤¤

    ¤¤¤ Tasks : 1 ¤¤¤
    [Suspicious.Path] \Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan -- c:\Program Files\Microsoft Security Client\MpCmdRun.exe (Scan -ScheduleJob -RestrictPrivileges) -> Not selected

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: Hitachi HTS725032A9A364 +++++
    --- User ---
    [MBR] d258270596fb602979e38852f40e2ab4
    [BSP] d19a37407bae7e655e714cb1e422dea4 : HP|VT.Unknown MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 290575 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 595507200 | Size: 14366 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    3 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 624928768 | Size: 103 MB
    User = LL1 ... OK
    User = LL2 ... OK

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 10/22/2015
    Scan Time: 5:00 AM
    Logfile: Malwarebytes.txt
    Administrator: Yes

    Version: 2.2.0.1024
    Malware Database: v2015.10.22.02
    Rootkit Database: v2015.10.16.01
    License: Premium
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows 10
    CPU: x64
    File System: NTFS
    User: Rena

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 441861
    Time Elapsed: 27 min, 58 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)

    # AdwCleaner v5.014 - Logfile created 22/10/2015 at 05:43:45
    # Updated 18/10/2015 by Xplode
    # Database : 2015-10-18.5 [Server]
    # Operating system : Windows 10 Home (x64)
    # Username : Rena - RENA-PC
    # Running from : C:\Users\Rena\Desktop\adwcleaner_5.014.exe
    # Option : Cleaning
    # Support : http://toolslib.net/forum

    ***** [ Services ] *****


    ***** [ Folders ] *****

    [-] Folder Deleted : C:\Program Files (x86)\rrealedeaal
    [-] Folder Deleted : C:\Program Files (x86)\sAivEEr bOx
    [-] Folder Deleted : C:\Program Files (x86)\suorfkeepiT
    [-] Folder Deleted : C:\Users\Rena\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gngleajibakognjajnljegplgcedafke
    [!] Folder Not Deleted : C:\Users\Rena\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gngleajibakognjajnljegplgcedafke
    [-] Folder Deleted : C:\Users\Rena\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mnanplinmmnjhobaliikmelmmjpoogkb
    [-] Folder Deleted : C:\Users\Rena\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gngleajibakognjajnljegplgcedafke
    [!] Folder Not Deleted : C:\Users\Rena\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gngleajibakognjajnljegplgcedafke
    [-] Folder Deleted : C:\Users\Rena\AppData\LocalLow\HPAppData

    ***** [ Files ] *****


    ***** [ DLLs ] *****


    ***** [ Shortcuts ] *****


    ***** [ Scheduled tasks ] *****


    ***** [ Registry ] *****

    [-] Key Deleted : HKLM\SOFTWARE\34167168-7e9d-4bd0-a485-ec1234137581
    [-] Key Deleted : HKCU\Software\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
    [-] Key Deleted : HKCU\Software\Classes\CLSID\{08613A51-6E3E-43CC-9ECF-DD58B5837341}
    [-] Key Deleted : HKCU\Software\Classes\CLSID\{153EDC41-A2CC-4BEB-9EC8-008242389E50}
    [-] Key Deleted : HKCU\Software\Classes\CLSID\{188028B8-D91D-4BE2-BABA-68E32BDE4420}
    [-] Key Deleted : HKCU\Software\Classes\CLSID\{28E74F15-18C2-465E-B545-6CC738121C68}
    [-] Key Deleted : HKCU\Software\Classes\CLSID\{2BF6042B-B9B1-46D9-A3F8-9C987FADD4C6}
    [-] Key Deleted : HKCU\Software\Classes\CLSID\{40A222E2-93B1-45F9-9B07-0D1160A31A6C}
    [-] Key Deleted : HKCU\Software\Classes\CLSID\{6325A84C-E746-4007-A9C5-E4C1A50ED61F}
    [-] Key Deleted : HKCU\Software\Classes\CLSID\{9BCA87A0-5B8F-4500-A5AF-EA1279714FDF}
    [-] Key Deleted : HKCU\Software\Classes\CLSID\{BB17DE65-B548-48C2-AC73-1FD1996C7261}
    [-] Key Deleted : HKCU\Software\Classes\CLSID\{C77D3EEF-FDCA-4D37-B0D2-5FF650E07825}
    [-] Key Deleted : HKCU\Software\Classes\CLSID\{EA70EB31-CBAD-4862-AFDA-DCFCC32722ED}
    [-] Key Deleted : HKCU\Software\Classes\CLSID\{EC9100F8-5918-4F1B-9CC1-4D34A64E0FE0}
    [-] Key Deleted : HKCU\Software\Classes\CLSID\{F1A1ABE3-F454-4DD9-B520-01F2EEC5F0DD}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{06A16622-19D9-47E8-9FEC-6CA8CF275BD7}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{0B41B972-09C0-4406-B15C-0310E138F2F1}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{398035F8-0621-4534-AEF6-B5592A68F6D8}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{529B4045-715C-46E7-BC81-81E3AAEC9060}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0676B02-1367-4651-88C0-28DCC456365F}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B7B60F9D-F1E4-4694-9A40-1538EA07A795}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{BCF02409-9333-44E7-96E8-01890EA9D58E}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CC748B11-E10D-4C87-9A24-93E429FDD1FD}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FFED91AD-6369-48F5-B351-2A42D09CB27C}
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{89449F37-4AB2-46ED-A566-BB3A7797701B}
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F509ADC2-B40E-470F-A7B7-45191486B5CB}
    [-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}]
    [-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{8E56A02B-46FE-4490-B169-F16E5231533B}]
    [-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
    [!] Key Not Deleted : HKU\.DEFAULT\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
    [-] Key Deleted : HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
    [!] Key Not Deleted : HKU\S-1-5-18\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}

    ***** [ Web browsers ] *****


    *************************

    :: Winsock settings cleared

    ########## EOF - C:\AdwCleaner\AdwCleaner[C4].txt - [4708 bytes] ##########

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 7.6.4 (09.28.2015:1)
    OS: Windows 10 Home x64
    Ran by Rena on Thu 10/22/2015 at 5:49:36.70
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Tasks



    ~~~ Registry Values

    Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Thu 10/22/2015 at 5:53:47.47
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  6. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Make sure you checkmark Addition.txt box.
    • Press Scan button.
    • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
     
  7. NorGitram

    NorGitram TS Enthusiast Topic Starter Posts: 112

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-10-2015 01
    Ran by Rena (administrator) on RENA-PC (23-10-2015 04:25:49)
    Running from C:\Users\Rena\Desktop
    Loaded Profiles: Rena (Available Profiles: Rena & DefaultAppPool)
    Platform: Windows 10 Home (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
    (Microsoft Corporation) C:\Windows\System32\mqsvc.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    (Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
    (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    () C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\ielowutil.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6310.42251.0_x64__8wekyb3d8bbwe\HxTsr.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\ActionUriServer.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8492800 2015-06-24] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor)
    HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe
    HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe
    HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe
    HKLM\...\Run: [RtkOSD] => C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe [995840 2010-01-12] (Realtek Semiconductor Corp.)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-07-17] (Synaptics Incorporated)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-23] (Apple Inc.)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
    HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
    HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-02-15] (Samsung Electronics Co., Ltd.)
    HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [586296 2010-11-09] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
    HKU\S-1-5-21-3992802703-709660175-4188682519-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2010-02-22] (Hewlett-Packard Company)
    HKU\S-1-5-21-3992802703-709660175-4188682519-1000\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard)
    HKU\S-1-5-21-3992802703-709660175-4188682519-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564992 2014-02-15] (Samsung)
    HKU\S-1-5-21-3992802703-709660175-4188682519-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-01-22] (Google Inc.)
    HKU\S-1-5-21-3992802703-709660175-4188682519-1000\...\Run: [Google Update] => C:\Users\Rena\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.)
    HKU\S-1-5-21-3992802703-709660175-4188682519-1000\...\Run: [Dropbox Update] => C:\Users\Rena\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-25] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File
    ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File
    ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File
    ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File
    ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rena\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rena\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rena\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2014-11-23]
    ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{2fa37fa0-bda4-4a53-bcf9-27a325f26a3d}: [DhcpNameServer] 97.64.168.12 97.64.183.165
    Tcpip\..\Interfaces\{3321d445-571f-48b1-a5d9-57f6a8c5ef3d}: [DhcpNameServer] 192.168.0.1

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-3992802703-709660175-4188682519-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-3992802703-709660175-4188682519-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://www.google.com/?gws_rd=ssl
    SearchScopes: HKLM -> {1901F8C0-9737-4C34-A329-752B9D54F2BA} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> {1901F8C0-9737-4C34-A329-752B9D54F2BA} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-3992802703-709660175-4188682519-1000 -> {1901F8C0-9737-4C34-A329-752B9D54F2BA} URL =
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-23] (Google Inc.)
    BHO: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files\WOT\WOT.dll [2013-09-02] ()
    BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
    BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-06-30] (Hewlett-Packard Co.)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-10-20] (Oracle Corporation)
    BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-23] (Google Inc.)
    BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll [2009-07-16] (Microsoft Corp.)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-20] (Oracle Corporation)
    BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
    BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-06-30] (Hewlett-Packard Co.)
    Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2013-09-02] ()
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-23] (Google Inc.)
    Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll [2009-07-16] (Microsoft Corp.)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-23] (Google Inc.)
    Toolbar: HKU\S-1-5-21-3992802703-709660175-4188682519-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-23] (Google Inc.)
    DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
    Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
    Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
    Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll [2013-09-02] ()
    Handler-x32: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll [2013-09-02] ()

    FireFox:
    ========
    FF ProfilePath: C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\2xzp95lq.default
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-16] ()
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-16] ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1219160.dll [2015-07-23] (Adobe Systems, Inc.)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
    FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-08-26] (Google, Inc.)
    FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-20] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-20] (Oracle Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-3992802703-709660175-4188682519-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Rena\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
    FF Plugin HKU\S-1-5-21-3992802703-709660175-4188682519-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Rena\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
    FF Plugin HKU\S-1-5-21-3992802703-709660175-4188682519-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Rena\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-11-25] (Unity Technologies ApS)
    FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-03-24] [not signed]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
    S2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-02-22] (Hewlett-Packard Company) [File not signed]
    S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
    R2 MSMQ; C:\Windows\system32\mqsvc.exe [26112 2015-07-29] (Microsoft Corporation)
    U2 OneSyncSvc_Session23; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
    U2 OneSyncSvc_Session23; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
    U3 PimIndexMaintenanceSvc_Session23; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
    U3 PimIndexMaintenanceSvc_Session23; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
    S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-06] ()
    S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [303360 2015-06-24] (Realtek Semiconductor)
    S2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
    S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
    S2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-07-17] (Synaptics Incorporated)
    U3 UnistoreSvc_Session23; C:\WINDOWS\System32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
    U3 UnistoreSvc_Session23; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
    U3 UserDataSvc_Session23; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
    U3 UserDataSvc_Session23; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
    S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [84480 2015-07-29] (Microsoft Corporation)
    R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [578560 2015-07-29] (Microsoft Corporation)
    R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
    R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2015-10-22] (Malwarebytes)
    R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
    R3 MQAC; C:\Windows\System32\drivers\mqac.sys [175104 2015-07-29] (Microsoft Corporation)
    R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
    R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek )
    R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-07-17] (Synaptics Incorporated)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-10-22] ()
    S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
    S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
    R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
    R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
    U3 idsvc; no ImagePath
    S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
    U3 wpcsvc; no ImagePath

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-10-23 04:25 - 2015-10-23 04:26 - 00019877 _____ C:\Users\Rena\Desktop\FRST.txt
    2015-10-23 04:23 - 2015-10-23 04:23 - 00016148 _____ C:\WINDOWS\system32\RENA-PC_Rena_HistoryPrediction.bin
    2015-10-22 05:53 - 2015-10-22 05:53 - 00000727 _____ C:\Users\Rena\Desktop\JRT.txt
    2015-10-22 05:47 - 2015-10-22 05:47 - 00004787 _____ C:\Users\Rena\Desktop\AdwCleaner[C4].txt
    2015-10-22 04:57 - 2015-10-22 05:38 - 00001047 _____ C:\Users\Rena\Desktop\Malwarebytes.txt
    2015-10-22 04:03 - 2015-10-22 04:03 - 00003186 _____ C:\Users\Rena\Desktop\RK.txt
    2015-10-22 03:46 - 2015-10-22 05:49 - 01801288 _____ (Malwarebytes) C:\Users\Rena\Desktop\JRT.exe
    2015-10-22 03:45 - 2015-10-22 05:40 - 01691648 _____ C:\Users\Rena\Desktop\adwcleaner_5.014.exe
    2015-10-22 03:43 - 2015-10-22 03:47 - 18838088 _____ C:\Users\Rena\Desktop\RogueKiller.exe
    2015-10-21 17:13 - 2015-10-23 04:25 - 00000000 ____D C:\FRST
    2015-10-21 17:07 - 2015-10-21 17:13 - 02196480 _____ (Farbar) C:\Users\Rena\Desktop\FRST64.exe
    2015-10-18 17:27 - 2015-10-10 01:40 - 21875712 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2015-10-18 17:27 - 2015-10-10 01:07 - 18806272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2015-10-18 17:27 - 2015-10-05 22:03 - 16708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
    2015-10-18 17:27 - 2015-10-05 21:46 - 13027840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
    2015-10-18 17:27 - 2015-09-30 23:00 - 08020320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2015-10-18 17:27 - 2015-09-24 23:01 - 02573768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
    2015-10-18 17:27 - 2015-09-24 22:56 - 22322624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
    2015-10-18 17:27 - 2015-09-24 22:33 - 01997336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
    2015-10-18 17:27 - 2015-09-24 22:26 - 20858360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
    2015-10-18 17:27 - 2015-09-24 22:17 - 24595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2015-10-18 17:27 - 2015-09-24 22:09 - 12504064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2015-10-18 17:27 - 2015-09-24 22:02 - 07523840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2015-10-18 17:27 - 2015-09-24 22:01 - 04792320 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2015-10-18 17:27 - 2015-09-24 22:01 - 03586560 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2015-10-18 17:27 - 2015-09-24 21:48 - 19325952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2015-10-18 17:27 - 2015-09-24 21:38 - 03580416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2015-10-18 17:27 - 2015-09-24 21:36 - 11262976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2015-10-18 17:27 - 2015-09-24 21:36 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2015-10-18 17:26 - 2015-10-10 02:12 - 00078528 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
    2015-10-18 17:26 - 2015-09-30 23:01 - 01294352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
    2015-10-18 17:26 - 2015-09-30 23:01 - 01123400 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
    2015-10-18 17:26 - 2015-09-30 23:01 - 01018568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
    2015-10-18 17:26 - 2015-09-30 23:01 - 00858408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
    2015-10-18 17:26 - 2015-09-30 22:03 - 00757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
    2015-10-18 17:26 - 2015-09-24 23:01 - 00498016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
    2015-10-18 17:26 - 2015-09-24 22:52 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
    2015-10-18 17:26 - 2015-09-24 22:11 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
    2015-10-18 17:26 - 2015-09-24 22:11 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
    2015-10-18 17:26 - 2015-09-24 22:07 - 01276416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
    2015-10-18 17:26 - 2015-09-24 22:04 - 02178560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
    2015-10-18 17:26 - 2015-09-24 22:04 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
    2015-10-18 17:26 - 2015-09-24 22:04 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
    2015-10-18 17:26 - 2015-09-24 22:03 - 00796160 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
    2015-10-18 17:26 - 2015-09-24 22:03 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2015-10-18 17:26 - 2015-09-24 22:02 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
    2015-10-18 17:26 - 2015-09-24 22:02 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
    2015-10-18 17:26 - 2015-09-24 22:02 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
    2015-10-18 17:26 - 2015-09-24 22:00 - 01423872 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
    2015-10-18 17:26 - 2015-09-24 22:00 - 01382400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
    2015-10-18 17:26 - 2015-09-24 22:00 - 00856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
    2015-10-18 17:26 - 2015-09-24 22:00 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
    2015-10-18 17:26 - 2015-09-24 21:59 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
    2015-10-18 17:26 - 2015-09-24 21:59 - 01205248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
    2015-10-18 17:26 - 2015-09-24 21:59 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
    2015-10-18 17:26 - 2015-09-24 21:59 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
    2015-10-18 17:26 - 2015-09-24 21:59 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
    2015-10-18 17:26 - 2015-09-24 21:59 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
    2015-10-18 17:26 - 2015-09-24 21:59 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll
    2015-10-18 17:26 - 2015-09-24 21:58 - 01871360 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
    2015-10-18 17:26 - 2015-09-24 21:47 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
    2015-10-18 17:26 - 2015-09-24 21:47 - 00172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
    2015-10-18 17:26 - 2015-09-24 21:38 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
    2015-10-18 17:26 - 2015-09-24 21:38 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
    2015-10-18 17:26 - 2015-09-24 21:38 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2015-10-18 17:26 - 2015-09-24 21:37 - 00766976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
    2015-10-18 17:26 - 2015-09-24 21:37 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
    2015-10-18 17:26 - 2015-09-24 21:37 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
    2015-10-18 17:26 - 2015-09-24 21:34 - 00928256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
    2015-10-18 17:26 - 2015-09-24 21:34 - 00625152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
    2015-10-18 17:26 - 2015-09-24 21:34 - 00579584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
    2015-10-18 17:26 - 2015-09-24 21:34 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
    2015-10-18 17:26 - 2015-09-24 21:34 - 00525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
    2015-10-18 17:26 - 2015-09-24 21:33 - 00131072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll
    2015-10-18 17:26 - 2015-09-24 21:32 - 01594368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
    2015-10-18 17:26 - 2015-09-24 21:32 - 00466432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
    2015-10-17 15:58 - 2015-10-17 15:58 - 00070214 _____ C:\Users\Rena\Downloads\UserFile
    2015-10-16 13:39 - 2015-10-16 13:39 - 00000000 ____D C:\Users\Rena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
     
  8. NorGitram

    NorGitram TS Enthusiast Topic Starter Posts: 112

    2015-10-04 07:35 - 2015-10-04 07:35 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
    2015-10-03 03:58 - 2015-10-03 03:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2015-10-03 03:57 - 2015-10-03 03:58 - 00000000 ____D C:\Program Files (x86)\iTunes
    2015-10-03 03:57 - 2015-10-03 03:57 - 00000000 ____D C:\Program Files\iPod
    2015-10-03 03:55 - 2015-10-03 03:55 - 00000000 ____D C:\Program Files\Bonjour
    2015-10-03 03:55 - 2015-10-03 03:55 - 00000000 ____D C:\Program Files (x86)\Bonjour
    2015-10-03 03:54 - 2015-10-03 03:54 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
    2015-10-03 03:54 - 2015-10-03 03:54 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
    2015-10-01 17:40 - 2015-09-17 01:50 - 02464216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
    2015-10-01 17:40 - 2015-09-17 01:50 - 01563392 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
    2015-10-01 17:40 - 2015-09-17 01:50 - 00099664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
    2015-10-01 17:40 - 2015-09-17 01:50 - 00088384 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
    2015-10-01 17:40 - 2015-09-17 01:49 - 06487248 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
    2015-10-01 17:40 - 2015-09-17 01:49 - 01563472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
    2015-10-01 17:40 - 2015-09-17 01:49 - 00894256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Wdf01000.sys
    2015-10-01 17:40 - 2015-09-17 01:49 - 00553808 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
    2015-10-01 17:40 - 2015-09-17 01:48 - 02824248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
    2015-10-01 17:40 - 2015-09-17 01:48 - 02494712 _____ C:\WINDOWS\system32\CoreUIComponents.dll
    2015-10-01 17:40 - 2015-09-17 01:48 - 02432336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
    2015-10-01 17:40 - 2015-09-17 01:48 - 02156400 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
    2015-10-01 17:40 - 2015-09-17 01:48 - 01983824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
    2015-10-01 17:40 - 2015-09-17 01:48 - 00809352 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
    2015-10-01 17:40 - 2015-09-17 01:48 - 00784136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
    2015-10-01 17:40 - 2015-09-17 01:48 - 00584656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
    2015-10-01 17:40 - 2015-09-17 01:48 - 00555768 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
    2015-10-01 17:40 - 2015-09-17 01:48 - 00537080 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
    2015-10-01 17:40 - 2015-09-17 01:48 - 00516448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
    2015-10-01 17:40 - 2015-09-17 01:48 - 00505696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
    2015-10-01 17:40 - 2015-09-17 01:48 - 00476760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
    2015-10-01 17:40 - 2015-09-17 01:48 - 00395088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
    2015-10-01 17:40 - 2015-09-17 01:48 - 00332624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
    2015-10-01 17:40 - 2015-09-17 01:48 - 00243760 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
    2015-10-01 17:40 - 2015-09-17 01:47 - 01397088 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
    2015-10-01 17:40 - 2015-09-17 01:44 - 00781976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
    2015-10-01 17:40 - 2015-09-17 01:43 - 00966416 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
    2015-10-01 17:40 - 2015-09-17 01:37 - 01295712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
    2015-10-01 17:40 - 2015-09-17 01:28 - 05120056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
    2015-10-01 17:40 - 2015-09-17 01:28 - 02154808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
    2015-10-01 17:40 - 2015-09-17 01:28 - 01357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
    2015-10-01 17:40 - 2015-09-17 01:28 - 00441168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
    2015-10-01 17:40 - 2015-09-17 01:28 - 00074880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
    2015-10-01 17:40 - 2015-09-17 01:27 - 01766952 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
    2015-10-01 17:40 - 2015-09-17 01:27 - 00454512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
    2015-10-01 17:40 - 2015-09-17 01:26 - 02446648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
    2015-10-01 17:40 - 2015-09-17 01:26 - 01895568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll
    2015-10-01 17:40 - 2015-09-17 01:26 - 00646672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
    2015-10-01 17:40 - 2015-09-17 01:26 - 00508248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
    2015-10-01 17:40 - 2015-09-17 01:26 - 00434376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
    2015-10-01 17:40 - 2015-09-17 01:26 - 00428128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
    2015-10-01 17:40 - 2015-09-17 01:25 - 00962400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
    2015-10-01 17:40 - 2015-09-17 01:21 - 00658528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
    2015-10-01 17:40 - 2015-09-17 01:20 - 00764416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
    2015-10-01 17:40 - 2015-09-17 01:09 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
    2015-10-01 17:40 - 2015-09-17 01:08 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
    2015-10-01 17:40 - 2015-09-17 01:06 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll
    2015-10-01 17:40 - 2015-09-17 01:06 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
    2015-10-01 17:40 - 2015-09-17 01:06 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
    2015-10-01 17:40 - 2015-09-17 01:05 - 02226688 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
    2015-10-01 17:40 - 2015-09-17 01:05 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
    2015-10-01 17:40 - 2015-09-17 01:04 - 07569408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
    2015-10-01 17:40 - 2015-09-17 01:04 - 00910848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
    2015-10-01 17:40 - 2015-09-17 01:03 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
    2015-10-01 17:40 - 2015-09-17 01:03 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
    2015-10-01 17:40 - 2015-09-17 01:00 - 03248640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
    2015-10-01 17:40 - 2015-09-17 01:00 - 02417664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
    2015-10-01 17:40 - 2015-09-17 01:00 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
    2015-10-01 17:40 - 2015-09-17 01:00 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KeywordDetectorMsftSidAdapter.dll
    2015-10-01 17:40 - 2015-09-17 00:58 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
    2015-10-01 17:40 - 2015-09-17 00:57 - 02228736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
    2015-10-01 17:40 - 2015-09-17 00:57 - 00403456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
    2015-10-01 17:40 - 2015-09-17 00:57 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
    2015-10-01 17:40 - 2015-09-17 00:57 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
    2015-10-01 17:40 - 2015-09-17 00:56 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
    2015-10-01 17:40 - 2015-09-17 00:56 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
    2015-10-01 17:40 - 2015-09-17 00:55 - 02236416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2015-10-01 17:40 - 2015-09-17 00:55 - 01601536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
    2015-10-01 17:40 - 2015-09-17 00:55 - 00671232 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFx02000.dll
    2015-10-01 17:40 - 2015-09-17 00:55 - 00366592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
    2015-10-01 17:40 - 2015-09-17 00:55 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
    2015-10-01 17:40 - 2015-09-17 00:55 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
    2015-10-01 17:40 - 2015-09-17 00:54 - 03781120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
    2015-10-01 17:40 - 2015-09-17 00:54 - 00780288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
    2015-10-01 17:40 - 2015-09-17 00:53 - 07055872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
    2015-10-01 17:40 - 2015-09-17 00:52 - 06572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
    2015-10-01 17:40 - 2015-09-17 00:52 - 01181696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
    2015-10-01 17:40 - 2015-09-17 00:52 - 00591360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
    2015-10-01 17:40 - 2015-09-17 00:52 - 00570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
    2015-10-01 17:40 - 2015-09-17 00:52 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
    2015-10-01 17:40 - 2015-09-17 00:52 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
    2015-10-01 17:40 - 2015-09-17 00:52 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
    2015-10-01 17:40 - 2015-09-17 00:51 - 02660864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
    2015-10-01 17:40 - 2015-09-17 00:51 - 01812480 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
    2015-10-01 17:40 - 2015-09-17 00:51 - 01203712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
    2015-10-01 17:40 - 2015-09-17 00:51 - 01067520 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
    2015-10-01 17:40 - 2015-09-17 00:51 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
    2015-10-01 17:40 - 2015-09-17 00:50 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
    2015-10-01 17:40 - 2015-09-17 00:50 - 00312832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
    2015-10-01 17:40 - 2015-09-17 00:50 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\buttonconverter.sys
    2015-10-01 17:40 - 2015-09-17 00:49 - 02740224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2015-10-01 17:40 - 2015-09-17 00:49 - 01290240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
    2015-10-01 17:40 - 2015-09-17 00:49 - 01010176 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
    2015-10-01 17:40 - 2015-09-17 00:49 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationWiFiAdapter.dll
    2015-10-01 17:40 - 2015-09-17 00:48 - 02093056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
    2015-10-01 17:40 - 2015-09-17 00:48 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
    2015-10-01 17:40 - 2015-09-17 00:48 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
    2015-10-01 17:40 - 2015-09-17 00:48 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
    2015-10-01 17:40 - 2015-09-17 00:48 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
    2015-10-01 17:40 - 2015-09-17 00:48 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
    2015-10-01 17:40 - 2015-09-17 00:47 - 00513536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
    2015-10-01 17:40 - 2015-09-17 00:47 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
    2015-10-01 17:40 - 2015-09-17 00:47 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
    2015-10-01 17:40 - 2015-09-17 00:46 - 00928256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
    2015-10-01 17:40 - 2015-09-17 00:46 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
    2015-10-01 17:40 - 2015-09-17 00:46 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
    2015-10-01 17:40 - 2015-09-17 00:46 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
    2015-10-01 17:40 - 2015-09-17 00:46 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
    2015-10-01 17:40 - 2015-09-17 00:46 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
    2015-10-01 17:40 - 2015-09-17 00:45 - 01331200 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
    2015-10-01 17:40 - 2015-09-17 00:45 - 00869376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
    2015-10-01 17:40 - 2015-09-17 00:45 - 00832512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
    2015-10-01 17:40 - 2015-09-17 00:45 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
    2015-10-01 17:40 - 2015-09-17 00:44 - 01844736 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
    2015-10-01 17:40 - 2015-09-17 00:44 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
    2015-10-01 17:40 - 2015-09-17 00:43 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
    2015-10-01 17:40 - 2015-09-17 00:43 - 00378368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
    2015-10-01 17:40 - 2015-09-17 00:43 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
    2015-10-01 17:40 - 2015-09-17 00:42 - 02646528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
    2015-10-01 17:40 - 2015-09-17 00:41 - 00217088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
    2015-10-01 17:40 - 2015-09-17 00:40 - 06101504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
    2015-10-01 17:40 - 2015-09-17 00:40 - 01918464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
    2015-10-01 17:40 - 2015-09-17 00:40 - 01162240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
    2015-10-01 17:40 - 2015-09-17 00:39 - 00587264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
    2015-10-01 17:40 - 2015-09-17 00:38 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
    2015-10-01 17:40 - 2015-09-17 00:37 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
    2015-10-01 17:40 - 2015-09-17 00:35 - 05079552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
    2015-10-01 17:40 - 2015-09-17 00:35 - 02207232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2015-10-01 17:40 - 2015-09-17 00:35 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
    2015-10-01 17:40 - 2015-09-17 00:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
    2015-10-01 17:40 - 2015-09-17 00:34 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
    2015-10-01 17:40 - 2015-09-17 00:32 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
    2015-10-01 17:40 - 2015-09-17 00:32 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
    2015-10-01 17:40 - 2015-09-17 00:32 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
    2015-10-01 17:40 - 2015-09-17 00:31 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
    2015-10-01 17:40 - 2015-09-17 00:30 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
    2015-10-01 17:40 - 2015-09-17 00:29 - 01104384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
    2015-10-01 17:40 - 2015-09-17 00:29 - 00701952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
    2015-10-01 17:40 - 2015-09-17 00:29 - 00677888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
    2015-10-01 17:40 - 2015-09-17 00:29 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
    2015-10-01 17:40 - 2015-09-17 00:26 - 00899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
    2015-10-01 17:40 - 2015-09-17 00:16 - 00512000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
    2015-10-01 17:40 - 2015-09-12 21:05 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
    2015-10-01 17:40 - 2015-09-12 20:41 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
    2015-10-01 17:39 - 2015-09-19 00:14 - 00102304 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
    2015-10-01 17:39 - 2015-09-17 01:49 - 00501008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
    2015-10-01 17:39 - 2015-09-17 01:48 - 00406864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
    2015-10-01 17:39 - 2015-09-17 01:48 - 00278352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
    2015-10-01 17:39 - 2015-09-17 01:37 - 01168736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
    2015-10-01 17:39 - 2015-09-17 01:28 - 00407608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
    2015-10-01 17:39 - 2015-09-17 01:11 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
    2015-10-01 17:39 - 2015-09-17 01:10 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
    2015-10-01 17:39 - 2015-09-17 01:09 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
    2015-10-01 17:39 - 2015-09-17 01:08 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Speech.Pal.dll
    2015-10-01 17:39 - 2015-09-17 01:08 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
    2015-10-01 17:39 - 2015-09-17 01:04 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
    2015-10-01 17:39 - 2015-09-17 01:03 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
    2015-10-01 17:39 - 2015-09-17 01:03 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
    2015-10-01 17:39 - 2015-09-17 01:03 - 00154624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
    2015-10-01 17:39 - 2015-09-17 01:02 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
    2015-10-01 17:39 - 2015-09-17 01:02 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
    2015-10-01 17:39 - 2015-09-17 00:56 - 00317440 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
    2015-10-01 17:39 - 2015-09-17 00:55 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
    2015-10-01 17:39 - 2015-09-17 00:55 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
    2015-10-01 17:39 - 2015-09-17 00:55 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwancfg.dll
    2015-10-01 17:39 - 2015-09-17 00:54 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
    2015-10-01 17:39 - 2015-09-17 00:52 - 01216512 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcenter.dll
    2015-10-01 17:39 - 2015-09-17 00:52 - 00856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
    2015-10-01 17:39 - 2015-09-17 00:52 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
    2015-10-01 17:39 - 2015-09-17 00:51 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
    2015-10-01 17:39 - 2015-09-17 00:50 - 00421888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
    2015-10-01 17:39 - 2015-09-17 00:50 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPeWiFi.dll
    2015-10-01 17:39 - 2015-09-17 00:50 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPeCell.dll
    2015-10-01 17:39 - 2015-09-17 00:49 - 00439296 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationWebproxy.dll
    2015-10-01 17:39 - 2015-09-17 00:49 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationGeofences.dll
    2015-10-01 17:39 - 2015-09-17 00:49 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
    2015-10-01 17:39 - 2015-09-17 00:49 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationCrowdsource.dll
    2015-10-01 17:39 - 2015-09-17 00:49 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPeIP.dll
    2015-10-01 17:39 - 2015-09-17 00:49 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Speech.Pal.dll
    2015-10-01 17:39 - 2015-09-17 00:46 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
    2015-10-01 17:39 - 2015-09-17 00:46 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncmlhook.dll
    2015-10-01 17:39 - 2015-09-17 00:45 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
    2015-10-01 17:39 - 2015-09-17 00:44 - 00599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
    2015-10-01 17:39 - 2015-09-17 00:44 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncutil.dll
    2015-10-01 17:39 - 2015-09-17 00:43 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
    2015-10-01 17:39 - 2015-09-17 00:39 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
    2015-10-01 17:39 - 2015-09-17 00:36 - 01171456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcenter.dll
    2015-10-01 17:39 - 2015-09-17 00:28 - 00473088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
    2015-09-30 12:32 - 2015-09-30 12:32 - 366087871 _____ C:\WINDOWS\MEMORY.DMP
    2015-09-30 12:32 - 2015-09-30 12:32 - 00277560 _____ C:\WINDOWS\Minidump\093015-22984-01.dmp
    2015-09-30 12:32 - 2015-09-30 12:32 - 00000000 ____D C:\WINDOWS\Minidump
    2015-09-27 09:19 - 2015-09-27 09:19 - 00010240 _____ C:\Users\Rena\Documents\coverlettercurrent.wps

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-10-23 04:25 - 2015-07-30 12:17 - 00004148 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{39A1A474-E8BF-4B8B-BCD5-EF89D272294F}
    2015-10-23 04:25 - 2015-07-18 08:00 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3992802703-709660175-4188682519-1000UA.job
    2015-10-23 04:23 - 2014-01-22 15:46 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2015-10-23 04:22 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\sru
    2015-10-22 20:56 - 2015-07-29 13:32 - 00006812 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2015-10-22 20:54 - 2015-07-10 07:22 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
    2015-10-22 18:47 - 2014-01-22 15:46 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2015-10-22 18:46 - 2013-12-30 18:56 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2015-10-22 18:37 - 2015-07-25 12:26 - 00000914 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3992802703-709660175-4188682519-1000UA.job
    2015-10-22 17:30 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\AppReadiness
    2015-10-22 11:37 - 2015-07-25 12:26 - 00000862 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3992802703-709660175-4188682519-1000Core.job
    2015-10-22 05:46 - 2014-11-19 12:16 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2015-10-22 05:44 - 2015-07-10 07:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2015-10-22 05:44 - 2015-07-10 04:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
    2015-10-22 05:43 - 2014-12-02 06:04 - 00000000 ____D C:\AdwCleaner
    2015-10-22 04:04 - 2014-11-19 18:15 - 00000000 ____D C:\ProgramData\RogueKiller
    2015-10-22 03:48 - 2014-11-19 18:15 - 00035064 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
    2015-10-21 12:03 - 2015-02-28 03:03 - 00000000 ____D C:\Users\Rena\AppData\Roaming\Apple Computer
    2015-10-20 23:31 - 2015-07-29 13:27 - 00022200 _____ C:\WINDOWS\PFRO.log
    2015-10-20 21:36 - 2015-07-10 05:55 - 00000000 ____D C:\WINDOWS\CbsTemp
    2015-10-20 20:38 - 2014-10-17 13:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2015-10-20 20:37 - 2015-08-22 06:23 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
    2015-10-20 20:37 - 2015-08-22 06:23 - 00000000 ____D C:\Users\Rena\.oracle_jre_usage
    2015-10-20 20:36 - 2015-08-22 06:22 - 00000000 ____D C:\Program Files (x86)\Java
    2015-10-20 09:50 - 2014-08-13 18:07 - 00000000 ____D C:\Users\Rena\AppData\Local\Packages
    2015-10-19 15:09 - 2015-07-10 06:00 - 00000922 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk
    2015-10-18 21:21 - 2015-07-29 13:34 - 00000000 ____D C:\Users\Rena
    2015-10-18 21:17 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
    2015-10-18 17:59 - 2010-03-24 13:28 - 00000000 ____D C:\ProgramData\Microsoft Help
    2015-10-18 17:56 - 2014-08-15 10:06 - 00000000 ____D C:\WINDOWS\system32\MRT
    2015-10-18 17:48 - 2014-08-15 10:06 - 143481208 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2015-10-17 15:52 - 2014-01-20 16:46 - 00003924 _____ C:\Users\Rena\AppData\Roaming\wklnhst.dat
    2015-10-17 15:51 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
    2015-10-17 13:00 - 2014-03-01 08:16 - 00003260 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForRENA-PC$
    2015-10-17 13:00 - 2014-03-01 08:16 - 00000340 _____ C:\WINDOWS\Tasks\HPCeeScheduleForRENA-PC$.job
    2015-10-16 20:59 - 2015-07-10 07:20 - 00023740 _____ C:\WINDOWS\setupact.log
    2015-10-16 13:39 - 2014-03-01 08:44 - 00000000 ____D C:\Users\Rena\AppData\Roaming\Dropbox
    2015-10-16 13:08 - 2014-11-23 06:54 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
    2015-10-16 13:07 - 2014-12-31 10:21 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
    2015-10-16 12:58 - 2015-02-18 11:33 - 00001171 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-10-16 12:58 - 2014-11-19 12:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-10-16 12:58 - 2014-11-19 12:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-10-15 22:10 - 2015-07-10 06:06 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2015-10-15 22:10 - 2015-07-10 06:06 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2015-10-09 07:01 - 2015-02-28 03:03 - 00000000 ____D C:\Users\Rena\AppData\Local\Apple Computer
    2015-10-09 06:52 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
    2015-10-08 14:04 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\NDF
    2015-10-07 02:25 - 2015-07-18 08:00 - 00000868 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3992802703-709660175-4188682519-1000Core.job
    2015-10-05 09:50 - 2014-11-19 12:16 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
    2015-10-05 09:50 - 2014-11-19 12:16 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
    2015-10-05 09:50 - 2014-11-19 12:16 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
    2015-10-04 07:37 - 2014-07-06 14:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
    2015-10-03 11:33 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\rescache
    2015-10-03 03:58 - 2015-02-28 03:02 - 00000000 ____D C:\Program Files\iTunes
    2015-10-03 03:57 - 2015-02-28 02:59 - 00000000 ____D C:\Program Files\Common Files\Apple
    2015-10-03 03:54 - 2015-02-28 03:00 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
    2015-10-02 14:46 - 2015-07-10 06:04 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
    2015-10-02 14:46 - 2015-07-10 06:04 - 00000000 ___SD C:\WINDOWS\system32\F12
    2015-10-02 14:46 - 2015-07-10 06:04 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
    2015-10-02 14:46 - 2015-07-10 06:04 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
    2015-10-02 14:46 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
    2015-10-02 14:46 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
    2015-10-02 14:46 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\Provisioning
    2015-10-02 14:46 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\L2Schemas
    2015-10-02 08:51 - 2014-01-18 20:35 - 00000052 _____ C:\WINDOWS\SysWOW64\DOErrors.log
    2015-10-01 05:17 - 2015-07-29 14:11 - 00002368 _____ C:\Users\Rena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2015-10-01 05:17 - 2015-07-29 14:11 - 00000000 ___RD C:\Users\Rena\OneDrive
    2015-09-30 18:24 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\LiveKernelReports
    2015-09-29 06:35 - 2015-07-10 07:20 - 00276824 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2015-09-29 06:30 - 2015-07-10 08:14 - 00000000 ____D C:\Program Files\Windows Journal
    2015-09-29 06:28 - 2014-12-21 04:47 - 00000344 _____ C:\WINDOWS\Tasks\HPCeeScheduleForRena.job
    2015-09-27 07:15 - 2014-07-14 08:37 - 00009728 _____ C:\Users\Rena\Documents\cover letter.wps
    2015-09-25 08:21 - 2014-12-21 04:47 - 00003232 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForRena
    2015-09-24 00:45 - 2014-01-22 15:46 - 00000000 ____D C:\Users\Rena\AppData\Local\Google

    ==================== Files in the root of some directories =======

    2014-07-06 15:19 - 2014-11-19 11:43 - 0000153 _____ () C:\Users\Rena\AppData\Roaming\WB.CFG
    2014-01-20 16:46 - 2015-10-17 15:52 - 0003924 _____ () C:\Users\Rena\AppData\Roaming\wklnhst.dat
    2014-08-02 13:48 - 2014-08-02 13:48 - 0003584 _____ () C:\Users\Rena\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2013-12-30 01:47 - 2015-10-23 04:24 - 0000188 _____ () C:\ProgramData\HPWALog.txt
    2010-03-24 03:29 - 2010-03-24 03:29 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
    2010-03-24 14:30 - 2010-03-24 14:30 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
    2010-03-24 03:28 - 2010-03-24 03:28 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
    2010-03-24 14:24 - 2010-03-24 14:25 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
    2010-03-24 03:28 - 2010-03-24 03:28 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
    2010-03-24 03:29 - 2010-03-24 03:29 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
    2010-03-24 14:24 - 2010-03-24 14:24 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
    2010-03-24 14:25 - 2010-03-24 14:30 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
    2010-03-24 03:29 - 2010-03-24 03:29 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

    Some files in TEMP:
    ====================
    C:\Users\Rena\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\Rena\AppData\Local\Temp\jre-8u65-windows-au.exe
    C:\Users\Rena\AppData\Local\Temp\mpgjfx68.dll
    C:\Users\Rena\AppData\Local\Temp\Quarantine.exe
    C:\Users\Rena\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-10-21 08:42

    ==================== End of FRST.txt ============================
     
  9. NorGitram

    NorGitram TS Enthusiast Topic Starter Posts: 112

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:21-10-2015 01
    Ran by Rena (2015-10-23 04:27:50)
    Running from C:\Users\Rena\Desktop
    Windows 10 Home (X64) (2015-07-29 19:04:24)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-3992802703-709660175-4188682519-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-3992802703-709660175-4188682519-503 - Limited - Disabled)
    Guest (S-1-5-21-3992802703-709660175-4188682519-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-3992802703-709660175-4188682519-1002 - Limited - Enabled)
    Rena (S-1-5-21-3992802703-709660175-4188682519-1000 - Administrator - Enabled) => C:\Users\Rena

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.144 - Adobe Systems Incorporated)
    Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
    Adobe Shockwave Player (HKLM-x32\...\{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}) (Version: 11.5.1.601 - Adobe Systems, Inc.)
    Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.9.160 - Adobe Systems, Inc.)
    Apple Application Support (32-bit) (HKLM-x32\...\{A50679D9-6CBD-4FCD-BACB-62EF3894F6F3}) (Version: 4.0.3 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{1F72FDD5-A069-45B4-928F-D0F16492DC69}) (Version: 4.0.3 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
    Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.0 - Atheros)
    Bejeweled 2 Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Blackhawk Striker 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Blasterball 3 (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    Build-a-lot 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Cake Mania (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Chuzzle Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2216 - CyberLink Corp.)
    CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 4.1.3419 - CyberLink Corp.)
    CyberLink PowerDVD 8 (HKLM-x32\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.1.1110 - CyberLink Corp.)
    CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2201 - CyberLink Corp.)
    Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Dora's Carnival Adventure (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Dropbox (HKU\S-1-5-21-3992802703-709660175-4188682519-1000\...\Dropbox) (Version: 3.10.8 - Dropbox, Inc.)
    Escape Rosecliff Island (x32 Version: 2.2.0.82 - WildTangent) Hidden
    ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
    ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
    Faerie Solitaire (x32 Version: 2.2.0.82 - WildTangent) Hidden
    FATE (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
    Google Photos Backup (HKU\S-1-5-21-3992802703-709660175-4188682519-1000\...\Google Photos Backup) (Version: 1.1.1.259 - Google, Inc.)
    Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6904.2028 - Google Inc.)
    Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
    Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
    HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.9512.3162 - Hewlett-Packard)
    HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.80 - WildTangent)
    HP Quick Launch (HKLM-x32\...\{EB58480C-0721-483C-B354-9D35A147999F}) (Version: 2.3.6 - Hewlett-Packard Company)
    HP Setup (HKLM-x32\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard)
    HP Smart Web Printing (HKLM-x32\...\HP Smart Web Printing) (Version: 131.1.35898 - Hewlett-Packard)
    HP Software Framework (HKLM-x32\...\{223E2363-6643-49CB-A062-59A9858EE8EE}) (Version: 3.5.17.1 - Hewlett-Packard Company)
    HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
    HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)
    HP User Guides 0178 (HKLM-x32\...\{9A4317FB-5775-4FB3-BDC9-995595106F1F}) (Version: 1.02.0000 - Hewlett-Packard)
    HP Wireless Assistant (HKLM-x32\...\{54CC7901-804D-4155-B353-21F0CC9112AB}) (Version: 3.50.9.1 - Hewlett-Packard)
    iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
    Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
    Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2086 - Intel Corporation)
    Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
    iTunes (HKLM\...\{96984DE8-1DB8-425C-AC8C-3098BC696F04}) (Version: 12.3.0.44 - Apple Inc.)
    Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
    Jewel Quest 3 (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Jewel Quest Solitaire 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
    LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2215 - CyberLink Corp.)
    LabelPrint (x32 Version: 2.5.2215 - CyberLink Corp.) Hidden
    LightScribe System Software (HKLM-x32\...\{6AFDE3BE-BC01-45A4-9D06-BBF5AD207313}) (Version: 1.18.12.1 - LightScribe)
    LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.98 - LSI Corporation)
    Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
    Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.566.0 - Microsoft Live Search Toolbar)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
    muvee Reveal (HKLM-x32\...\{43BA31BA-04BD-2EA3-0A60-A9C54E06D3F2}) (Version: 7.0.43.11502 - muvee Technologies Pte Ltd)
    Mystery P.I. - The New York Fortune (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Penguins! (x32 Version: 2.2.0.82 - WildTangent) Hidden
    PHD 2 version 2.2.1 (HKLM-x32\...\PHD 2_is1) (Version: 2.2.1 - )
    Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.140.248 - Google, Inc.)
    PictureMover (HKLM-x32\...\{1896E712-2B3D-45eb-BCE9-542742A51032}) (Version: 3.3.1.18 - Hewlett-Packard Company)
    Plants vs. Zombies (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Poker Superstars III (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Polar Bowler (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Polar Golfer (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3415 - CyberLink Corp.)
    Power2Go (x32 Version: 6.0.3415 - CyberLink Corp.) Hidden
    PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3420 - CyberLink Corp.)
    PowerDirector (x32 Version: 7.0.3420 - CyberLink Corp.) Hidden
    QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
    Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.11.1127.2009 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
    Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30105 - Realtek Semiconductor Corp.)
    Recovery Manager (x32 Version: 5.5.2214 - CyberLink Corp.) Hidden
    Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
    Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.)
    Samsung Kies (x32 Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.) Hidden
    SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.33.0 - SAMSUNG Electronics Co., Ltd.)
    Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
    ShopAtHome.com Toolbar (HKU\S-1-5-21-3992802703-709660175-4188682519-1000\...\ShopAtHome.com Toolbar) (Version: 7.10.2.10 - ShopAtHome.com) <==== ATTENTION
    SSAG 4.0 Drivers (HKLM-x32\...\Orion StarShoot Autoguider Drivers (including PH~77786628_is1) (Version: 4.0 - Orion)
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.95 - Synaptics Incorporated)
    TextTwist 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Unity Web Player (HKU\S-1-5-21-3992802703-709660175-4188682519-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    Virtual Families (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Virtual Villagers - The Secret City (x32 Version: 2.2.0.82 - WildTangent) Hidden
    VoiceOver Kit (HKLM\...\{703D47B8-2869-4A50-B988-BDE18772A474}) (Version: 1.43.128.3 - Apple Inc.)
    Wheel of Fortune 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
    Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
    Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
    Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
    WOT for Internet Explorer (HKLM\...\{373B90E1-A28C-434C-92B6-7281AFA6115A}) (Version: 13.9.2.0 - WOT Services Oy)
    Zuma's Revenge (x32 Version: 2.2.0.82 - WildTangent) Hidden

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-3992802703-709660175-4188682519-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Rena\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3992802703-709660175-4188682519-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Rena\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3992802703-709660175-4188682519-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Rena\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-3992802703-709660175-4188682519-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Rena\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-3992802703-709660175-4188682519-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Rena\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3992802703-709660175-4188682519-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
    CustomCLSID: HKU\S-1-5-21-3992802703-709660175-4188682519-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
    CustomCLSID: HKU\S-1-5-21-3992802703-709660175-4188682519-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
    CustomCLSID: HKU\S-1-5-21-3992802703-709660175-4188682519-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
    CustomCLSID: HKU\S-1-5-21-3992802703-709660175-4188682519-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
    CustomCLSID: HKU\S-1-5-21-3992802703-709660175-4188682519-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
    CustomCLSID: HKU\S-1-5-21-3992802703-709660175-4188682519-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
    CustomCLSID: HKU\S-1-5-21-3992802703-709660175-4188682519-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File

    ==================== Restore Points =========================

    02-10-2015 06:56:56 Scheduled Checkpoint
    10-10-2015 09:28:58 Windows Backup
    18-10-2015 17:45:18 Windows Update
    22-10-2015 05:49:41 JRT Pre-Junkware Removal

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 21:34 - 2014-08-15 09:03 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {00BC7528-DED5-4E4B-B1E4-3DF4C3941CD7} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
    Task: {042FE20A-0ABA-417B-8FEF-5A9FFC1544FF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2015-09-22] (Microsoft)
    Task: {071D6AF5-93B4-4EB0-BEB9-C860F607E658} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
    Task: {0A1BF346-88EA-4C5F-B65E-B6367CCCA35A} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
    Task: {0C9FD0F6-15B5-427D-80D3-CAB7BF0EECB5} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {0F5D7BE0-97F1-43D2-B74C-7C8642266886} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
    Task: {1527C4DA-53F5-4CDC-84F6-A39A52AD9BA5} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
    Task: {1649C22E-B10D-4396-8A4E-D33E63C525B7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
    Task: {1BA543D8-6F00-4EAF-B958-F1C49B786F11} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {1F581872-2E56-43DA-BD40-BB12672D2F45} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
    Task: {2345BBA5-5879-4BC4-A82C-E08CD464EB30} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
    Task: {23A50BD5-C462-4A78-8756-0B3CECE3FC4E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {243BB742-F17E-43B1-9600-F631633AB2B5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {24C76337-5F8C-4550-A5D7-931E11B74B95} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
    Task: {2D2E3815-E1E3-4D7A-ADDA-C55CEFD95E1B} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
    Task: {30C6DE8B-65EE-4076-872D-3CE2CB1002F8} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
    Task: {34B0F8D3-7DA2-41A2-97D5-D409A2EF28AA} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
    Task: {3AF93EB7-ABB0-4DBC-B09A-D986B8A87D54} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3992802703-709660175-4188682519-1000UA => C:\Users\Rena\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
    Task: {4312144E-4AD9-4D94-9171-CF81207474E1} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
    Task: {45594BFA-4173-4A20-BBB1-D5B2B2F5B765} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-10-18] (Microsoft Corporation)
    Task: {5345CC65-108F-4B75-8C41-A01618F2B05F} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
    Task: {55F75CD8-D123-498D-A608-1C213E104320} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
    Task: {56505324-9C80-48C3-8A98-59B330AB9CCB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
    Task: {583C55BF-2C3E-4C48-9AD5-4540F2F36921} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {63B9018F-CA54-42B2-9FB6-65F6082653BA} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
    Task: {64184870-BE68-4CD6-8663-F59DA16513A9} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {678A6707-169C-435C-9352-3DFF8ECDD233} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3992802703-709660175-4188682519-1000UA => C:\Users\Rena\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-07-25] (Dropbox, Inc.)
    Task: {6CB1C3EA-08B1-4FAE-8E82-2E47A3C34BC9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
    Task: {72DD56C8-4708-4AD6-891E-85C5BA751D6A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {76155563-B5FC-4685-9656-F82C765E6938} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
    Task: {786A82A5-4E54-4522-AFEC-9ABA973841AF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {7F8034CB-F870-48FF-9A27-8E5B6D3DAB38} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
    Task: {83C42C14-F063-40DF-8C22-67D1DB2B7F53} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3992802703-709660175-4188682519-1000Core => C:\Users\Rena\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-07-25] (Dropbox, Inc.)
    Task: {8D3116C6-278A-42D9-B16B-C3F78BE9FD7F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
    Task: {8EF0C711-AF4C-4BA1-975F-A7D8C9A7BC88} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-16] (Adobe Systems Incorporated)
    Task: {945F516B-225D-4905-B9C4-CB2D488B0392} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
    Task: {969F4A1F-17BC-413A-8616-A751C4B5290C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-09-29] (Hewlett-Packard)
    Task: {9802F36E-8FB7-40F0-8583-6BD4743AEC16} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
    Task: {9A93946D-3252-4518-A3F1-F0D0B139357E} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {9C5C00B8-BE9E-473F-967E-FB343DF60343} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {A0718309-68B3-4A3C-BD7E-FF74CD5B90ED} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
    Task: {B23BC103-DFD3-497F-8E08-04D3303185A0} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
    Task: {B9EE0286-9D29-4C66-9C51-18ED443FD6AE} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
    Task: {BC50F3D8-4945-45CD-9790-879C2B552B63} - System32\Tasks\HPCeeScheduleForRENA-PC$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
    Task: {CF6D9A3E-859E-4FE0-B824-70640C36EC81} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
    Task: {D00F706C-36B4-4F5C-9270-53BB158F8AFD} - System32\Tasks\HPCeeScheduleForRena => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
    Task: {D231481E-B3B5-4673-B462-0850B0FA30F7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
    Task: {D33F9457-3766-4FA0-B5DF-7EDECCACF31F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {D92B21F8-68BB-45AD-9C2E-3962DC5A636D} - System32\Tasks\{F09E2938-BA9F-4E6C-8593-EC872CA29342} => pcalua.exe -a C:\PROGRA~2\SearchProtect\Main\bin\uninstall.exe -c /S <==== ATTENTION
    Task: {DA0FB318-5E67-4F81-B698-14EC1D1D7AFD} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-07] ()
    Task: {DCE565A5-4AA9-4CEB-99DC-75B4CCB1A122} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
    Task: {F3F90119-C64F-4F63-A221-A0D639632A9D} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
    Task: {F960C79F-936D-4B50-8828-F5FD6AE3B20F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3992802703-709660175-4188682519-1000Core => C:\Users\Rena\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3992802703-709660175-4188682519-1000Core.job => C:\Users\Rena\AppData\Local\Dropbox\Update\DropboxUpdate.exe
    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3992802703-709660175-4188682519-1000UA.job => C:\Users\Rena\AppData\Local\Dropbox\Update\DropboxUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3992802703-709660175-4188682519-1000Core.job => C:\Users\Rena\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3992802703-709660175-4188682519-1000UA.job => C:\Users\Rena\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\HPCeeScheduleForRENA-PC$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
    Task: C:\WINDOWS\Tasks\HPCeeScheduleForRena.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

    ==================== Loaded Modules (Whitelisted) ==============

    2015-07-10 06:00 - 2015-07-10 06:00 - 00028160 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
    2015-07-29 15:17 - 2015-07-29 15:17 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
    2015-08-19 06:53 - 2015-08-11 04:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
    2015-02-13 06:20 - 2015-02-13 06:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-09-23 17:47 - 2015-09-23 17:47 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2015-10-01 17:40 - 2015-09-17 01:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
    2015-10-01 17:40 - 2015-09-17 00:43 - 02028544 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RulesService.dll
    2015-10-01 17:39 - 2015-09-17 00:42 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2015-10-01 17:39 - 2015-09-17 00:42 - 00619008 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SignalsManager.dll
    2015-10-01 17:40 - 2015-09-17 00:43 - 00928768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RulesBackgroundTasks.dll
    2015-10-01 17:40 - 2015-09-17 01:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
    2015-10-01 17:40 - 2015-09-17 00:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
    2015-10-01 17:40 - 2015-09-17 00:44 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
     
  10. NorGitram

    NorGitram TS Enthusiast Topic Starter Posts: 112

    2015-10-01 17:39 - 2015-09-17 00:42 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
    2015-10-01 17:40 - 2015-09-17 00:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
    2009-07-01 17:44 - 2009-07-01 17:44 - 00632888 _____ () C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
    2015-10-08 07:11 - 2015-10-08 07:12 - 00048128 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_2015.10.5.0_x64__8wekyb3d8bbwe\WinStoreTasksWrapper.dll
    2015-10-22 15:52 - 2015-10-22 15:52 - 01157632 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.0.2840.0_x64__8wekyb3d8bbwe\BackgroundTasks.Windows.dll
    2010-02-22 13:19 - 2010-02-22 13:19 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
    2010-02-22 13:19 - 2010-02-22 13:19 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
    2010-02-22 13:19 - 2010-02-22 13:19 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
    2009-09-29 17:25 - 2009-09-29 17:25 - 00061440 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
    2009-09-29 17:25 - 2009-09-29 17:25 - 00131072 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
    2009-09-29 17:25 - 2009-09-29 17:25 - 00040960 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
    2009-09-29 17:25 - 2009-09-29 17:25 - 00005632 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
    2009-09-29 17:25 - 2009-09-29 17:25 - 00018944 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
    2009-09-29 17:25 - 2009-09-29 17:25 - 00036864 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
    2009-09-29 17:25 - 2009-09-29 17:25 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
    2009-09-29 17:25 - 2009-09-29 17:25 - 00007680 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\Users\Rena\Downloads\resume Rena (1).eml:OECustomProperty
    AlternateDataStreams: C:\Users\Rena\Downloads\resume Rena.eml:OECustomProperty

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3992802703-709660175-4188682519-1000\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg
    DNS Servers: 192.168.0.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3992802703-709660175-4188682519-1000\...\StartupApproved\Run: => "Dropbox Update"
    HKU\S-1-5-21-3992802703-709660175-4188682519-1000\...\StartupApproved\Run: => "KiesPreload"
    HKU\S-1-5-21-3992802703-709660175-4188682519-1000\...\StartupApproved\Run: => "OneDrive"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
    FirewallRules: [UDP Query User{F214B16C-3EED-45CB-8318-DC1F603BDB37}C:\program files (x86)\phdguiding2\phd2.exe] => (Allow) C:\program files (x86)\phdguiding2\phd2.exe
    FirewallRules: [TCP Query User{D34CC04C-8448-4FA8-8F32-C48CE0FD5013}C:\program files (x86)\phdguiding2\phd2.exe] => (Allow) C:\program files (x86)\phdguiding2\phd2.exe
    FirewallRules: [UDP Query User{F882FE46-4394-4A4F-AA4C-3547E6EE170C}C:\users\rena\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\rena\appdata\roaming\dropbox\bin\dropbox.exe
    FirewallRules: [TCP Query User{F4BBC4B3-BC32-4C11-91BA-EBD29891762A}C:\users\rena\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\rena\appdata\roaming\dropbox\bin\dropbox.exe
    FirewallRules: [{63C995B2-35BF-4FF5-8628-4DA88BA060D7}] => (Allow) C:\Program Files (x86)\Bench\Proxy\pwdg.exe
    FirewallRules: [{3F13CB83-6A67-45F7-99D3-3710CC4A4A49}] => (Allow) C:\Program Files (x86)\Bench\Proxy\proc.exe
    FirewallRules: [{E7A2D84A-B588-446C-A83B-D079F87B0D8B}] => (Allow) C:\Users\Rena\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [{AA75F44F-8F6E-47F3-9449-FEA3B3FDECD7}] => (Allow) C:\Users\Rena\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [{A2937BC7-163A-4D13-97A7-81E707FAB960}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD8\PowerDVD8.EXE
    FirewallRules: [{89C9B58B-112C-4192-9CAF-4910910E50E5}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE
    FirewallRules: [{126E4740-E2D9-428A-8324-FA72FC064952}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
    FirewallRules: [{7B0924B8-6B1C-43BE-B022-64A27E3CAB09}] => (Allow) svchost.exe
    FirewallRules: [{5F48C91A-91E7-43F9-9336-8A1BB855B603}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    FirewallRules: [{A1DFE63E-EB30-4B30-B265-F87A8F85B274}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
    FirewallRules: [{6A731958-6E29-47C6-9265-2324881477CA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{1B79A7C8-0F83-42BC-949C-0FD600A0EE22}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{B88AD3EA-54B3-4B29-A357-2799E03EB869}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{280D9745-3E16-4C2E-B121-4CE951C7CB2E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{6FB1377D-0626-47A2-A196-221DA425724F}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [{31E7E955-47C6-429B-A621-CF89F2146884}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (10/23/2015 04:28:38 AM) (Source: ESENT) (EventID: 413) (User: )
    Description: SettingSyncHost (5400) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

    Error: (10/23/2015 04:28:38 AM) (Source: ESENT) (EventID: 488) (User: )
    Description: SettingSyncHost (5400) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ". The create file operation will fail with error -1032 (0xfffffbf8).

    Error: (10/23/2015 04:28:28 AM) (Source: ESENT) (EventID: 413) (User: )
    Description: SettingSyncHost (5400) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

    Error: (10/23/2015 04:28:28 AM) (Source: ESENT) (EventID: 488) (User: )
    Description: SettingSyncHost (5400) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ". The create file operation will fail with error -1032 (0xfffffbf8).

    Error: (10/23/2015 04:28:17 AM) (Source: ESENT) (EventID: 413) (User: )
    Description: SettingSyncHost (5400) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

    Error: (10/23/2015 04:28:17 AM) (Source: ESENT) (EventID: 488) (User: )
    Description: SettingSyncHost (5400) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ". The create file operation will fail with error -1032 (0xfffffbf8).

    Error: (10/23/2015 04:28:07 AM) (Source: ESENT) (EventID: 413) (User: )
    Description: SettingSyncHost (5400) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

    Error: (10/23/2015 04:28:07 AM) (Source: ESENT) (EventID: 488) (User: )
    Description: SettingSyncHost (5400) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ". The create file operation will fail with error -1032 (0xfffffbf8).

    Error: (10/23/2015 04:27:57 AM) (Source: ESENT) (EventID: 413) (User: )
    Description: SettingSyncHost (5400) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

    Error: (10/23/2015 04:27:57 AM) (Source: ESENT) (EventID: 488) (User: )
    Description: SettingSyncHost (5400) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ". The create file operation will fail with error -1032 (0xfffffbf8).


    System errors:
    =============
    Error: (10/22/2015 08:57:32 PM) (Source: DCOM) (EventID: 10010) (User: RENA-PC)
    Description: {D63B10C5-BB46-4990-A94F-E40B9D520160}

    Error: (10/22/2015 08:57:27 PM) (Source: DCOM) (EventID: 10010) (User: RENA-PC)
    Description: CortanaUI.AppXd4tad4d57t4wtdbnnmb8v2xtzym8c1n8.mca

    Error: (10/22/2015 08:57:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The User Data Access_Session2 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (10/22/2015 08:57:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The User Data Storage_Session2 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (10/22/2015 08:57:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Contact Data_Session2 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (10/22/2015 08:57:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Sync Host_Session2 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (10/22/2015 07:17:25 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
    Description: 4

    Error: (10/22/2015 05:37:26 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
    Description: 4

    Error: (10/22/2015 01:19:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The User Data Access_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (10/22/2015 01:19:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The User Data Storage_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.


    CodeIntegrity:
    ===================================
    Date: 2015-10-23 04:28:28.535
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-10-23 04:28:28.477
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-10-22 17:30:46.406
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-10-22 17:30:46.381
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-10-22 17:30:46.354
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-10-22 17:30:41.454
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-10-22 17:30:41.428
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-10-22 17:30:36.076
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-10-22 17:30:36.050
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-10-22 17:30:36.005
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


    ==================== Memory info ===========================

    Processor: Pentium(R) Dual-Core CPU T4500 @ 2.30GHz
    Percentage of memory in use: 46%
    Total physical RAM: 3002.92 MB
    Available physical RAM: 1609.32 MB
    Total Virtual: 6074.92 MB
    Available Virtual: 4565.2 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:283.76 GB) (Free:221.23 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive d: (RECOVERY) (Fixed) (Total:14.03 GB) (Free:2.3 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive e: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 298.1 GB) (Disk ID: 79120785)
    Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=283.8 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=14 GB) - (Type=07 NTFS)
    Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

    ==================== End of Addition.txt ============================
     
  11. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  12. NorGitram

    NorGitram TS Enthusiast Topic Starter Posts: 112

    Fix result of Farbar Recovery Scan Tool (x64) Version:21-10-2015 01
    Ran by Rena (2015-10-23 18:34:15) Run:1
    Running from C:\Users\Rena\Desktop
    Loaded Profiles: Rena (Available Profiles: Rena & DefaultAppPool)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File
    ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File
    ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File
    ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File
    SearchScopes: HKU\S-1-5-21-3992802703-709660175-4188682519-1000 -> {1901F8C0-9737-4C34-A329-752B9D54F2BA} URL =
    U3 idsvc; no ImagePath
    S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
    U3 wpcsvc; no ImagePath
    2014-07-06 15:19 - 2014-11-19 11:43 - 0000153 _____ () C:\Users\Rena\AppData\Roaming\WB.CFG
    2014-01-20 16:46 - 2015-10-17 15:52 - 0003924 _____ () C:\Users\Rena\AppData\Roaming\wklnhst.dat
    2014-08-02 13:48 - 2014-08-02 13:48 - 0003584 _____ () C:\Users\Rena\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2013-12-30 01:47 - 2015-10-23 04:24 - 0000188 _____ () C:\ProgramData\HPWALog.txt
    2010-03-24 03:29 - 2010-03-24 03:29 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
    2010-03-24 14:30 - 2010-03-24 14:30 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
    2010-03-24 03:28 - 2010-03-24 03:28 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
    2010-03-24 14:24 - 2010-03-24 14:25 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
    2010-03-24 03:28 - 2010-03-24 03:28 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
    2010-03-24 03:29 - 2010-03-24 03:29 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
    2010-03-24 14:24 - 2010-03-24 14:24 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
    2010-03-24 14:25 - 2010-03-24 14:30 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
    2010-03-24 03:29 - 2010-03-24 03:29 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
    C:\Users\Rena\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\Rena\AppData\Local\Temp\jre-8u65-windows-au.exe
    C:\Users\Rena\AppData\Local\Temp\mpgjfx68.dll
    C:\Users\Rena\AppData\Local\Temp\Quarantine.exe
    C:\Users\Rena\AppData\Local\Temp\sqlite3.dll
    CustomCLSID: HKU\S-1-5-21-3992802703-709660175-4188682519-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Rena\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3992802703-709660175-4188682519-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
    CustomCLSID: HKU\S-1-5-21-3992802703-709660175-4188682519-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
    CustomCLSID: HKU\S-1-5-21-3992802703-709660175-4188682519-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
    CustomCLSID: HKU\S-1-5-21-3992802703-709660175-4188682519-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
    CustomCLSID: HKU\S-1-5-21-3992802703-709660175-4188682519-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
    CustomCLSID: HKU\S-1-5-21-3992802703-709660175-4188682519-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
    CustomCLSID: HKU\S-1-5-21-3992802703-709660175-4188682519-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
    CustomCLSID: HKU\S-1-5-21-3992802703-709660175-4188682519-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
    Task: {0C9FD0F6-15B5-427D-80D3-CAB7BF0EECB5} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {1BA543D8-6F00-4EAF-B958-F1C49B786F11} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {23A50BD5-C462-4A78-8756-0B3CECE3FC4E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {243BB742-F17E-43B1-9600-F631633AB2B5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {583C55BF-2C3E-4C48-9AD5-4540F2F36921} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {64184870-BE68-4CD6-8663-F59DA16513A9} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {72DD56C8-4708-4AD6-891E-85C5BA751D6A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {786A82A5-4E54-4522-AFEC-9ABA973841AF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {9A93946D-3252-4518-A3F1-F0D0B139357E} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {9C5C00B8-BE9E-473F-967E-FB343DF60343} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {D33F9457-3766-4FA0-B5DF-7EDECCACF31F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {D92B21F8-68BB-45AD-9C2E-3962DC5A636D} - System32\Tasks\{F09E2938-BA9F-4E6C-8593-EC872CA29342} => pcalua.exe -a C:\PROGRA~2\SearchProtect\Main\bin\uninstall.exe -c /S <==== ATTENTION
    C:\PROGRA~2\SearchProtect\Main\bin\uninstall.exe
    AlternateDataStreams: C:\Users\Rena\Downloads\resume Rena (1).eml:OECustomProperty
    AlternateDataStreams: C:\Users\Rena\Downloads\resume Rena.eml:OECustomProperty


    *****************

    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => key removed successfully
    "HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => key removed successfully
    "HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => key removed successfully
    "HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4" => key removed successfully
    "HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully
    "HKU\S-1-5-21-3992802703-709660175-4188682519-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1901F8C0-9737-4C34-A329-752B9D54F2BA}" => key removed successfully
    HKCR\CLSID\{1901F8C0-9737-4C34-A329-752B9D54F2BA} => key not found.
    idsvc => service removed successfully
    wfpcapture => service removed successfully
    wpcsvc => service removed successfully
    C:\Users\Rena\AppData\Roaming\WB.CFG => moved successfully
    C:\Users\Rena\AppData\Roaming\wklnhst.dat => moved successfully
    C:\Users\Rena\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
    C:\ProgramData\HPWALog.txt => moved successfully
    C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log => moved successfully
    C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log => moved successfully
    C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log => moved successfully
    C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log => moved successfully
    C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log => moved successfully
    C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log => moved successfully
    C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log => moved successfully
    C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log => moved successfully
    C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log => moved successfully
    C:\Users\Rena\AppData\Local\Temp\dllnt_dump.dll => moved successfully
    C:\Users\Rena\AppData\Local\Temp\jre-8u65-windows-au.exe => moved successfully
    C:\Users\Rena\AppData\Local\Temp\mpgjfx68.dll => moved successfully
    C:\Users\Rena\AppData\Local\Temp\Quarantine.exe => moved successfully
    C:\Users\Rena\AppData\Local\Temp\sqlite3.dll => moved successfully
    "HKU\S-1-5-21-3992802703-709660175-4188682519-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}" => key removed successfully
    HKU\S-1-5-21-3992802703-709660175-4188682519-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => key not found.
    HKU\S-1-5-21-3992802703-709660175-4188682519-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => key not found.
    HKU\S-1-5-21-3992802703-709660175-4188682519-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => key not found.
    HKU\S-1-5-21-3992802703-709660175-4188682519-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => key not found.
    "HKU\S-1-5-21-3992802703-709660175-4188682519-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully
    "HKU\S-1-5-21-3992802703-709660175-4188682519-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully
    "HKU\S-1-5-21-3992802703-709660175-4188682519-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully
    "HKU\S-1-5-21-3992802703-709660175-4188682519-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0C9FD0F6-15B5-427D-80D3-CAB7BF0EECB5}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C9FD0F6-15B5-427D-80D3-CAB7BF0EECB5}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1BA543D8-6F00-4EAF-B958-F1C49B786F11}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1BA543D8-6F00-4EAF-B958-F1C49B786F11}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{23A50BD5-C462-4A78-8756-0B3CECE3FC4E}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{23A50BD5-C462-4A78-8756-0B3CECE3FC4E}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{243BB742-F17E-43B1-9600-F631633AB2B5}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{243BB742-F17E-43B1-9600-F631633AB2B5}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{583C55BF-2C3E-4C48-9AD5-4540F2F36921}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{583C55BF-2C3E-4C48-9AD5-4540F2F36921}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{64184870-BE68-4CD6-8663-F59DA16513A9}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{64184870-BE68-4CD6-8663-F59DA16513A9}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{72DD56C8-4708-4AD6-891E-85C5BA751D6A}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{72DD56C8-4708-4AD6-891E-85C5BA751D6A}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{786A82A5-4E54-4522-AFEC-9ABA973841AF}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{786A82A5-4E54-4522-AFEC-9ABA973841AF}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9A93946D-3252-4518-A3F1-F0D0B139357E}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9A93946D-3252-4518-A3F1-F0D0B139357E}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9C5C00B8-BE9E-473F-967E-FB343DF60343}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9C5C00B8-BE9E-473F-967E-FB343DF60343}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D33F9457-3766-4FA0-B5DF-7EDECCACF31F}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D33F9457-3766-4FA0-B5DF-7EDECCACF31F}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D92B21F8-68BB-45AD-9C2E-3962DC5A636D}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D92B21F8-68BB-45AD-9C2E-3962DC5A636D}" => key removed successfully
    C:\WINDOWS\System32\Tasks\{F09E2938-BA9F-4E6C-8593-EC872CA29342} => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F09E2938-BA9F-4E6C-8593-EC872CA29342}" => key removed successfully
    "C:\PROGRA~2\SearchProtect\Main\bin\uninstall.exe" => not found.
    C:\Users\Rena\Downloads\resume Rena (1).eml => ":OECustomProperty" ADS removed successfully.
    C:\Users\Rena\Downloads\resume Rena.eml => ":OECustomProperty" ADS removed successfully.

    ==== End of Fixlog 18:34:20 ====
     
  13. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services

    Press "Scan".
    It will create a log (FSS.txt) in the same directory the tool is run.
    Please copy and paste the log to your reply.


    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    [​IMG] Download Sophos Free Virus Removal Tool and save it to your desktop.
    • Double click the icon and select Run
    • Click Next
    • Select I accept the terms in this license agreement, then click Next twice
    • Click Install
    • Click Finish to launch the program
    • Once the virus database has been updated click Start Scanning
    • If any threats are found click Details, then View log file... (bottom left hand corner)
    • Copy and paste the results in your reply
    • Close the Notepad document, close the Threat Details screen, then click Start cleanup
    • Click Exit to close the program
     
  14. NorGitram

    NorGitram TS Enthusiast Topic Starter Posts: 112

    No threats found with Sophos Virus Removal Tool........

    Results of screen317's Security Check version 1.009
    x64 (UAC is enabled)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Windows Defender
    WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
    Secunia PSI (3.0.0.9016)
    Java 8 Update 65
    Java version 32-bit out of Date!
    Adobe Flash Player 19.0.0.226
    Adobe Reader XI
    ````````Process Check: objlist.exe by Laurent````````
    Windows Defender MSMpEng.exe
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbam.exe
    Malwarebytes Anti-Malware mbamscheduler.exe
    Windows Defender MpCmdRun.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: %
    ````````````````````End of Log``````````````````````


    Farbar Service Scanner Version: 26-07-2015
    Ran by Rena (administrator) on 24-10-2015 at 09:23:10
    Running from "C:\Users\Rena\Desktop"
    Microsoft Windows 10 Home (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Policy:
    ========================


    Action Center:
    ============


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============

    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => File is digitally signed
    C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
    C:\Windows\System32\dhcpcore.dll => File is digitally signed
    C:\Windows\System32\drivers\afd.sys => File is digitally signed
    C:\Windows\System32\drivers\tdx.sys => File is digitally signed
    C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
    C:\Windows\System32\dnsrslvr.dll => File is digitally signed
    C:\Windows\System32\mpssvc.dll => File is digitally signed
    C:\Windows\System32\bfe.dll => File is digitally signed
    C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
    C:\Windows\System32\wscsvc.dll => File is digitally signed
    C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
    C:\Windows\System32\wuaueng.dll => File is digitally signed
    C:\Windows\System32\qmgr.dll => File is digitally signed
    C:\Windows\System32\es.dll => File is digitally signed
    C:\Windows\System32\cryptsvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
    C:\Windows\System32\ipnathlp.dll => File is digitally signed
    C:\Windows\System32\iphlpsvc.dll => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed


    **** End of log ****

    No threats found with Sophos Virus Removal Tool........
     
  15. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Update your Java version here: http://www.java.com/en/download/manual.jsp
    Alternate download: http://www.filehippo.com/search?q=java

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
    Note 2: If you're running 64-bit system make sure you install BOTH, 32-bit and 64-bit Java.

    ===========================================

    Your computer is clean [​IMG]

    1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
    This is a very crucial step so make sure you don't skip it.
    Download [​IMG]DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

    Double-click Delfix.exe to start the tool.
    Make sure the following items are checked:
    • Activate UAC (optional; some users prefer to keep it off)
    • Remove disinfection tools
    • Create registry backup
    • Purge System Restore
    • Reset system settings
    Now click "Run" and wait patiently.
    Once finished a logfile will be created. You don't have to attach it to your next reply.

    2. Make sure Windows Updates are current.

    3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    4. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    11. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
    About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

    12. Please, let me know, how your computer is doing.
     
  16. NorGitram

    NorGitram TS Enthusiast Topic Starter Posts: 112

    The computer is running much better. Thank you for all your help.
     
  17. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Way to go!! [​IMG]
    Good luck and stay safe :)
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...