TechSpot

Please Help (FRST file) page 1

By rbruculere
May 1, 2016
  1. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:01-05-2016
    Ran by roberta (administrator) on BERT2 (01-05-2016 12:02:07)
    Running from C:\Users\roberta\Desktop
    Loaded Profiles: roberta (Available Profiles: roberta & Administrator)
    Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
    (Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\CxUtilSvc.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
    (Code 42 Software) C:\Program Files (x86)\CrashPlan\CrashPlanService.exe
    () C:\Windows\SysWOW64\PSIService.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
    (Intel Corporation) C:\Windows\System32\igfxEM.exe
    (Intel Corporation) C:\Windows\System32\igfxHK.exe
    (Innovative Solutions) C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11602.1.26.0_x64__8wekyb3d8bbwe\WinStore.Mobile.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_213.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_213.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2898832 2012-10-01] (ELAN Microelectronics Corp.)
    HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
    HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
    Winlogon\Notify\igfxcui: igfxdev.dll [X]
    HKU\S-1-5-21-217919241-653189731-3087365520-1001\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2015-09-06] (Glarysoft Ltd)
    HKU\S-1-5-21-217919241-653189731-3087365520-1001\...\RunOnce: [Uninstall C:\Users\roberta\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\roberta\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64"
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
    Startup: C:\Users\roberta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2015-12-13] ()
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    ProxyServer: [S-1-5-21-217919241-653189731-3087365520-1001] => :0
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{68140839-f5c5-47f8-a4de-51b7b83a6646}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{98ee28be-2e50-4a5e-a30c-4ae15ce48e8c}: [DhcpNameServer] 192.168.1.1

    Internet Explorer:
    ==================
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-217919241-653189731-3087365520-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-217919241-653189731-3087365520-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
    HKU\S-1-5-21-217919241-653189731-3087365520-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://pogo.com/
    HKU\S-1-5-21-217919241-653189731-3087365520-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?pc=AV01
    SearchScopes: HKLM-x32 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
    SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
    SearchScopes: HKU\S-1-5-21-217919241-653189731-3087365520-1001 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
    SearchScopes: HKU\S-1-5-21-217919241-653189731-3087365520-1001 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
    SearchScopes: HKU\S-1-5-21-217919241-653189731-3087365520-1001 -> {BC14135C-D68E-42EF-B268-8219E40D5C00} URL = hxxp://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
    SearchScopes: HKU\S-1-5-21-217919241-653189731-3087365520-1001 -> {DB986CAF-1ABD-437B-A09F-C2B7C4E9D4D5} URL =
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-30] (Oracle Corporation)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-30] (Oracle Corporation)
    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
    Toolbar: HKU\S-1-5-21-217919241-653189731-3087365520-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
    Toolbar: HKU\S-1-5-21-217919241-653189731-3087365520-1001 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - No File

    FireFox:
    ========
    FF ProfilePath: C:\Users\roberta\AppData\Roaming\Mozilla\Firefox\Profiles\1mofzxkm.default-1401985839117
    FF DefaultSearchEngine: Bing
    FF DefaultSearchEngine.US: Bing
    FF SelectedSearchEngine: Bing
    FF Homepage: hxxp://www.my.yahoo.com/
    FF NetworkProxy: "type", 0
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-15] ()
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-15] ()
    FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-08-12] (Google, Inc.)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-12] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-12] (Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-30] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-30] (Oracle Corporation)
    FF Plugin-x32: @mcafee.com/MVT -> C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll [No File]
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
    FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2013-05-10] (Adobe Systems Inc.)
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2013-11-06]
    FF Extension: Saved Password Editor - C:\Users\roberta\AppData\Roaming\Mozilla\Firefox\Profiles\1mofzxkm.default-1401985839117\extensions\savedpasswordeditor@daniel.dawson.xpi [2016-01-28]
    FF Extension: Print Edit - C:\Users\roberta\AppData\Roaming\Mozilla\Firefox\Profiles\1mofzxkm.default-1401985839117\extensions\printedit@DW-dev.xpi [2016-04-01]
    FF Extension: Print/Print Preview - C:\Users\roberta\AppData\Roaming\Mozilla\Firefox\Profiles\1mofzxkm.default-1401985839117\extensions\{19EB90DC-A456-458b-8AAC-616D91AAFCE1}.xpi [2016-04-30]
    FF Extension: NoScript Suite Lite - C:\Users\roberta\AppData\Roaming\Mozilla\Firefox\Profiles\1mofzxkm.default-1401985839117\Extensions\jid1-k8qH8wJfc2KaUi@jetpack.xpi [2016-02-10]
    FF Extension: Toolbar Buttons - C:\Users\roberta\AppData\Roaming\Mozilla\Firefox\Profiles\1mofzxkm.default-1401985839117\Extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}.xpi [2016-04-30]
    FF Extension: FireShot - C:\Users\roberta\AppData\Roaming\Mozilla\Firefox\Profiles\1mofzxkm.default-1401985839117\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2016-04-30]
    FF Extension: Adblock Plus - C:\Users\roberta\AppData\Roaming\Mozilla\Firefox\Profiles\1mofzxkm.default-1401985839117\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-30]
    FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
    FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-08-29] [not signed]
    FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt => not found

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 ChromodoUpdater; C:\Program Files (x86)\Comodo\Chromodo\chromodo_updater.exe [2306248 2015-04-02] (Comodo)
    R2 CrashPlanService; C:\Program Files (x86)\CrashPlan\CrashPlanService.exe [266112 2016-04-14] (Code 42 Software)
    R2 CxUtilSvc; C:\Program Files\Conexant\SA3\CxUtilSvc.exe [109184 2012-08-06] (Conexant Systems, Inc.)
    S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2013-08-22] (Microsoft Corporation) [File not signed]
    R2 HPSLPSVC; C:\Users\roberta\AppData\Local\Temp\7zS031F\hpslpsvc64.dll [1039360 2015-09-21] (Hewlett-Packard Co.) [File not signed]
    S3 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-04-27] (Hewlett-Packard Company)
    R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
    R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-12-13] (Intel Corporation)
    S3 InnovativeSolutions_monitor; C:\Program Files (x86)\Common Files\Innovative Solutions\Advanced Uninstaller\InnovativeSolutions_monitor_Svr.exe [1064552 2015-10-07] ()
    R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
    S3 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-12] (Intel Corporation)
    S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-12-01] (Malwarebytes)
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-12-01] (Malwarebytes)
    S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
    S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
    R2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [177704 2007-06-05] ()
    S3 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-03-26] (CyberLink)
    S4 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1915920 2014-04-04] (SoftThinks SAS)
    S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
    R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-08-29] (CyberLink)
    S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2012-08-04] (OSR Open Systems Resources, Inc.)
    S3 DIRECTIO; C:\Program Files\PerformanceTest\DirectIo64.sys [31160 2014-04-24] ()
    R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2015-07-10] (Glarysoft Ltd)
    R1 GUSBootStartup; C:\Windows\System32\drivers\GUSBootStartup.sys [20160 2015-07-10] (Glarysoft Ltd)
    S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [109272 2016-03-28] (Malwarebytes)
    R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-12-01] (Malwarebytes)
    S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-04-07] (Malwarebytes)
    S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-12-01] (Malwarebytes Corporation)
    R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-12] (Intel Corporation)
    R3 NETwNe64; C:\Windows\System32\drivers\NETwew01.sys [3343872 2015-10-30] (Intel Corporation)
    S3 NMgamingmsFltr; C:\Windows\system32\drivers\NMgamingms.sys [11648 2014-02-27] (LXD Development, Inc.) [File not signed]
    R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek )
    R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402960 2015-05-14] (Realsil Semiconductor Corporation)
    S3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [48096 2012-08-09] (Windows (R) Win 7 DDK provider)
    S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
    R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
    R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
    R3 WirelessKeyboardFilter; C:\Windows\System32\drivers\WirelessKeyboardFilter.sys [49384 2016-03-29] (Microsoft Corporation)
    S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-09] (Windows (R) Win 7 DDK provider)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
  2. rbruculere

    rbruculere TS Rookie Topic Starter Posts: 22

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:01-05-2016
    Ran by roberta (2016-05-01 12:03:09)
    Running from C:\Users\roberta\Desktop
    Windows 10 Home Version 1511 (X64) (2015-12-13 19:52:14)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-217919241-653189731-3087365520-500 - Administrator - Enabled) => C:\Users\Administrator
    DefaultAccount (S-1-5-21-217919241-653189731-3087365520-503 - Limited - Disabled)
    Guest (S-1-5-21-217919241-653189731-3087365520-501 - Limited - Enabled)
    HomeGroupUser$ (S-1-5-21-217919241-653189731-3087365520-1010 - Limited - Enabled)
    roberta (S-1-5-21-217919241-653189731-3087365520-1001 - Administrator - Enabled) => C:\Users\roberta
    scott bruculere (S-1-5-21-217919241-653189731-3087365520-1008 - Limited - Enabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
    Adobe Acrobat X Standard - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-BA7E-000000000005}) (Version: 10.1.7 - Adobe Systems)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
    Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
    Advanced Uninstaller PRO - Version 11 (HKLM-x32\...\AU11_is1) (Version: 11.67.0.327 - Innovative Solutions)
    Application Verifier x64 External Package (Version: 8.100.25984 - Microsoft) Hidden
    Ashampoo Burning Studio FREE v.1.14.5 (HKLM-x32\...\{91B33C97-91F8-FFB3-581B-BC952C901685}_is1) (Version: 1.14.5 - Ashampoo GmbH & Co. KG)
    Avery Design & Print (HKLM-x32\...\Avery Design & Print 1.0.0) (Version: 1.0.0 - Avery Products Corporation)
    bpd_scan_Carrier (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
    BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
    CCleaner (HKLM\...\CCleaner) (Version: 5.15 - Piriform)
    Chromodo (HKLM-x32\...\Chromodo) (Version: 36.7.0.8 - Comodo)
    Cloud Drive (HKLM-x32\...\{F40EC703-6B64-4C2D-80BC-5ED2D8295C04}) (Version: 5.1.30.18 - Cox Secure Online Backup for Windows)
    Conexant SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.40.0 - Conexant)
    CPUID HWMonitor 1.21 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
    CrashPlan (HKLM\...\{753E3F29-F1BC-4FE6-A964-622DAE9976CF}) (Version: 4.6.0.403 - Code 42 Software)
    CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 11.0 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.1.2 - Dell Inc.)
    Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.16.1 - Dell Inc.)
    Dell System Detect (HKU\S-1-5-21-217919241-653189731-3087365520-1001\...\58d94f3ce2c27db0) (Version: 6.12.0.1 - Dell)
    Dell Touchpad (HKLM\...\Elantech) (Version: 11.3.2.5 - ELAN Microelectronic Corp.)
    Design & Print (HKLM-x32\...\Design & Print 1.0.1) (Version: 1.0.1 - Avery Products Corp.)
    DesignPro 5 (HKLM-x32\...\InstallShield_{C8F04EF6-C4DB-4D86-8D86-32E7DBDA8595}) (Version: 5.5.708 - Avery Dennison)
    DesignPro 5 (x32 Version: 5.5.708 - Avery Dennison) Hidden
    Desktop Restore (HKLM\...\{15D07D6F-E4CC-41D9-88A3-94115E5E5A10}) (Version: 1.6.3 - JOConnell)
    DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
    Drag and Drop Backup (HKLM-x32\...\{480EA68A-699D-450D-9869-2216AC49D23C}) (Version: 2.1.33 - Cox)
    dupeGuru Music Edition (HKLM\...\{C51BC104-8666-4F9C-8072-715AE1A69A75}) (Version: 6.8.1 - Hardcoded Software)
    dupeGuru Picture Edition (HKLM\...\{C9A60D50-28B0-4BCB-B720-1ECACA351F09}) (Version: 2.10.1 - Hardcoded Software)
    Duplicate File Finder (HKLM-x32\...\{0670E1C9-84EF-4C85-B030-CF0A5A76B212}_is1) (Version: 5.4 - Ashisoft)
    Easy Computer Sync (HKLM-x32\...\Easy Computer Sync) (Version: 1.5 - Bravura Software LLC)
    EnhanceMy8 (HKLM\...\EnhanceMy8_is1) (Version: - SeriousBit)
    eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
    Fast Duplicate File Finder 4.7.0.1 (HKLM-x32\...\{AFECFED6-0A43-488F-8511-1DC6B52F31C3}_is1) (Version: 4.7.0.1 - MindGems, Inc.)
    FastStone Image Viewer 5.3 (HKLM-x32\...\FastStone Image Viewer) (Version: 5.3 - FastStone Soft)
    Glary Utilities 5.32 (HKLM-x32\...\Glary Utilities 5) (Version: 5.32.0.52 - Glarysoft Ltd)
    HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: - )
    HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
    HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
    Intel(R) Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
    Intel(R) Processor ID Utility (HKLM-x32\...\{A92A4DB0-CD37-42D1-BE1D-603D53C24328}) (Version: 4.90.0000 - Intel(R) Corporation)
    Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
    Intel(R) Turbo Boost Technology Monitor 2.6 (HKLM\...\{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}) (Version: 2.6.2.0 - Intel)
    Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
    Intel® PROSet/Wireless Software (HKLM-x32\...\{89a03d4c-5e14-4180-984e-6932893138fc}) (Version: 17.14.0 - Intel Corporation)
    Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
    jv16 PowerTools X (HKLM-x32\...\jv16 PowerTools X) (Version: - Macecraft Software)
    Kits Configuration Installer (x32 Version: 8.100.25984 - Microsoft) Hidden
    Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
    Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{D1D37853-0004-3E36-A7AA-74F4EEA35F64}) (Version: 4.5.50930 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
    Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
    Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Sync Framework 2.1 Core Components (x86) ENU (HKLM-x32\...\{7AC8EF88-D996-4D47-B40C-4DD93E307481}) (Version: 2.1.1648.0 - Microsoft Corporation)
    Microsoft Sync Framework 2.1 Provider Services (x86) ENU (HKLM-x32\...\{77610794-D144-422E-82B2-77BBE9052FDA}) (Version: 2.1.1648.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Mozilla Firefox 45.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.0.2 (x86 en-US)) (Version: 45.0.2 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.2.5941 - Mozilla)
    Mozilla Thunderbird 38.7.2 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 38.7.2 (x86 en-US)) (Version: 38.7.2 - Mozilla)
    MSI Development Tools (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
    My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
    paint.net (HKLM\...\{DADC2AF6-DC9F-4BCF-BFCE-DCEC16EF507C}) (Version: 4.0.9 - dotPDN LLC)
    Peachtree Complete Accounting 2005 (HKLM-x32\...\InstallShield_{D7614A76-A821-4FB1-8C80-37D0F7DE5040}) (Version: 12.00.01 - Best Software SB, Inc)
    Peachtree Complete Accounting 2005 (x32 Version: 12.00.01 - Best Software SB, Inc) Hidden
    PerformanceTest v8.0 (HKLM\...\PerformanceTest 8_is1) (Version: 8.0.1036.0 - Passmark Software)
    PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
    Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
    Quick Startup 5.10.1.103 (HKLM-x32\...\Quick Startup) (Version: 5.10.1.103 - Glarysoft Ltd)
    Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.005 - Dell Inc.)
    Readiris Pro 12 (HKLM-x32\...\{3AC26580-A695-4134-84AE-5121B3AAE545}) (Version: 12.00.6468 - I.R.I.S.)
    Real-Draw PRO 4.0 (HKLM-x32\...\Real-Draw PRO_is1) (Version: - Mediachance)
    Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
    SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.14.0 - SAMSUNG Electronics Co., Ltd.)
    SDK Debuggers (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
    Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
    Smart View 2.0 (HKLM-x32\...\{FBAAAFAE-08A8-4C63-87EA-4AEA9DEE53E1}) (Version: 1.0.0.0 - Samsung)
    Sonic Activation Module (x32 Version: 1.0 - Sonic Solutions) Hidden
    SpaceMonger 2.1.1 (HKLM-x32\...\SpaceMonger) (Version: 2.1.1 - Sixty-Five)
    SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
    SUPER © v2013.build.59+Recorder (2013/12/18) version v2013.buil (HKLM-x32\...\{8E2A18E2-96AF-4DF9-8459-5C06B75139A4}_is1) (Version: v2013.build.59+Recorder - eRightSoft)
    System Requirements Lab for Intel (HKLM-x32\...\{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}) (Version: 4.5.24.0 - Husdawg, LLC)
    Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.8.2 - Tweaking.com)
    VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
    ViewSonic Monitor Drivers (HKLM-x32\...\{B4FEA924-630D-11D4-B78E-005004566E4D}) (Version: - )
    ViewSonic Windows 7 x64 Signed Files (HKLM-x32\...\{FC47C7A5-BE63-11D5-B7C9-005004566E4D}) (Version: - )
    VSDC Free Video Editor version 3.3.5.411 (HKLM-x32\...\VSDC Free Video Editor_is1) (Version: 3.3.5.411 - Flash-Integro LLC)
    Winamp (HKLM-x32\...\Winamp) (Version: 5.63 - Nullsoft, Inc)
    Winamp Detector Plug-in (HKU\S-1-5-21-217919241-653189731-3087365520-1001\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
    Windows Software Development Kit for Windows 8.1 (HKLM-x32\...\{2fc72c67-2837-46c2-b20a-9acb0d3cb2b2}) (Version: 8.100.25984 - Microsoft Corporation)
    Winmail Reader 1.2.15 (HKLM-x32\...\Winmail Reader_is1) (Version: - Kopf)
    WPT Redistributables (x32 Version: 8.100.26866 - Microsoft) Hidden
    WPTx64 (x32 Version: 8.100.26837 - Microsoft) Hidden

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-217919241-653189731-3087365520-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\roberta\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-217919241-653189731-3087365520-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {03D296EC-E82E-4D25-B2C2-A611B4E86334} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {06C0ECE9-BE29-4417-B073-84255F24326B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {08CCB8E7-52A2-4652-AF76-7FBD1FFBC1C3} - System32\Tasks\{DB9BEFA3-3616-4D2C-B56F-AD1484E263EE} => pcalua.exe -a D:\Bin\demo32.exe -d D:\Bin
    Task: {1310FFB1-C6F7-4186-8018-9B16EB4D0F3A} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {1A7AC3DC-5ED5-4959-910D-EE29755B683A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {1B3BC5C5-9D75-44B1-91B6-5AC102C596E6} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-04-04] (Microsoft Corporation)
    Task: {23BAE091-EC01-4B71-BB84-92AD122E9B40} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {23D4474D-1653-4422-B826-8AF34679B6E0} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-04-13] (Microsoft Corporation)
    Task: {26B27C75-E95C-45E4-9D25-F022EA2463DB} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2015-09-06] (Glarysoft Ltd)
    Task: {2F08FECA-7BF2-4A77-8A62-8A3E11241D33} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {36C8DC15-AE12-4AAE-9F9C-C2A17856E412} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {50E4C3A2-13A9-4741-AB37-41E3ECEB1882} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-04-04] (Microsoft Corporation)
    Task: {585E5582-F109-4E58-B9B4-60523A242900} - System32\Tasks\COMODO CertSentry Updater => C:\Windows\system32\certsentry.exe [2015-04-02] (COMODO CA Limited)
    Task: {5D1EB274-1973-490C-BF4E-03B935313049} - System32\Tasks\Dell\Dell System Registration => C:\Program Files (x86)\System Registration\prodreg.exe [2012-07-09] (Dell, Inc.)
    Task: {6A85753B-7DCC-418C-AFAF-1F549314957B} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-04] (CyberLink)
    Task: {7870CA20-CC11-47ED-97AD-2DBEE134D936} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {7E82575A-0176-4182-8743-B0938AE62C44} - \PCDEventLauncherTask -> No File <==== ATTENTION
    Task: {812A12B0-5040-46D0-B8B0-DCF415560EFB} - \PCDoctorBackgroundMonitorTask -> No File <==== ATTENTION
    Task: {81FE64FF-A3BF-4F1A-BAB4-50B599E102F6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-02-12] (Piriform Ltd)
    Task: {8A2AD3BF-4F07-4E11-AB3E-BA568CBE464F} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
    Task: {91151FAF-9E99-4AC7-8267-F8FF6AEBEBAA} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2015-09-06] (Glarysoft Ltd)
    Task: {9624B71E-990B-4358-8D75-2521F4260743} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {9AB38E51-49A8-45C1-BF79-41988346E24C} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
    Task: {A04C46B0-A88E-4CA4-B502-34F22C7BD325} - \PCDEventLauncher -> No File <==== ATTENTION
    Task: {A66DB38B-229F-4FC9-A4AC-672E0B5D217B} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-04-04] (Microsoft Corporation)
    Task: {AA5C4C28-7B48-4CB7-B1F7-7DC851F4FBE1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {B410E3BC-31F7-426C-91AB-938F2E5A1585} - System32\Tasks\UninstallMonitor => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe [2015-10-07] (Innovative Solutions)
    Task: {BD31765A-3C98-4002-ABAA-8A772B940741} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
    Task: {BDE2BC80-10E1-4CCB-A7CF-D7C576D44F47} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-04-04] (Microsoft Corporation)
    Task: {CA68E378-4DEF-40EF-81BB-0D206B4BC705} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {CFF86C44-DF04-4B79-845A-BFC975F0F455} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2015-04-04] (Microsoft)
    Task: {D8D38B53-2F89-4283-BE51-5197D4ABA789} - \SystemToolsDailyTest -> No File <==== ATTENTION
    Task: {E79821B3-B533-4FC4-BEFA-FF899438A844} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    Task: {EAF31FD0-5B6B-4B48-95B8-51D85D2FEEC8} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
    Task: {EB66E65C-D000-42E6-BD3B-7E16B4438CD3} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
    Task: {EC311D37-CE0E-4157-91DD-3610A021A45E} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
    Task: {F7781B73-A584-4137-80B1-9BD6068A2DFE} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.)
    Task: {F8FFC6D2-48BF-4FE9-9001-626AD9A45E67} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/uninstall.html?aaa=KICMNMKMMMKMIMMJMJHMCNNMNJKMOMCNLMKJMJLJCNHMIMKMGMCNNMOJLJOJGMNJMMHMGMKMJJHMJNJICMIMCNGMCNIMFMOMOMCNPMCNGMJMPMPMFMJMCNMMCNGMJMPMPMCNNMJNPICMPMFMFMLMJNHICMEKMICNJJCKJNBJCMNIAJNJKJNILIOJJNKJCMJNNICMJNDJCMKJBJJNMJCMPMFMPMFMPMJNFICM (the data entry has 27 more characters).
    Task: {FEBC165C-A532-48C1-912A-4AEA9DE9D7A6} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2015-10-30 00:18 - 2015-10-30 00:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
    2016-04-14 13:43 - 2016-04-14 13:43 - 00014848 _____ () C:\Program Files (x86)\CrashPlan\md564.dll
    2016-04-14 13:43 - 2016-04-14 13:43 - 00238592 _____ () \\?\C:\Program Files (x86)\CrashPlan\cpnative64.dll
    2007-06-05 14:20 - 2007-06-05 14:20 - 00177704 _____ () C:\Windows\SysWOW64\PSIService.exe
    2016-04-13 04:17 - 2016-03-29 03:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
    2016-04-13 04:17 - 2016-03-29 03:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
    2015-12-18 09:47 - 2015-12-06 21:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
    2016-04-13 04:16 - 2016-04-01 20:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
    2016-04-13 04:17 - 2016-04-01 20:03 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
    2016-04-13 04:16 - 2016-04-01 19:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2016-04-13 04:17 - 2016-04-01 19:59 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
    2016-04-13 04:17 - 2016-04-01 20:02 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
    2016-04-30 03:39 - 2016-04-30 03:39 - 10256384 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11602.1.26.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
    2014-01-13 06:58 - 2015-10-07 11:53 - 00565827 _____ () C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\sqlite3.dll
    2014-12-25 07:46 - 2013-09-12 09:55 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
    2015-08-16 23:34 - 2015-08-16 23:34 - 00080160 _____ () C:\Program Files (x86)\Glary Utilities 5\zlib1.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\WINDOWS\system32\certsentry.exe:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\coin94.dll:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\dfp.exe:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\DfpCommon.dll:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\SET380D.tmp:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\SET3C2D.tmp:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\SET3D2C.tmp:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\UtcResources.dll:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\wu.upgrade.ps.dll:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\SysWOW64\AdvUninstCPL.cpl:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\IntcDAud.sys:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\mbam.sys:$CmdTcID [130]
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\mwac.sys:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\point64.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Desktop\10 - The Rubberband Man.mp3:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Desktop\10 - The Rubberband Man.mp3:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Desktop\CrowdInspect.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Desktop\CrowdInspect.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Desktop\Me from camera 10 2015.jpg:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Desktop\Roberta.jpg:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\01-Jul-2015_to_01-Aug-2015.csv:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\01-Jul-2015_to_01-Aug-2015.csv:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\1.MFL37933576_E.pdf:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\1.MFL37933576_E.pdf:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\10 - The Rubberband Man(1).mp3:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\10 - The Rubberband Man(1).mp3:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\20150626_atc_new_research_finds_lonely_people_have_superior_social_skills.mp3:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\20150626_atc_new_research_finds_lonely_people_have_superior_social_skills.mp3:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\adksetup.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\adksetup.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\Antivirus_Free_Edition.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\Antivirus_Free_Edition.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\averywizard_5_0_0_3026_5_en-eu.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\averywizard_5_0_0_3026_5_en-eu.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\ConnectUtility.exe:$CmdTcID [130]
    AlternateDataStreams: C:\Users\roberta\Downloads\ConnectUtility.exe:$CmdZnID [29]
    AlternateDataStreams: C:\Users\roberta\Downloads\CoxBackup-5.1.30.18.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\CoxBackup-5.1.30.18.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\CrowdInspect.zip:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\CrowdInspect.zip:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\DBFPlus.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\DBFPlus.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\Decrap_Setup.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\delinf_10230.EXE:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\delinf_10230.EXE:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\DellCertFix.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\DellCertFix.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\Destination Service Request [599905-D1-V1] [BYARS, ROCHELLE] [Service Date_ 9_8_2015] Scott's Packing & Crating - Third Party.pdf:$CmdTcID [130]
    AlternateDataStreams: C:\Users\roberta\Downloads\Destination Service Request [599905-D1-V1] [BYARS, ROCHELLE] [Service Date_ 9_8_2015] Scott's Packing & Crating - Third Party.pdf:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\Drag and Drop Backup-2.1.33-prod.msi:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\Drag and Drop Backup-2.1.33-prod.msi:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\DropboxInstaller(1).exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\DropboxInstaller(1).exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\FastDuplicateFileFinder.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\FastDuplicateFileFinder.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\Firefox Setup Stub 39.0.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\Firefox Setup Stub 39.0.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\FSViewerSetup53.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\FSViewerSetup53.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\Glary_Utilities_v5.30.0.50 (1).exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\Glary_Utilities_v5.30.0.50 (1).exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\Glary_Utilities_v5.30.0.50.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\Glary_Utilities_v5.30.0.50.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\Glary_Utilities_v5.32.0.52.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\Glary_Utilities_v5.32.0.52.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\gu5setup.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\gu5setup.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\HPPSdr.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\HPPSdr.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\HPSupportSolutionsFramework-11.51.0049.msi:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\HPSupportSolutionsFramework-11.51.0049.msi:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\install_flash_player_ics.apk:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\install_flash_player_ics.apk:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\Intel Driver Update Utility Installer.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\Intel Driver Update Utility Installer.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\JavaSetup8u60.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\JavaSetup8u60.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\jre-8u51-windows-i586-iftw.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\jre-8u51-windows-i586-iftw.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\jre-8u51-windows-x64.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\jre-8u51-windows-x64.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\jre-8u60-windows-i586-iftw.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\jre-8u60-windows-i586-iftw.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\jre-8u60-windows-x64.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\jre-8u60-windows-x64.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\jv16pt_setup.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\jxpiinstall(1).exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\jxpiinstall(1).exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\mbam-setup-2.1.4.1018.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\mbam-setup-2.1.4.1018.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\mbam-setup-2.2.0.1024.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\mbam-setup-2.2.0.1024.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\mbar-1.09.3.1001.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\mbar-1.09.3.1001.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\MFC-7460DN-inst-B1-usa.EXE:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\MFC-7460DN-inst-B1-usa.EXE:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\MFC-7460DN-inst-C1-USA.EXE:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\MFC-7460DN-inst-C1-USA.EXE:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\Mozilla_Thunderbird_v38.0.1.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\Mozilla_Thunderbird_v38.0.1.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\msert.exe:$CmdTcID [130]
    AlternateDataStreams: C:\Users\roberta\Downloads\msert.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\nettool_12110.EXE:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\nettool_12110.EXE:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\paint.net.4.0.5.install.zip:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\paint.net.4.0.5.install.zip:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\PhotoScape_V3.6.2.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\PhotoScape_V3.6.2.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\PO-JEK-901172(1).pdf:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\PO-JEK-901172(1).pdf:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\PO-JEK-901172.pdf:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\PO-JEK-901172.pdf:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\qssetup.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\qssetup.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\Sales_and_Use_Tax_Return_10-09-14.xls:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\Sales_and_Use_Tax_Return_10-09-14.xls:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\SAMSUNG_USB_Driver_for_Mobile_Phones_v1.5.45.0.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\SAMSUNG_USB_Driver_for_Mobile_Phones_v1.5.45.0.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\SetPoint6.67.83_smart.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\SetPoint6.67.83_smart.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\signature-0.4.0.4.200610221528-fx+tb.xpi:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\signature-0.4.0.4.200610221528-fx+tb.xpi:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\SmartView2.msi:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\SmartView2.msi:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\win64_153338.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\win64_153338.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\WO-JEK-901172.pdf:$CmdTcID [130]
    AlternateDataStreams: C:\Users\roberta\Downloads\WO-JEK-901172.pdf:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\X414d5120514552504d5130312020202054fc75212a0ef380.pdf:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\X414d5120514552504d5130312020202054fc75212a0ef380.pdf:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\Y10E_C1-gdi-32-D2.EXE:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\Y10E_C1-gdi-32-D2.EXE:$CmdZnID [26]
     
  3. rbruculere

    rbruculere TS Rookie Topic Starter Posts: 22

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2012-07-25 22:26 - 2016-03-28 15:50 - 00000855 ____A C:\WINDOWS\system32\Drivers\etc\hosts

    127.0.0.1 localhost

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-217919241-653189731-3087365520-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\roberta\AppData\Roaming\FSL\IconRestorer\Wallpapers\IconRestorer.bmp
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\Services: Dell-Backup-Svc => 2
    MSCONFIG\Services: IDriverT => 3
    MSCONFIG\Services: McAWFwk => 3
    MSCONFIG\Services: mcmscsvc => 2
    MSCONFIG\Services: McNASvc => 2
    MSCONFIG\Services: RoxMediaDB9 => 3
    MSCONFIG\Services: RoxWatch9 => 2
    MSCONFIG\Services: stllssvr => 3
    HKLM\...\StartupApproved\StartupFolder: => "HP Digital Imaging Monitor.lnk"
    HKLM\...\StartupApproved\StartupFolder: => "Cox Cloud Drive.lnk"
    HKLM\...\StartupApproved\Run: => "BTMTrayAgent"
    HKLM\...\StartupApproved\Run: => "IntelTBRunOnce"
    HKLM\...\StartupApproved\Run: => "QuickSet"
    HKLM\...\StartupApproved\Run: => "SmartAudio"
    HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
    HKLM\...\StartupApproved\Run: => "Dell Backup Dashboard"
    HKLM\...\StartupApproved\Run: => "Corel Photo Downloader"
    HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
    HKLM\...\StartupApproved\Run: => "EvtMgr6"
    HKLM\...\StartupApproved\Run: => "IAStorIcon"
    HKLM\...\StartupApproved\Run32: => "CLMLServer_For_P2G8"
    HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
    HKLM\...\StartupApproved\Run32: => "Adobe ARM"
    HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
    HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
    HKLM\...\StartupApproved\Run32: => "HP Software Update"
    HKLM\...\StartupApproved\Run32: => "Corel Photo Downloader"
    HKLM\...\StartupApproved\Run32: => "Adobe Acrobat Speed Launcher"
    HKLM\...\StartupApproved\Run32: => "RoxWatchTray"
    HKLM\...\StartupApproved\Run32: => "KiesTrayAgent"
    HKLM\...\StartupApproved\Run32: => "Vault Explorer Cache Watcher"
    HKU\S-1-5-21-217919241-653189731-3087365520-1001\...\StartupApproved\StartupFolder: => "OneNote 2010 Screen Clipper and Launcher.lnk"
    HKU\S-1-5-21-217919241-653189731-3087365520-1001\...\StartupApproved\StartupFolder: => "DealFinder.lnk"
    HKU\S-1-5-21-217919241-653189731-3087365520-1001\...\StartupApproved\Run: => ""
    HKU\S-1-5-21-217919241-653189731-3087365520-1001\...\StartupApproved\Run: => "KiesAirMessage"
    HKU\S-1-5-21-217919241-653189731-3087365520-1001\...\StartupApproved\Run: => "KiesPreload"
    HKU\S-1-5-21-217919241-653189731-3087365520-1001\...\StartupApproved\Run: => "DellSystemDetect"
    HKU\S-1-5-21-217919241-653189731-3087365520-1001\...\StartupApproved\Run: => "GUDelayStartup"
    HKU\S-1-5-21-217919241-653189731-3087365520-1001\...\StartupApproved\Run: => "OneDrive"
    HKU\S-1-5-21-217919241-653189731-3087365520-1001\...\StartupApproved\Run: => "CCleaner Monitoring"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [{5060C364-B4AB-442C-A4F3-1CB9407945DA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{655ABC0B-66D4-4702-97B9-A2C17654522B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{FB14986F-0D11-4590-90B2-B2FDDA8C16C8}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    FirewallRules: [{00A8B8D6-62CD-4C46-A3FA-6081FD47A6FA}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    FirewallRules: [{2BCE0E06-129D-4D80-8DD3-94BFB61131E1}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
    FirewallRules: [{BA3AFECE-BBC6-4359-8410-C4EAD0B72838}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
    FirewallRules: [{10E4B00D-D4A0-41D4-BB84-F365C21C9B0A}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe
    FirewallRules: [{32429FA7-7190-4629-B115-D1518E7662B7}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe
    FirewallRules: [{4FC95EE1-ACE1-43DF-8610-C948355611F0}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe
    FirewallRules: [{32CD9D16-153E-45F3-BFD9-128A8EFE4A14}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe
    FirewallRules: [{3A0C4AF4-E997-4B55-845C-C8EEC77FEBC2}] => (Allow) C:\Users\roberta\AppData\Local\Temp\7zS28A7\HPDiagnosticCoreUI.exe
    FirewallRules: [{9CC237A8-DA51-4A92-A6AC-94A4BCD3AB1E}] => (Allow) C:\Users\roberta\AppData\Local\Temp\7zS28A7\HPDiagnosticCoreUI.exe
    FirewallRules: [{BBA9563E-E14D-4352-AB62-FC5335217D8A}] => (Allow) C:\Program Files (x86)\Dell\Tech Concierge\node.exe
    FirewallRules: [{8C788B5F-B336-4FC2-AB0F-8BD379D33A5B}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
    FirewallRules: [{6578936D-4BE6-4BC3-AB17-3523041D40C0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
    FirewallRules: [{910D1D57-FF08-4A09-8E0F-714D647A9829}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
    FirewallRules: [{CF6DEE7B-B4C7-4023-9321-4BEA222C041B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    FirewallRules: [{CB634967-D089-4075-BCAB-FC89A6978161}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
    FirewallRules: [{AA659F15-AA74-4200-BCA0-C2D34B2D97E9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
    FirewallRules: [{D0AC69F8-3AED-41B4-A6D0-B75D5CB053FE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
    FirewallRules: [{F38C770E-730B-496E-972B-857FE5977098}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
    FirewallRules: [{159FC5D6-0CF6-4213-9041-5F0C91285780}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
    FirewallRules: [{29855EAB-BBFD-488D-89A4-995BCE986933}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
    FirewallRules: [{A269AF83-A9A4-4399-A76F-8B1B75F1EE04}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
    FirewallRules: [{52A2CD79-DD1C-470D-A528-468680D24311}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
    FirewallRules: [{1BC93AD1-FC30-4284-8954-0283B018F546}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
    FirewallRules: [{B1AB3D89-8AB9-4812-94F1-3D5BC8D17E3A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
    FirewallRules: [{13536D1F-0EC0-4221-AD49-B0DD059330CE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
    FirewallRules: [{87F76901-29C9-4F32-AE76-A672F7B550CA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
    FirewallRules: [{0F577FC6-0FED-4205-B03A-4DF1799002B7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    FirewallRules: [{2A42928B-71DF-4697-BA6A-47213CD27BD7}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
    FirewallRules: [{482368FB-23C3-4329-90FE-96C2B706FAD2}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
    FirewallRules: [{274A6467-9F65-43D1-8E35-05877B3AAED0}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
    FirewallRules: [{32899002-1B21-448D-8918-51F8D49EE35F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
    FirewallRules: [{371FFBD7-78E1-4F75-91E2-AE32092A7B8E}] => (Allow) C:\Users\roberta\AppData\Local\Temp\7zS4E9B\hppiw.exe
    FirewallRules: [{BAAB4855-0143-4AB4-A3E8-2CB91593B20C}] => (Allow) C:\Users\roberta\AppData\Local\Temp\7zS4E9B\hppiw.exe
    FirewallRules: [{7810A3B0-B6B7-43F6-AD2E-95512B4C27D0}] => (Allow) C:\Users\roberta\AppData\Local\Temp\7zS5A53\HPDiagnosticCoreUI.exe
    FirewallRules: [{AE90421A-E2B3-4E24-BB5E-7BD6DB8995BB}] => (Allow) C:\Users\roberta\AppData\Local\Temp\7zS5A53\HPDiagnosticCoreUI.exe
    FirewallRules: [TCP Query User{DDB3745B-AD88-4E7C-9201-963C960AE3F2}C:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe] => (Allow) C:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe
    FirewallRules: [UDP Query User{D8C682A1-C57F-446E-BF05-3384154AD9D3}C:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe] => (Allow) C:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe
    FirewallRules: [{E8A67D17-B621-474B-9240-F62FC1229914}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{D524ABC7-E8EB-4CDF-8528-DE094B6296A7}] => (Allow) LPort=2869
    FirewallRules: [{6A157C54-A2C1-43AE-AD7B-A7421D760274}] => (Allow) LPort=1900
    FirewallRules: [{BDA1C5C3-CCAC-486F-B761-8C36772AD5A6}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
    FirewallRules: [{BA38E0C9-2DA5-478C-BF8B-60CB858207A0}] => (Allow) C:\Program Files (x86)\SmartView2\Smart View 2.0.exe
    FirewallRules: [{0210FE2D-24DA-4576-BB57-24E4041EB1C6}] => (Allow) C:\Program Files (x86)\SmartView2\Smart View 2.0.exe
    FirewallRules: [{0AA0CD6D-595E-4F0C-BC71-91C1DB7E9509}] => (Allow) C:\Program Files (x86)\SmartView2\Smart View 2.0.exe
    FirewallRules: [{818DB441-B6DB-4247-B8BD-C3E580C69288}] => (Allow) C:\Program Files (x86)\SmartView2\Smart View 2.0.exe
    FirewallRules: [{C30345FE-E676-4DB4-A45D-2D74D1A40D6C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{2A4D9707-8FEF-48B3-ADE5-6D6E24838E41}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{844737F4-A0DD-49E0-82A6-DE0D7069C5C6}] => (Allow) C:\Users\roberta\AppData\Local\Temp\7zS74F5\HPDiagnosticCoreUI.exe
    FirewallRules: [{3462BB93-8B29-4C8A-89AB-A3962B6C6EEE}] => (Allow) C:\Users\roberta\AppData\Local\Temp\7zS74F5\HPDiagnosticCoreUI.exe
    FirewallRules: [{D2110793-7E38-4255-B26A-C43DE98BA75F}] => (Allow) C:\Users\roberta\AppData\Local\Temp\7zS7EE8\HPDiagnosticCoreUI.exe
    FirewallRules: [{E31DABF5-0866-4813-9893-58A896714871}] => (Allow) C:\Users\roberta\AppData\Local\Temp\7zS7EE8\HPDiagnosticCoreUI.exe
    FirewallRules: [TCP Query User{6CDA0B39-AEDD-4914-ABED-BE1BE93A4A0A}C:\users\roberta\appdata\local\temp\7zs051b\enterprisedu.exe] => (Allow) C:\users\roberta\appdata\local\temp\7zs051b\enterprisedu.exe
    FirewallRules: [UDP Query User{CD79BFC1-0D73-479B-93ED-45554B4A7756}C:\users\roberta\appdata\local\temp\7zs051b\enterprisedu.exe] => (Allow) C:\users\roberta\appdata\local\temp\7zs051b\enterprisedu.exe
    FirewallRules: [{F8C39A79-FDC4-4D60-96F5-9B546144B91E}] => (Allow) C:\Users\roberta\AppData\Local\Temp\7zS0FA1\HPDiagnosticCoreUI.exe
    FirewallRules: [{61FBE461-FFA6-4BCA-A43D-BBD578E72BC3}] => (Allow) C:\Users\roberta\AppData\Local\Temp\7zS0FA1\HPDiagnosticCoreUI.exe
    FirewallRules: [{B4F4E405-A9A2-430A-BBC4-62EB4CC8C29E}] => (Allow) C:\Users\roberta\AppData\Local\Temp\7zS031F\hppiw.exe
    FirewallRules: [{4EB28CDC-8F45-4E97-9CB4-E0BA281C0F7D}] => (Allow) C:\Users\roberta\AppData\Local\Temp\7zS031F\hppiw.exe
    FirewallRules: [{062AFB40-31BB-422F-BC3A-4FB46FD1A6A1}] => (Allow) C:\Users\roberta\AppData\Local\Temp\7zS4BA1\HPDiagnosticCoreUI.exe
    FirewallRules: [{016BFBD2-BFF7-4F52-870B-B42C7B1BECAB}] => (Allow) C:\Users\roberta\AppData\Local\Temp\7zS4BA1\HPDiagnosticCoreUI.exe
    FirewallRules: [{8A9CF2D5-3023-4EC4-873F-6220124401D9}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\VideoEditor.exe
    FirewallRules: [{C6205CD0-492D-476C-BA35-8DF93BC0EFA9}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\VideoEditor.exe
    FirewallRules: [{AA79BEB8-C7DF-4B23-885B-9A1650B5F38C}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Updater.exe
    FirewallRules: [{40B91CAC-7E3F-4499-9600-6A4E00BF1380}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Updater.exe
    FirewallRules: [{F9C11085-7A36-422E-AC72-A4F6E0EC3A6D}] => (Allow) C:\Program Files (x86)\CrashPlan\CrashPlanService.exe

    ==================== Restore Points =========================

    10-04-2016 05:06:48 Windows Update
    13-04-2016 05:44:05 Windows Update
    13-04-2016 05:45:04 Windows Update
    17-04-2016 17:16:15 Windows Update
    26-04-2016 13:52:22 Scheduled Checkpoint

    ==================== Faulty Device Manager Devices =============

    Name: Officejet Pro 8600
    Description: Officejet Pro 8600
    Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
    Manufacturer: HP
    Service:
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: Officejet Pro 8600
    Description: Officejet Pro 8600
    Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
    Manufacturer: HP
    Service:
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (05/01/2016 11:55:18 AM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: BERT2)
    Description: HRESULT:0x8004FF6F
    Description:You don’t need to install Microsoft Security Essentials. Your version of Windows includes an updated version of Windows Defender that provides the same level of protection as Microsoft Security Essentials, along with other significant improvements. <a>For more information on the differences and improvements, see online Help</a>. Error code:0x8004FF6F.

    Error: (04/29/2016 11:49:08 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: svchost.exe, version: 10.0.10586.0, time stamp: 0x5632d7ba
    Faulting module name: ESENT.dll, version: 10.0.10586.212, time stamp: 0x56fa1686
    Exception code: 0xc0000602
    Fault offset: 0x000000000022885f
    Faulting process id: 0x3b8
    Faulting application start time: 0xsvchost.exe0
    Faulting application path: svchost.exe1
    Faulting module path: svchost.exe2
    Report Id: svchost.exe3
    Faulting package full name: svchost.exe4
    Faulting package-relative application ID: svchost.exe5

    Error: (04/29/2016 11:49:07 AM) (Source: ESENT) (EventID: 908) (User: )
    Description: svchost (952) Terminating process due to non-recoverable failure: PV: 10.0.10586.0 SV: 10.0.10586.0 GLE: 0 ERR: -1054(tm.cxx:1630): dllentry.cxx(103) (ESENT[10.0.10586.0] RETAIL RTM MBCS)

    Error: (04/27/2016 02:26:35 PM) (Source: Perflib) (EventID: 1008) (User: )
    Description: BITSC:\Windows\System32\bitsperf.dll8

    Error: (04/20/2016 09:04:42 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: SoftwareUpdate.exe, version: 5.27.4.0, time stamp: 0x5599d674
    Faulting module name: mfc90u.dll, version: 9.0.30729.6161, time stamp: 0x4dad06e1
    Exception code: 0xc0000005
    Fault offset: 0x00053544
    Faulting process id: 0xbd8
    Faulting application start time: 0xSoftwareUpdate.exe0
    Faulting application path: SoftwareUpdate.exe1
    Faulting module path: SoftwareUpdate.exe2
    Report Id: SoftwareUpdate.exe3
    Faulting package full name: SoftwareUpdate.exe4
    Faulting package-relative application ID: SoftwareUpdate.exe5

    Error: (04/20/2016 09:04:41 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: SoftwareUpdate.exe, version: 5.27.4.0, time stamp: 0x5599d674
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc00001a5
    Fault offset: 0x70747468
    Faulting process id: 0xbd8
    Faulting application start time: 0xSoftwareUpdate.exe0
    Faulting application path: SoftwareUpdate.exe1
    Faulting module path: SoftwareUpdate.exe2
    Report Id: SoftwareUpdate.exe3
    Faulting package full name: SoftwareUpdate.exe4
    Faulting package-relative application ID: SoftwareUpdate.exe5

    Error: (04/20/2016 09:04:40 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: SoftwareUpdate.exe, version: 5.27.4.0, time stamp: 0x5599d674
    Faulting module name: mfc90u.dll, version: 9.0.30729.6161, time stamp: 0x4dad06e1
    Exception code: 0xc0000409
    Fault offset: 0x00053544
    Faulting process id: 0xbd8
    Faulting application start time: 0xSoftwareUpdate.exe0
    Faulting application path: SoftwareUpdate.exe1
    Faulting module path: SoftwareUpdate.exe2
    Report Id: SoftwareUpdate.exe3
    Faulting package full name: SoftwareUpdate.exe4
    Faulting package-relative application ID: SoftwareUpdate.exe5

    Error: (04/20/2016 06:20:57 AM) (Source: Perflib) (EventID: 1008) (User: )
    Description: BITSC:\Windows\System32\bitsperf.dll8

    Error: (04/19/2016 08:22:45 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program Integrator.exe version 5.32.0.52 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

    Process ID: 1384

    Start Time: 01d19a4f0b35dd3c

    Termination Time: 20

    Application Path: C:\Program Files (x86)\Glary Utilities 5\Integrator.exe

    Report Id: 80464447-0642-11e6-bfff-e0db55d256a6

    Faulting package full name:

    Faulting package-relative application ID:

    Error: (04/13/2016 05:49:34 AM) (Source: Perflib) (EventID: 1008) (User: )
    Description: BITSC:\Windows\System32\bitsperf.dll8


    System errors:
    =============
    Error: (05/01/2016 10:24:08 AM) (Source: DCOM) (EventID: 10010) (User: BERT2)
    Description: {DABF28BE-F6B4-4E40-8F40-C4FB26F3116C}

    Error: (05/01/2016 07:39:24 AM) (Source: DCOM) (EventID: 10010) (User: BERT2)
    Description: {DABF28BE-F6B4-4E40-8F40-C4FB26F3116C}

    Error: (05/01/2016 07:37:49 AM) (Source: DCOM) (EventID: 10010) (User: BERT2)
    Description: {DABF28BE-F6B4-4E40-8F40-C4FB26F3116C}

    Error: (05/01/2016 07:35:36 AM) (Source: DCOM) (EventID: 10010) (User: BERT2)
    Description: {DABF28BE-F6B4-4E40-8F40-C4FB26F3116C}

    Error: (05/01/2016 07:34:33 AM) (Source: DCOM) (EventID: 10010) (User: BERT2)
    Description: {DABF28BE-F6B4-4E40-8F40-C4FB26F3116C}

    Error: (05/01/2016 07:33:40 AM) (Source: DCOM) (EventID: 10010) (User: BERT2)
    Description: {DABF28BE-F6B4-4E40-8F40-C4FB26F3116C}

    Error: (05/01/2016 07:33:10 AM) (Source: DCOM) (EventID: 10010) (User: BERT2)
    Description: {DABF28BE-F6B4-4E40-8F40-C4FB26F3116C}

    Error: (05/01/2016 07:32:19 AM) (Source: DCOM) (EventID: 10010) (User: BERT2)
    Description: {DABF28BE-F6B4-4E40-8F40-C4FB26F3116C}

    Error: (05/01/2016 07:31:49 AM) (Source: DCOM) (EventID: 10010) (User: BERT2)
    Description: {DABF28BE-F6B4-4E40-8F40-C4FB26F3116C}

    Error: (05/01/2016 07:30:30 AM) (Source: DCOM) (EventID: 10010) (User: BERT2)
    Description: {DABF28BE-F6B4-4E40-8F40-C4FB26F3116C}


    CodeIntegrity:
    ===================================
    Date: 2016-04-29 12:52:38.421
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-04-15 04:26:28.146
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-04-14 14:16:21.589
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-04-13 22:05:09.739
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-04-07 15:17:51.649
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-04-04 10:00:27.310
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-04-04 10:00:27.300
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-04-04 10:00:25.993
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-04-04 10:00:25.983
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-04-04 10:00:06.367
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7-3632QM CPU @ 2.20GHz
    Percentage of memory in use: 36%
    Total physical RAM: 8061.27 MB
    Available physical RAM: 5141.93 MB
    Total Virtual: 9341.27 MB
    Available Virtual: 6240.34 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:917.67 GB) (Free:649.68 GB) NTFS
    Drive f: (My Passport) (Fixed) (Total:931.48 GB) (Free:732 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: 1F9D71C0)

    Partition: GPT.

    ========================================================
    Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 8534C8F5)
    Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================
     
  4. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =================================

    [​IMG] Please don't create multiple topics.

    [​IMG] What are your computer issues?

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2
    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
    [​IMG] Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
    NOTE. If you already have MBAM 2.0 installed scroll down.
    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    If you already have MBAM 2.0 installed:
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    How to get logs:
    (Export log to save as txt)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • Attach that saved log to your next reply.
    (Copy to clipboard for pasting into forum replies or tickets)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.
    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
  5. rbruculere

    rbruculere TS Rookie Topic Starter Posts: 22

    Thanks for your response.
    [​IMG] Please don't create multiple topics. I won't now that I know what the procedures are.

    [​IMG] What are your computer issues? My PC has randomly been doing odd things and task manager keeps showing up with items I've never used. It started when I downloaded the Dell fix for Win 10 when I was setting up my husbands computer. I received a virus alert from my cable company and thought I had resolved it.

    I'll run through the steps you have provided.
     
  6. rbruculere

    rbruculere TS Rookie Topic Starter Posts: 22

    RogueKiller V12.1.5.0 [May 2 2016] (Free) by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/software/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 10 (10.0.10586) 64 bits version
    Started in : Normal mode
    User : roberta [Administrator]
    Started from : C:\Users\roberta\Desktop\RogueKiller.exe
    Mode : Delete -- Date : 05/02/2016 11:59:53

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 10 ¤¤¤
    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\SlimWare Utilities Inc -> Not selected
    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\Uniblue -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-217919241-653189731-3087365520-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : :0 -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-217919241-653189731-3087365520-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : :0 -> Not selected
    [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-217919241-653189731-3087365520-1001\Software\Microsoft\Internet Explorer\Main | Start Page : https://pogo.com/ -> Not selected
    [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-217919241-653189731-3087365520-1001\Software\Microsoft\Internet Explorer\Main | Start Page : https://pogo.com/ -> Not selected
    [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-217919241-653189731-3087365520-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 -> Not selected
    [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-217919241-653189731-3087365520-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 -> Not selected
    [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-217919241-653189731-3087365520-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Not selected
    [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-217919241-653189731-3087365520-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Not selected

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 3 ¤¤¤
    [Hj.Name][File] C:\$Recycle.Bin\S-1-5-21-217919241-653189731-3087365520-1001\$RIESKXB\Chameleon\Windows\rundll32.exe -> Deleted
    [Hj.Name][File] C:\$Recycle.Bin\S-1-5-21-217919241-653189731-3087365520-1001\$RIESKXB\Chameleon\Windows\svchost.exe -> Deleted
    [Hj.Name][File] C:\$Recycle.Bin\S-1-5-21-217919241-653189731-3087365520-1001\$RIESKXB\Chameleon\Windows\winlogon.exe -> Deleted

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: WDC WD10JPVT-75A1YT0 +++++
    --- User ---
    [MBR] 7fc4b054c539ea791aa77a0c0624e1f6
    [BSP] 12f41d810b0256aa5111dbb38f0ef39d : Empty|VT.Unknown MBR Code
    Partition table:
    0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 500 MB
    1 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1026048 | Size: 40 MB
    2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1107968 | Size: 128 MB
    3 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1370112 | Size: 500 MB
    4 - Basic data partition | Offset (sectors): 2394112 | Size: 939695 MB
    5 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 1926889472 | Size: 450 MB
    6 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 1927811072 | Size: 350 MB
    7 - [SYSTEM][MAN-MOUNT] Microsoft recovery partition | Offset (sectors): 1928527872 | Size: 12204 MB
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive1: WD My Passport 0820 USB Device +++++
    --- User ---
    [MBR] 0d877a09567561e9f028d1060cf5d2a8
    [BSP] 9c216b68ac42a039c862826fbb5ecfb0 : Windows XP|VT.Unknown MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953836 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    Error reading LL2 MBR! ([32] The request is not supported. )

    +++++ PhysicalDrive2: HP Officejet Pro 86 USB Device +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )
     
  7. rbruculere

    rbruculere TS Rookie Topic Starter Posts: 22

    I ran a 2nd time

    RogueKiller V12.1.5.0 [May 2 2016] (Free) by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/software/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 10 (10.0.10586) 64 bits version
    Started in : Normal mode
    User : roberta [Administrator]
    Started from : C:\Users\roberta\Desktop\RogueKiller.exe
    Mode : Delete -- Date : 05/02/2016 12:38:01

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 10 ¤¤¤
    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\SlimWare Utilities Inc -> Deleted
    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\Uniblue -> Deleted
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-217919241-653189731-3087365520-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : :0 -> Deleted
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-217919241-653189731-3087365520-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : :0 -> ERROR [2]
    [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-217919241-653189731-3087365520-1001\Software\Microsoft\Internet Explorer\Main | Start Page : https://pogo.com/ -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
    [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-217919241-653189731-3087365520-1001\Software\Microsoft\Internet Explorer\Main | Start Page : https://pogo.com/ -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
    [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-217919241-653189731-3087365520-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 -> Replaced (http://go.microsoft.com/fwlink/?LinkId=54896)
    [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-217919241-653189731-3087365520-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 -> Replaced (http://go.microsoft.com/fwlink/?LinkId=54896)
    [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-217919241-653189731-3087365520-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Replaced (1)
    [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-217919241-653189731-3087365520-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Replaced (1)

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: WDC WD10JPVT-75A1YT0 +++++
    --- User ---
    [MBR] 7fc4b054c539ea791aa77a0c0624e1f6
    [BSP] 12f41d810b0256aa5111dbb38f0ef39d : Empty|VT.Unknown MBR Code
    Partition table:
    0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 500 MB
    1 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1026048 | Size: 40 MB
    2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1107968 | Size: 128 MB
    3 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1370112 | Size: 500 MB
    4 - Basic data partition | Offset (sectors): 2394112 | Size: 939695 MB
    5 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 1926889472 | Size: 450 MB
    6 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 1927811072 | Size: 350 MB
    7 - [SYSTEM][MAN-MOUNT] Microsoft recovery partition | Offset (sectors): 1928527872 | Size: 12204 MB
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive1: WD My Passport 0820 USB Device +++++
    --- User ---
    [MBR] 0d877a09567561e9f028d1060cf5d2a8
    [BSP] 9c216b68ac42a039c862826fbb5ecfb0 : Windows XP|VT.Unknown MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953836 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    Error reading LL2 MBR! ([32] The request is not supported. )

    +++++ PhysicalDrive2: HP Officejet Pro 86 USB Device +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )
     
  8. rbruculere

    rbruculere TS Rookie Topic Starter Posts: 22

    Next Step

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 5/2/2016
    Scan Time: 12:49 PM
    Logfile: MBAB scan log after restart 5 02 2016.txt
    Administrator: Yes

    Version: 2.2.1.1043
    Malware Database: v2016.05.02.04
    Rootkit Database: v2016.04.17.01
    License: Premium
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 10
    CPU: x64
    File System: NTFS
    User: roberta

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 442385
    Time Elapsed: 30 min, 38 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 1
    PUP.Optional.DriverUpdate, C:\Users\roberta\Downloads\DriverUpdate-setup.exe, Quarantined, [a27a5a774158fc3a1a5a272d32ce40c0],

    Physical Sectors: 0
    (No malicious items detected)


    (end)
     
  9. rbruculere

    rbruculere TS Rookie Topic Starter Posts: 22

    # AdwCleaner v5.115 - Logfile created 02/05/2016 at 13:50:34
    # Updated 01/05/2016 by Xplode
    # Database : 2016-05-01.2 [Server]
    # Operating system : Windows 10 Home (X64)
    # Username : roberta - BERT2
    # Running from : C:\Users\roberta\Downloads\adwcleaner_5.115.exe
    # Option : Clean
    # Support : http://toolslib.net/forum

    ***** [ Services ] *****


    ***** [ Folders ] *****

    [-] Folder Deleted : C:\ProgramData\Ask
    [-] Folder Deleted : C:\ProgramData\Innovative Solutions
    [#] Folder Deleted : C:\ProgramData\Application Data\Ask
    [#] Folder Deleted : C:\ProgramData\Application Data\Innovative Solutions
    [-] Folder Deleted : C:\Program Files (x86)\Innovative Solutions
    [-] Folder Deleted : C:\Program Files (x86)\myfree codec
    [-] Folder Deleted : C:\Program Files (x86)\Common Files\Innovative Solutions
    [-] Folder Deleted : C:\Users\roberta\AppData\Local\Innovative Solutions
    [-] Folder Deleted : C:\Users\roberta\AppData\Local\PackageAware

    ***** [ Files ] *****

    [-] File Deleted : C:\END

    ***** [ DLLs ] *****


    ***** [ WMI ] *****


    ***** [ Shortcuts ] *****


    ***** [ Scheduled tasks ] *****


    ***** [ Registry ] *****


    ***** [ Web browsers ] *****


    *************************

    :: "Tracing" keys deleted
    :: Winsock settings cleared

    *************************

    C:\AdwCleaner\AdwCleaner[C1].txt - [1317 bytes] - [02/05/2016 13:50:34]
    C:\AdwCleaner\AdwCleaner[S1].txt - [1320 bytes] - [02/05/2016 13:49:02]

    ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1463 bytes] ##########
     
  10. rbruculere

    rbruculere TS Rookie Topic Starter Posts: 22

    Last One

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.0.6 (04.25.2016)
    Operating System: Windows 10 Home x64
    Ran by roberta (Administrator) on Mon 05/02/2016 at 14:02:24.18
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    File System: 3

    Successfully deleted: C:\WINDOWS\wininit.ini (File)
    Successfully deleted: C:\WINDOWS\prefetch\DRIVERUPDATE-SETUP.EXE-EF03D0DF.pf (File)
    Successfully deleted: C:\WINDOWS\SysWOW64\REN5AC4.tmp (File)



    Registry: 2

    Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BC14135C-D68E-42EF-B268-8219E40D5C00} (Registry Key)
    Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{DB986CAF-1ABD-437B-A09F-C2B7C4E9D4D5} (Registry Key)




    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Mon 05/02/2016 at 14:04:21.11
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  11. rbruculere

    rbruculere TS Rookie Topic Starter Posts: 22

    Hi Broni
    I believe I am finished with instructions, please let me know if there's anything else that needs to be done.
     
  12. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

    • Double click to run it.
    • Make sure you checkmark Addition.txt box.
    • Press Scan button.
    • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
     
  13. rbruculere

    rbruculere TS Rookie Topic Starter Posts: 22

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-05-2016
    Ran by roberta (administrator) on BERT2 (04-05-2016 09:56:19)
    Running from C:\Users\roberta\Desktop
    Loaded Profiles: roberta (Available Profiles: roberta & Administrator)
    Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (Code 42 Software) C:\Program Files (x86)\CrashPlan\CrashPlanService.exe
    () C:\Windows\SysWOW64\PSIService.exe
    (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
    (Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\CxUtilSvc.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Intel Corporation) C:\Windows\System32\igfxEM.exe
    (Intel Corporation) C:\Windows\System32\igfxHK.exe
    (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM-x32\...\Run: [] => [X]
    Winlogon\Notify\igfxcui: igfxdev.dll [X]
    HKU\S-1-5-21-217919241-653189731-3087365520-1001\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2015-09-06] (Glarysoft Ltd)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
    Startup: C:\Users\roberta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2015-12-13] ()
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{68140839-f5c5-47f8-a4de-51b7b83a6646}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{98ee28be-2e50-4a5e-a30c-4ae15ce48e8c}: [DhcpNameServer] 192.168.1.1

    Internet Explorer:
    ==================
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-217919241-653189731-3087365520-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-217919241-653189731-3087365520-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?pc=AV01
    SearchScopes: HKLM-x32 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
    SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
    SearchScopes: HKU\S-1-5-21-217919241-653189731-3087365520-1001 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
    SearchScopes: HKU\S-1-5-21-217919241-653189731-3087365520-1001 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-30] (Oracle Corporation)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-30] (Oracle Corporation)
    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
    Toolbar: HKU\S-1-5-21-217919241-653189731-3087365520-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
    Toolbar: HKU\S-1-5-21-217919241-653189731-3087365520-1001 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - No File

    FireFox:
    ========
    FF ProfilePath: C:\Users\roberta\AppData\Roaming\Mozilla\Firefox\Profiles\1mofzxkm.default-1401985839117
    FF DefaultSearchEngine: Bing
    FF DefaultSearchEngine.US: Bing
    FF SelectedSearchEngine: Bing
    FF Homepage: hxxp://www.my.yahoo.com/
    FF NetworkProxy: "type", 0
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-15] ()
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-15] ()
    FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-08-12] (Google, Inc.)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-12] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-12] (Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-30] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-30] (Oracle Corporation)
    FF Plugin-x32: @mcafee.com/MVT -> C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll [No File]
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
    FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2013-05-10] (Adobe Systems Inc.)
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2013-11-06]
    FF Extension: Saved Password Editor - C:\Users\roberta\AppData\Roaming\Mozilla\Firefox\Profiles\1mofzxkm.default-1401985839117\extensions\savedpasswordeditor@daniel.dawson.xpi [2016-01-28]
    FF Extension: Print Edit - C:\Users\roberta\AppData\Roaming\Mozilla\Firefox\Profiles\1mofzxkm.default-1401985839117\extensions\printedit@DW-dev.xpi [2016-04-01]
    FF Extension: Print/Print Preview - C:\Users\roberta\AppData\Roaming\Mozilla\Firefox\Profiles\1mofzxkm.default-1401985839117\extensions\{19EB90DC-A456-458b-8AAC-616D91AAFCE1}.xpi [2016-04-30]
    FF Extension: NoScript Suite Lite - C:\Users\roberta\AppData\Roaming\Mozilla\Firefox\Profiles\1mofzxkm.default-1401985839117\Extensions\jid1-k8qH8wJfc2KaUi@jetpack.xpi [2016-02-10]
    FF Extension: Toolbar Buttons - C:\Users\roberta\AppData\Roaming\Mozilla\Firefox\Profiles\1mofzxkm.default-1401985839117\Extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}.xpi [2016-04-30]
    FF Extension: FireShot - C:\Users\roberta\AppData\Roaming\Mozilla\Firefox\Profiles\1mofzxkm.default-1401985839117\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2016-04-30]
    FF Extension: Adblock Plus - C:\Users\roberta\AppData\Roaming\Mozilla\Firefox\Profiles\1mofzxkm.default-1401985839117\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-30]
    FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
    FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-08-29] [not signed]
    FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt => not found

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 CrashPlanService; C:\Program Files (x86)\CrashPlan\CrashPlanService.exe [266112 2016-04-14] (Code 42 Software)
    R2 CxUtilSvc; C:\Program Files\Conexant\SA3\CxUtilSvc.exe [109184 2012-08-06] (Conexant Systems, Inc.)
    S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2013-08-22] (Microsoft Corporation) [File not signed]
    R2 HPSLPSVC; C:\Users\roberta\AppData\Local\Temp\7zS031F\hpslpsvc64.dll [1039360 2015-09-21] (Hewlett-Packard Co.) [File not signed]
    S3 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-04-27] (Hewlett-Packard Company)
    R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
    R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-12-13] (Intel Corporation)
    R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
    S3 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-12] (Intel Corporation)
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
    S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
    S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
    R2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [177704 2007-06-05] ()
    S3 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-03-26] (CyberLink)
    S4 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1915920 2014-04-04] (SoftThinks SAS)
    S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
    R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
    S3 InnovativeSolutions_monitor; C:\Program Files (x86)\Common Files\Innovative Solutions\Advanced Uninstaller\InnovativeSolutions_monitor_Svr.exe [X]

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-08-29] (CyberLink)
    S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2012-08-04] (OSR Open Systems Resources, Inc.)
    R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2015-07-10] (Glarysoft Ltd)
    R4 GUSBootStartup; C:\Windows\System32\drivers\GUSBootStartup.sys [20160 2015-07-10] (Glarysoft Ltd)
    S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [140672 2016-03-10] (Malwarebytes)
    R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
    R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-05-04] (Malwarebytes)
    S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
    R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-12] (Intel Corporation)
    R3 NETwNe64; C:\Windows\System32\drivers\NETwew01.sys [3343872 2015-10-30] (Intel Corporation)
    S3 NMgamingmsFltr; C:\Windows\system32\drivers\NMgamingms.sys [11648 2014-02-27] (LXD Development, Inc.) [File not signed]
    R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek )
    R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402960 2015-05-14] (Realsil Semiconductor Corporation)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-05-02] ()
    S3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [48096 2012-08-09] (Windows (R) Win 7 DDK provider)
    S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
    R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
    R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
    R3 WirelessKeyboardFilter; C:\Windows\System32\drivers\WirelessKeyboardFilter.sys [49384 2016-03-29] (Microsoft Corporation)
    S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-09] (Windows (R) Win 7 DDK provider)
    S3 DIRECTIO; \??\C:\Program Files\PerformanceTest\DirectIo64.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
  14. rbruculere

    rbruculere TS Rookie Topic Starter Posts: 22

    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-05-04 09:56 - 2016-05-04 09:56 - 00015252 _____ C:\Users\roberta\Desktop\FRST.txt
    2016-05-04 09:52 - 2016-05-04 09:55 - 02377216 _____ (Farbar) C:\Users\roberta\Desktop\FRST64.exe
    2016-05-03 13:08 - 2016-05-03 13:08 - 00001339 _____ C:\Users\roberta\Desktop\Revo Uninstaller.lnk
    2016-05-03 13:08 - 2016-05-03 13:08 - 00000000 ____D C:\Users\roberta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
    2016-05-03 13:07 - 2016-05-03 13:08 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\roberta\Downloads\revosetup.exe
    2016-05-03 13:06 - 2016-05-03 13:06 - 11199448 _____ (VS Revo Group ) C:\Users\roberta\Downloads\RevoUninProSetup(1).exe
    2016-05-03 12:59 - 2016-05-03 12:59 - 00001124 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
    2016-05-03 12:59 - 2016-05-03 12:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
    2016-05-03 12:58 - 2016-05-03 12:58 - 11199448 _____ (VS Revo Group ) C:\Users\roberta\Downloads\RevoUninProSetup.exe
    2016-05-03 12:58 - 2016-05-03 12:58 - 00000000 ____D C:\Program Files\VS Revo Group
    2016-05-03 12:58 - 2009-12-30 10:21 - 00031800 _____ (VS Revo Group) C:\WINDOWS\system32\Drivers\revoflt.sys
    2016-05-02 13:48 - 2016-05-02 13:50 - 00000000 ____D C:\AdwCleaner
    2016-05-02 13:47 - 2016-05-02 13:48 - 03615296 _____ C:\Users\roberta\Downloads\adwcleaner_5.115.exe
    2016-05-02 12:47 - 2016-05-02 12:47 - 22851472 _____ (Malwarebytes ) C:\Users\roberta\Downloads\mbam-setup-2.2.1.1043.exe
    2016-05-02 11:31 - 2016-05-02 12:11 - 00024688 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
    2016-05-02 11:26 - 2016-05-02 11:30 - 00000000 ____D C:\ProgramData\RogueKiller
    2016-05-01 12:01 - 2016-05-04 09:56 - 00000000 ____D C:\FRST
    2016-05-01 11:55 - 2016-05-01 11:55 - 00002259 _____ C:\WINDOWS\epplauncher.mif
    2016-05-01 11:54 - 2016-05-01 11:54 - 14243008 _____ (Microsoft Corporation) C:\Users\roberta\Downloads\mseinstall64.exe
    2016-04-30 05:02 - 2016-04-30 05:03 - 00738368 _____ (Oracle Corporation) C:\Users\roberta\Downloads\JavaSetup8u91.exe
    2016-04-28 09:36 - 2016-04-28 09:36 - 00239372 _____ C:\Users\roberta\Downloads\ATT_158330773_20160415.pdf
    2016-04-19 08:23 - 2016-04-19 08:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrashPlan
    2016-04-13 04:17 - 2016-04-01 20:26 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
    2016-04-13 04:17 - 2016-04-01 20:19 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
    2016-04-13 04:17 - 2016-04-01 20:18 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
    2016-04-13 04:17 - 2016-04-01 20:15 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
    2016-04-13 04:17 - 2016-04-01 20:14 - 03994624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
    2016-04-13 04:17 - 2016-04-01 20:09 - 01832448 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
    2016-04-13 04:17 - 2016-04-01 20:07 - 03575296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
    2016-04-13 04:17 - 2016-04-01 20:07 - 02158592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
    2016-04-13 04:17 - 2016-04-01 20:00 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
    2016-04-13 04:17 - 2016-03-29 03:22 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
    2016-04-13 04:17 - 2016-03-29 03:22 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
    2016-04-13 04:17 - 2016-03-29 03:20 - 07474016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2016-04-13 04:17 - 2016-03-29 03:20 - 02656952 _____ C:\WINDOWS\system32\CoreUIComponents.dll
    2016-04-13 04:17 - 2016-03-29 03:20 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
    2016-04-13 04:17 - 2016-03-29 03:20 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
    2016-04-13 04:17 - 2016-03-29 03:18 - 02152280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
    2016-04-13 04:17 - 2016-03-29 03:02 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
    2016-04-13 04:17 - 2016-03-29 02:56 - 01297752 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
    2016-04-13 04:17 - 2016-03-29 02:37 - 01862008 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
    2016-04-13 04:17 - 2016-03-29 02:28 - 00696664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
    2016-04-13 04:17 - 2016-03-29 02:13 - 00986976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
    2016-04-13 04:17 - 2016-03-29 02:11 - 00605440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
    2016-04-13 04:17 - 2016-03-29 01:44 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
    2016-04-13 04:17 - 2016-03-29 01:41 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
    2016-04-13 04:17 - 2016-03-29 01:06 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
    2016-04-13 04:17 - 2016-03-29 01:02 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
    2016-04-13 04:17 - 2016-03-29 01:01 - 00541304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
    2016-04-13 04:17 - 2016-03-29 00:58 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
    2016-04-13 04:17 - 2016-03-29 00:58 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
    2016-04-13 04:17 - 2016-03-29 00:46 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
    2016-04-13 04:17 - 2016-03-29 00:46 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
    2016-04-13 04:17 - 2016-03-29 00:36 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
    2016-04-13 04:17 - 2016-03-29 00:34 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
    2016-04-13 04:17 - 2016-03-29 00:20 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
    2016-04-13 04:17 - 2016-03-29 00:19 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
    2016-04-13 04:17 - 2016-03-29 00:16 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
    2016-04-13 04:17 - 2016-03-29 00:15 - 01714688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
    2016-04-13 04:17 - 2016-03-29 00:15 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
    2016-04-13 04:17 - 2016-03-29 00:14 - 00965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
    2016-04-13 04:17 - 2016-03-29 00:14 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
    2016-04-13 04:17 - 2016-03-29 00:13 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
    2016-04-13 04:17 - 2016-03-29 00:12 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
    2016-04-13 04:17 - 2016-03-29 00:12 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
    2016-04-13 04:17 - 2016-03-29 00:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
    2016-04-13 04:17 - 2016-03-29 00:10 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
    2016-04-13 04:17 - 2016-03-29 00:10 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
    2016-04-13 04:17 - 2016-03-29 00:07 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
    2016-04-13 04:17 - 2016-03-29 00:06 - 01575936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
    2016-04-13 04:17 - 2016-03-29 00:05 - 01395712 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
    2016-04-13 04:17 - 2016-03-29 00:02 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
    2016-04-13 04:17 - 2016-03-29 00:02 - 01211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
    2016-04-13 04:17 - 2016-03-29 00:02 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
    2016-04-13 04:17 - 2016-03-29 00:00 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
    2016-04-13 04:17 - 2016-03-28 23:59 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
    2016-04-13 04:17 - 2016-03-28 23:56 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
    2016-04-13 04:17 - 2016-03-28 23:42 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2016-04-13 04:17 - 2016-03-28 23:37 - 01444352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
    2016-04-13 04:17 - 2016-03-28 23:37 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
    2016-04-13 04:17 - 2016-03-28 23:37 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
    2016-04-13 04:17 - 2016-03-28 23:36 - 00649728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
    2016-04-13 04:17 - 2016-03-28 23:35 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
    2016-04-13 04:17 - 2016-03-28 23:34 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
    2016-04-13 04:17 - 2016-03-28 23:32 - 01731584 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2016-04-13 04:17 - 2016-03-28 23:32 - 01098240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
    2016-04-13 04:17 - 2016-03-28 23:31 - 02275328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2016-04-13 04:17 - 2016-03-28 23:31 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
    2016-04-13 04:17 - 2016-03-28 23:30 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
    2016-04-13 04:17 - 2016-03-28 23:28 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
    2016-04-13 04:17 - 2016-03-28 23:27 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
    2016-04-13 04:17 - 2016-03-28 23:26 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2016-04-13 04:17 - 2016-03-28 23:19 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
    2016-04-13 04:17 - 2016-03-28 23:05 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
    2016-04-13 04:17 - 2016-03-28 23:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
    2016-04-13 04:17 - 2016-03-28 23:05 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2016-04-13 04:17 - 2016-03-28 23:05 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2016-04-13 04:17 - 2016-03-28 23:02 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2016-04-13 04:17 - 2016-03-28 23:01 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
    2016-04-13 04:17 - 2016-03-28 22:58 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
    2016-04-13 04:17 - 2016-03-28 22:56 - 16985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
    2016-04-13 04:17 - 2016-03-28 22:52 - 11545600 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
    2016-04-13 04:17 - 2016-03-28 22:51 - 22378496 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2016-04-13 04:17 - 2016-03-28 22:51 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
    2016-04-13 04:17 - 2016-03-28 22:49 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
    2016-04-13 04:17 - 2016-03-28 22:45 - 03078144 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
    2016-04-13 04:17 - 2016-03-28 22:43 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
    2016-04-13 04:17 - 2016-03-28 22:41 - 24602112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2016-04-13 04:17 - 2016-03-28 22:41 - 12125184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2016-04-13 04:17 - 2016-03-28 22:39 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2016-04-13 04:17 - 2016-03-28 22:38 - 18673664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2016-04-13 04:17 - 2016-03-28 22:38 - 02798080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
    2016-04-13 04:17 - 2016-03-28 22:37 - 19340800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2016-04-13 04:17 - 2016-03-28 22:36 - 02722816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
    2016-04-13 04:17 - 2016-03-28 22:27 - 07836160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2016-04-13 04:17 - 2016-03-28 22:27 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2016-04-13 04:17 - 2016-03-28 22:26 - 00958976 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
    2016-04-13 04:16 - 2016-04-01 21:13 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
    2016-04-13 04:16 - 2016-04-01 21:10 - 00770640 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll
    2016-04-13 04:16 - 2016-04-01 21:10 - 00730344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
    2016-04-13 04:16 - 2016-04-01 21:10 - 00374008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
    2016-04-13 04:16 - 2016-04-01 20:30 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
    2016-04-13 04:16 - 2016-04-01 20:29 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
    2016-04-13 04:16 - 2016-04-01 20:29 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
    2016-04-13 04:16 - 2016-04-01 20:25 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
    2016-04-13 04:16 - 2016-04-01 20:25 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NotificationObjFactory.dll
    2016-04-13 04:16 - 2016-04-01 20:23 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
    2016-04-13 04:16 - 2016-04-01 20:23 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
    2016-04-13 04:16 - 2016-04-01 20:21 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
    2016-04-13 04:16 - 2016-04-01 20:08 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
    2016-04-13 04:16 - 2016-04-01 20:03 - 04774912 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
    2016-04-13 04:16 - 2016-03-29 03:23 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
    2016-04-13 04:16 - 2016-03-29 03:15 - 00100232 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
    2016-04-13 04:16 - 2016-03-29 03:11 - 00686976 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
    2016-04-13 04:16 - 2016-03-29 03:05 - 01152864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
    2016-04-13 04:16 - 2016-03-29 03:02 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
    2016-04-13 04:16 - 2016-03-29 02:28 - 00535080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
    2016-04-13 04:16 - 2016-03-29 02:28 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
    2016-04-13 04:16 - 2016-03-29 02:25 - 00258912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys
    2016-04-13 04:16 - 2016-03-29 02:25 - 00058400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
    2016-04-13 04:16 - 2016-03-29 02:19 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
    2016-04-13 04:16 - 2016-03-29 02:18 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
    2016-04-13 04:16 - 2016-03-29 02:17 - 00300104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
    2016-04-13 04:16 - 2016-03-29 02:11 - 00074424 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
    2016-04-13 04:16 - 2016-03-29 02:10 - 00110584 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvcli.dll
    2016-04-13 04:16 - 2016-03-29 02:09 - 00078040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkscli.dll
    2016-04-13 04:16 - 2016-03-29 02:08 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
    2016-04-13 04:16 - 2016-03-29 02:08 - 00261376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
    2016-04-13 04:16 - 2016-03-29 02:07 - 00081144 _____ (Microsoft Corporation) C:\WINDOWS\system32\netapi32.dll
    2016-04-13 04:16 - 2016-03-29 01:44 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
    2016-04-13 04:16 - 2016-03-29 01:41 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
    2016-04-13 04:16 - 2016-03-29 01:32 - 00253088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
    2016-04-13 04:16 - 2016-03-29 01:26 - 02403680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
    2016-04-13 04:16 - 2016-03-29 01:26 - 01089888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
    2016-04-13 04:16 - 2016-03-29 01:26 - 00073872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srvcli.dll
    2016-04-13 04:16 - 2016-03-29 01:25 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wkscli.dll
    2016-04-13 04:16 - 2016-03-29 01:24 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
    2016-04-13 04:16 - 2016-03-29 01:23 - 00069744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netapi32.dll
    2016-04-13 04:16 - 2016-03-29 01:21 - 00378208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
    2016-04-13 04:16 - 2016-03-29 01:17 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
    2016-04-13 04:16 - 2016-03-29 01:16 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
    2016-04-13 04:16 - 2016-03-29 01:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
    2016-04-13 04:16 - 2016-03-29 01:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
    2016-04-13 04:16 - 2016-03-29 01:07 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
    2016-04-13 04:16 - 2016-03-29 01:07 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
    2016-04-13 04:16 - 2016-03-29 01:07 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsdchngr.dll
    2016-04-13 04:16 - 2016-03-29 01:06 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacchooks.dll
    2016-04-13 04:16 - 2016-03-29 01:00 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
    2016-04-13 04:16 - 2016-03-29 01:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveskybackup.dll
    2016-04-13 04:16 - 2016-03-29 01:00 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
    2016-04-13 04:16 - 2016-03-29 00:59 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
    2016-04-13 04:16 - 2016-03-29 00:57 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
    2016-04-13 04:16 - 2016-03-29 00:57 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
    2016-04-13 04:16 - 2016-03-29 00:57 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
    2016-04-13 04:16 - 2016-03-29 00:57 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\browcli.dll
    2016-04-13 04:16 - 2016-03-29 00:55 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
    2016-04-13 04:16 - 2016-03-29 00:55 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serial.sys
    2016-04-13 04:16 - 2016-03-29 00:55 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
    2016-04-13 04:16 - 2016-03-29 00:54 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
    2016-04-13 04:16 - 2016-03-29 00:53 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll
    2016-04-13 04:16 - 2016-03-29 00:52 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
    2016-04-13 04:16 - 2016-03-29 00:51 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
    2016-04-13 04:16 - 2016-03-29 00:51 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
    2016-04-13 04:16 - 2016-03-29 00:50 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfgLib.dll
    2016-04-13 04:16 - 2016-03-29 00:50 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
    2016-04-13 04:16 - 2016-03-29 00:50 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
    2016-04-13 04:16 - 2016-03-29 00:50 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
    2016-04-13 04:16 - 2016-03-29 00:50 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
    2016-04-13 04:16 - 2016-03-29 00:49 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
    2016-04-13 04:16 - 2016-03-29 00:48 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll
    2016-04-13 04:16 - 2016-03-29 00:48 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
    2016-04-13 04:16 - 2016-03-29 00:44 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
    2016-04-13 04:16 - 2016-03-29 00:42 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
    2016-04-13 04:16 - 2016-03-29 00:39 - 00550912 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
    2016-04-13 04:16 - 2016-03-29 00:38 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
    2016-04-13 04:16 - 2016-03-29 00:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
    2016-04-13 04:16 - 2016-03-29 00:36 - 00530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
    2016-04-13 04:16 - 2016-03-29 00:35 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
    2016-04-13 04:16 - 2016-03-29 00:35 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
    2016-04-13 04:16 - 2016-03-29 00:34 - 00686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
    2016-04-13 04:16 - 2016-03-29 00:34 - 00333824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
    2016-04-13 04:16 - 2016-03-29 00:34 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
    2016-04-13 04:16 - 2016-03-29 00:33 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
    2016-04-13 04:16 - 2016-03-29 00:32 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
    2016-04-13 04:16 - 2016-03-29 00:32 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
    2016-04-13 04:16 - 2016-03-29 00:30 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
    2016-04-13 04:16 - 2016-03-29 00:30 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
    2016-04-13 04:16 - 2016-03-29 00:28 - 00460288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
    2016-04-13 04:16 - 2016-03-29 00:27 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
    2016-04-13 04:16 - 2016-03-29 00:26 - 00169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
    2016-04-13 04:16 - 2016-03-29 00:23 - 00694784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
    2016-04-13 04:16 - 2016-03-29 00:23 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
    2016-04-13 04:16 - 2016-03-29 00:23 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
    2016-04-13 04:16 - 2016-03-29 00:22 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AccountsRt.dll
    2016-04-13 04:16 - 2016-03-29 00:21 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
    2016-04-13 04:16 - 2016-03-29 00:20 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
    2016-04-13 04:16 - 2016-03-29 00:20 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.V2.dll
    2016-04-13 04:16 - 2016-03-29 00:20 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsdchngr.dll
    2016-04-13 04:16 - 2016-03-29 00:19 - 00556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
    2016-04-13 04:16 - 2016-03-29 00:19 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacchooks.dll
    2016-04-13 04:16 - 2016-03-29 00:18 - 00676352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
    2016-04-13 04:16 - 2016-03-29 00:17 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
    2016-04-13 04:16 - 2016-03-29 00:17 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
    2016-04-13 04:16 - 2016-03-29 00:17 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
    2016-04-13 04:16 - 2016-03-29 00:16 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
    2016-04-13 04:16 - 2016-03-29 00:14 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
    2016-04-13 04:16 - 2016-03-29 00:14 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
    2016-04-13 04:16 - 2016-03-29 00:11 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
    2016-04-13 04:16 - 2016-03-29 00:11 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
    2016-04-13 04:16 - 2016-03-29 00:11 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
    2016-04-13 04:16 - 2016-03-29 00:11 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
    2016-04-13 04:16 - 2016-03-29 00:11 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
    2016-04-13 04:16 - 2016-03-29 00:11 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\browcli.dll
    2016-04-13 04:16 - 2016-03-29 00:09 - 01239552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
    2016-04-13 04:16 - 2016-03-29 00:09 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
    2016-04-13 04:16 - 2016-03-29 00:09 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
    2016-04-13 04:16 - 2016-03-29 00:08 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
    2016-04-13 04:16 - 2016-03-29 00:08 - 00841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
    2016-04-13 04:16 - 2016-03-29 00:08 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
    2016-04-13 04:16 - 2016-03-29 00:07 - 01902592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
    2016-04-13 04:16 - 2016-03-29 00:06 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
    2016-04-13 04:16 - 2016-03-29 00:06 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
    2016-04-13 04:16 - 2016-03-29 00:05 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll
    2016-04-13 04:16 - 2016-03-29 00:04 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll
    2016-04-13 04:16 - 2016-03-29 00:03 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
    2016-04-13 04:16 - 2016-03-29 00:00 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
    2016-04-13 04:16 - 2016-03-29 00:00 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll
    2016-04-13 04:16 - 2016-03-29 00:00 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
    2016-04-13 04:16 - 2016-03-28 23:59 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
    2016-04-13 04:16 - 2016-03-28 23:59 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe
    2016-04-13 04:16 - 2016-03-28 23:56 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
    2016-04-13 04:16 - 2016-03-28 23:55 - 01052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
    2016-04-13 04:16 - 2016-03-28 23:53 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
    2016-04-13 04:16 - 2016-03-28 23:53 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
    2016-04-13 04:16 - 2016-03-28 23:52 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
    2016-04-13 04:16 - 2016-03-28 23:52 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll
    2016-04-13 04:16 - 2016-03-28 23:49 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
    2016-04-13 04:16 - 2016-03-28 23:48 - 00346624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
    2016-04-13 04:16 - 2016-03-28 23:44 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
    2016-04-13 04:16 - 2016-03-28 23:43 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AccountsRt.dll
    2016-04-13 04:16 - 2016-03-28 23:42 - 01410560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
    2016-04-13 04:16 - 2016-03-28 23:42 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
    2016-04-13 04:16 - 2016-03-28 23:41 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
    2016-04-13 04:16 - 2016-03-28 23:40 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
    2016-04-13 04:16 - 2016-03-28 23:39 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
    2016-04-13 04:16 - 2016-03-28 23:39 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
    2016-04-13 04:16 - 2016-03-28 23:39 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
    2016-04-13 04:16 - 2016-03-28 23:38 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
    2016-04-13 04:16 - 2016-03-28 23:36 - 03351040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
    2016-04-13 04:16 - 2016-03-28 23:34 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
    2016-04-13 04:16 - 2016-03-28 23:34 - 00682496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
    2016-04-13 04:16 - 2016-03-28 23:34 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
    2016-04-13 04:16 - 2016-03-28 23:32 - 01588224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
    2016-04-13 04:16 - 2016-03-28 23:32 - 00854528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
    2016-04-13 04:16 - 2016-03-28 23:32 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
    2016-04-13 04:16 - 2016-03-28 23:32 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
    2016-04-13 04:16 - 2016-03-28 23:32 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
    2016-04-13 04:16 - 2016-03-28 23:32 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
    2016-04-13 04:16 - 2016-03-28 23:31 - 01117184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
    2016-04-13 04:16 - 2016-03-28 23:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
    2016-04-13 04:16 - 2016-03-28 23:29 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
    2016-04-13 04:16 - 2016-03-28 23:29 - 00256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
    2016-04-13 04:16 - 2016-03-28 23:28 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
    2016-04-13 04:16 - 2016-03-28 23:27 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
    2016-04-13 04:16 - 2016-03-28 23:27 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
    2016-04-13 04:16 - 2016-03-28 23:27 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
    2016-04-13 04:16 - 2016-03-28 23:27 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
    2016-04-13 04:16 - 2016-03-28 23:23 - 00777728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
    2016-04-13 04:16 - 2016-03-28 23:22 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
    2016-04-13 04:16 - 2016-03-28 23:17 - 00765952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
    2016-04-13 04:16 - 2016-03-28 23:14 - 01072128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
    2016-04-13 04:16 - 2016-03-28 23:13 - 00592384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
    2016-04-13 04:16 - 2016-03-28 23:10 - 03671040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
    2016-04-13 04:16 - 2016-03-28 23:06 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
    2016-04-13 04:16 - 2016-03-28 23:05 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
    2016-04-13 04:16 - 2016-03-28 23:05 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
    2016-04-13 04:16 - 2016-03-28 23:04 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
    2016-04-13 04:16 - 2016-03-28 23:04 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
    2016-04-13 04:16 - 2016-03-28 23:01 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
    2016-04-13 04:16 - 2016-03-28 23:00 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
    2016-04-13 04:16 - 2016-03-28 22:45 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
    2016-04-13 04:16 - 2016-03-28 22:43 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
    2016-04-13 04:16 - 2016-03-28 22:35 - 00821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
    2016-04-13 04:16 - 2016-03-28 22:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
    2016-04-13 04:16 - 2016-03-28 22:27 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
    2016-04-13 04:16 - 2016-03-28 22:26 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
    2016-04-13 04:16 - 2016-03-28 22:25 - 00712704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
    2016-04-13 04:16 - 2016-03-28 22:25 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
    2016-04-13 04:16 - 2016-03-28 22:21 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
    2016-04-12 04:32 - 2016-04-13 22:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2016-04-11 13:49 - 2016-04-11 13:49 - 00000144 _____ C:\Users\roberta\Desktop\TV.url
    2016-04-11 08:12 - 2016-04-11 08:12 - 00049661 _____ C:\Users\roberta\Documents\Happy.pdf
    2016-04-06 04:41 - 2016-04-06 04:41 - 03836976 _____ (Oleg N. Scherbakov) C:\Users\roberta\Downloads\HPSupportSolutionsFramework-12.3.11.29(3).exe
    2016-04-06 04:32 - 2016-04-06 04:32 - 03836976 _____ (Oleg N. Scherbakov) C:\Users\roberta\Downloads\HPSupportSolutionsFramework-12.3.11.29(2).exe
    2016-04-06 04:31 - 2016-04-06 04:31 - 03836976 _____ (Oleg N. Scherbakov) C:\Users\roberta\Downloads\HPSupportSolutionsFramework-12.3.11.29(1).exe
    2016-04-06 04:28 - 2016-04-06 04:28 - 03836976 _____ (Oleg N. Scherbakov) C:\Users\roberta\Downloads\HPSupportSolutionsFramework-12.3.11.29.exe
    2016-04-05 17:16 - 2016-04-05 21:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-05-04 09:41 - 2013-01-25 10:35 - 00000000 ____D C:\Users\roberta\Documents\Technical
    2016-05-04 09:40 - 2015-10-30 00:21 - 00000000 ____D C:\WINDOWS\INF
    2016-05-04 09:40 - 2015-07-31 10:35 - 00881036 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2016-05-04 06:04 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\AppReadiness
    2016-05-04 05:13 - 2015-10-30 00:24 - 00000000 ___HD C:\Program Files\WindowsApps
    2016-05-04 05:05 - 2015-07-10 12:47 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 5
    2016-05-04 05:02 - 2015-04-06 14:26 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2016-05-04 05:02 - 2014-06-17 14:30 - 00000000 __SHD C:\Users\roberta\IntelGraphicsProfiles
    2016-05-03 13:53 - 2015-07-10 12:47 - 00000000 ____D C:\Program Files (x86)\Glarysoft
    2016-05-03 13:51 - 2015-02-21 10:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
    2016-05-03 13:50 - 2014-01-13 06:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO
    2016-05-03 13:35 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\Registration
    2016-05-03 13:08 - 2013-02-12 12:04 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
    2016-05-03 12:52 - 2015-04-04 09:15 - 00002438 _____ C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
    2016-05-03 12:52 - 2013-02-12 12:09 - 00002454 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
    2016-05-03 07:44 - 2013-03-07 11:27 - 00000000 ____D C:\Users\roberta\Desktop\Medical
    2016-05-03 07:41 - 2016-04-02 16:32 - 00001277 _____ C:\Users\roberta\Desktop\VSDC Free Video Editor.lnk
    2016-05-03 07:41 - 2016-03-05 11:28 - 00001046 _____ C:\Users\roberta\Desktop\CCleaner.lnk
    2016-05-03 07:41 - 2016-02-29 10:38 - 00001588 _____ C:\Users\roberta\Desktop\CrashPlanDesktop.exe - Shortcut.lnk
    2016-05-03 07:41 - 2016-01-28 13:30 - 00250880 ___SH C:\Users\roberta\Desktop\Thumbs.db
    2016-05-03 07:41 - 2015-08-09 10:25 - 00001229 _____ C:\Users\roberta\Desktop\Fast Duplicate File Finder.lnk
    2016-05-03 07:41 - 2015-08-09 05:47 - 00001939 _____ C:\Users\roberta\Desktop\jv16 PowerTools X.lnk
    2016-05-03 07:41 - 2015-05-04 12:21 - 00001045 _____ C:\Users\roberta\Desktop\PhotoScape.lnk
    2016-05-03 07:41 - 2015-04-21 07:11 - 00001021 _____ C:\Users\roberta\Desktop\SpeedFan.lnk
    2016-05-03 07:41 - 2014-05-07 11:10 - 00001272 _____ C:\Users\roberta\Desktop\MozBackup.exe.lnk
    2016-05-03 07:41 - 2013-06-13 11:15 - 00002177 _____ C:\Users\roberta\Desktop\Tweaking.com - Windows Repair (All in One).lnk
    2016-05-03 07:41 - 2013-05-24 09:34 - 00001505 _____ C:\Users\roberta\Desktop\iexplore.exe - Shortcut.lnk
    2016-05-03 07:41 - 2013-04-25 08:47 - 00001076 _____ C:\Users\roberta\Desktop\Winmail Reader.lnk
    2016-05-03 07:41 - 2013-02-05 10:03 - 00001311 _____ C:\Users\roberta\Desktop\Favorites - Shortcut.lnk
    2016-05-03 07:41 - 2013-02-04 15:34 - 00000965 _____ C:\Users\roberta\Desktop\RealDraw PRO.lnk
    2016-05-02 14:39 - 2015-03-01 10:20 - 00035564 _____ C:\Users\roberta\Documents\Layout 1920 x 1080.dtr
    2016-05-02 13:51 - 2015-12-13 12:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2016-05-02 13:51 - 2015-10-29 23:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
    2016-05-02 13:24 - 2015-12-01 15:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
    2016-05-02 13:24 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\tracing
    2016-05-02 12:48 - 2015-09-14 10:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2016-05-02 12:48 - 2015-04-06 14:26 - 00001173 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2016-04-30 05:05 - 2013-10-17 06:55 - 00000000 ____D C:\ProgramData\Oracle
    2016-04-30 05:04 - 2014-06-17 05:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2016-04-30 05:04 - 2014-01-28 07:58 - 00000000 ____D C:\Program Files (x86)\Java
    2016-04-30 05:03 - 2016-01-20 07:45 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
    2016-04-30 05:03 - 2015-10-07 11:38 - 00000000 ____D C:\Users\roberta\.oracle_jre_usage
    2016-04-28 12:42 - 2016-01-20 09:55 - 00011114 _____ C:\Users\roberta\Desktop\INSURANCE.xlsx
    2016-04-28 10:23 - 2013-06-11 16:18 - 00014645 _____ C:\Users\roberta\Desktop\Vacation Checklist.xlsx
    2016-04-22 00:57 - 2013-03-23 06:47 - 00453288 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
    2016-04-19 08:23 - 2016-01-15 16:32 - 00000000 ____D C:\Program Files (x86)\CrashPlan
    2016-04-19 08:23 - 2014-05-01 11:41 - 00000000 ____D C:\ProgramData\CrashPlan
    2016-04-17 18:22 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\rescache
    2016-04-15 16:13 - 2015-12-13 12:25 - 00000000 ____D C:\Users\roberta
    2016-04-15 16:12 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\NDF
    2016-04-15 08:13 - 2013-01-22 16:58 - 00000000 ____D C:\Users\roberta\AppData\Local\Adobe
    2016-04-13 22:12 - 2015-10-30 00:11 - 00000000 ____D C:\WINDOWS\CbsTemp
    2016-04-13 22:03 - 2015-12-13 12:16 - 00461056 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2016-04-13 22:03 - 2014-08-07 15:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2016-04-13 22:01 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
    2016-04-13 22:01 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
    2016-04-13 22:00 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
    2016-04-13 22:00 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\bcastdvr
    2016-04-13 05:49 - 2013-08-07 14:45 - 00000000 ____D C:\WINDOWS\system32\MRT
    2016-04-13 05:45 - 2013-01-23 14:01 - 135176864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2016-04-13 04:19 - 2013-01-22 13:26 - 00000000 ____D C:\Users\roberta\AppData\Local\Packages
    2016-04-11 11:24 - 2013-02-08 11:21 - 00000000 ____D C:\Users\roberta\Desktop\Manuals
    2016-04-06 11:32 - 2015-10-30 00:26 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2016-04-06 11:32 - 2015-10-30 00:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

    ==================== Files in the root of some directories =======

    2015-08-09 05:47 - 2015-08-09 05:47 - 0000020 ___SH () C:\Users\roberta\AppData\Roaming\Sys11965 DataCollection.dat
    2015-08-09 05:47 - 2015-08-09 05:47 - 0000020 ___SH () C:\Users\roberta\AppData\Roaming\System413_DataDB.ind
    2013-06-02 14:22 - 2015-08-17 05:48 - 0005120 _____ () C:\Users\roberta\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2015-10-30 11:10 - 2015-10-30 11:10 - 0001513 _____ () C:\Users\roberta\AppData\Local\recently-used.xbel
    2013-01-28 11:05 - 2015-12-18 14:54 - 0007650 _____ () C:\Users\roberta\AppData\Local\Resmon.ResmonCfg
    2013-03-23 14:27 - 2013-03-23 14:27 - 0000057 _____ () C:\ProgramData\Ament.ini
    2013-01-24 08:31 - 2013-03-24 21:41 - 0006899 _____ () C:\ProgramData\hpzinstall.log
    2012-11-26 09:40 - 2012-11-26 09:40 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
    2012-11-26 09:37 - 2012-11-26 09:37 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
    2012-11-26 09:38 - 2012-11-26 09:38 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
    2012-11-26 09:36 - 2012-11-26 09:37 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
    2012-11-26 09:39 - 2012-11-26 09:40 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log

    Some files in TEMP:
    ====================
    C:\Users\roberta\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\roberta\AppData\Local\Temp\jre-8u66-windows-au.exe
    C:\Users\roberta\AppData\Local\Temp\jre-8u71-windows-au.exe
    C:\Users\roberta\AppData\Local\Temp\libeay32.dll
    C:\Users\roberta\AppData\Local\Temp\msvcr120.dll
    C:\Users\roberta\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-04-25 14:25

    ==================== End of FRST.txt ============================
     
  15. rbruculere

    rbruculere TS Rookie Topic Starter Posts: 22

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:04-05-2016
    Ran by roberta (2016-05-04 09:57:07)
    Running from C:\Users\roberta\Desktop
    Windows 10 Home Version 1511 (X64) (2015-12-13 19:52:14)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-217919241-653189731-3087365520-500 - Administrator - Enabled) => C:\Users\Administrator
    DefaultAccount (S-1-5-21-217919241-653189731-3087365520-503 - Limited - Disabled)
    Guest (S-1-5-21-217919241-653189731-3087365520-501 - Limited - Enabled)
    HomeGroupUser$ (S-1-5-21-217919241-653189731-3087365520-1010 - Limited - Enabled)
    roberta (S-1-5-21-217919241-653189731-3087365520-1001 - Administrator - Enabled) => C:\Users\roberta
    scott bruculere (S-1-5-21-217919241-653189731-3087365520-1008 - Limited - Enabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
    Adobe Acrobat X Standard - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-BA7E-000000000005}) (Version: 10.1.7 - Adobe Systems)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
    Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
    Application Verifier x64 External Package (Version: 8.100.25984 - Microsoft) Hidden
    Ashampoo Burning Studio FREE v.1.14.5 (HKLM-x32\...\{91B33C97-91F8-FFB3-581B-BC952C901685}_is1) (Version: 1.14.5 - Ashampoo GmbH & Co. KG)
    Avery Design & Print (HKLM-x32\...\Avery Design & Print 1.0.0) (Version: 1.0.0 - Avery Products Corporation)
    bpd_scan_Carrier (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
    BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
    CCleaner (HKLM\...\CCleaner) (Version: 5.15 - Piriform)
    Cloud Drive (HKLM-x32\...\{F40EC703-6B64-4C2D-80BC-5ED2D8295C04}) (Version: 5.1.30.18 - Cox Secure Online Backup for Windows)
    Conexant SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.40.0 - Conexant)
    CPUID HWMonitor 1.21 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
    CrashPlan (HKLM\...\{753E3F29-F1BC-4FE6-A964-622DAE9976CF}) (Version: 4.6.0.403 - Code 42 Software)
    CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 11.0 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.1.2 - Dell Inc.)
    Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.16.1 - Dell Inc.)
    Dell System Detect (HKU\S-1-5-21-217919241-653189731-3087365520-1001\...\58d94f3ce2c27db0) (Version: 6.12.0.1 - Dell)
    Dell Touchpad (HKLM\...\Elantech) (Version: 11.3.2.5 - ELAN Microelectronic Corp.)
    Design & Print (HKLM-x32\...\Design & Print 1.0.1) (Version: 1.0.1 - Avery Products Corp.)
    DesignPro 5 (HKLM-x32\...\InstallShield_{C8F04EF6-C4DB-4D86-8D86-32E7DBDA8595}) (Version: 5.5.708 - Avery Dennison)
    DesignPro 5 (x32 Version: 5.5.708 - Avery Dennison) Hidden
    Desktop Restore (HKLM\...\{15D07D6F-E4CC-41D9-88A3-94115E5E5A10}) (Version: 1.6.3 - JOConnell)
    DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
    Drag and Drop Backup (HKLM-x32\...\{480EA68A-699D-450D-9869-2216AC49D23C}) (Version: 2.1.33 - Cox)
    dupeGuru Music Edition (HKLM\...\{C51BC104-8666-4F9C-8072-715AE1A69A75}) (Version: 6.8.1 - Hardcoded Software)
    dupeGuru Picture Edition (HKLM\...\{C9A60D50-28B0-4BCB-B720-1ECACA351F09}) (Version: 2.10.1 - Hardcoded Software)
    Duplicate File Finder (HKLM-x32\...\{0670E1C9-84EF-4C85-B030-CF0A5A76B212}_is1) (Version: 5.4 - Ashisoft)
    Easy Computer Sync (HKLM-x32\...\Easy Computer Sync) (Version: 1.5 - Bravura Software LLC)
    eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
    Fast Duplicate File Finder 4.7.0.1 (HKLM-x32\...\{AFECFED6-0A43-488F-8511-1DC6B52F31C3}_is1) (Version: 4.7.0.1 - MindGems, Inc.)
    FastStone Image Viewer 5.3 (HKLM-x32\...\FastStone Image Viewer) (Version: 5.3 - FastStone Soft)
    Glary Utilities 5.32 (HKLM-x32\...\Glary Utilities 5) (Version: 5.32.0.52 - Glarysoft Ltd)
    HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: - )
    HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
    HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
    Intel(R) Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
    Intel(R) Processor ID Utility (HKLM-x32\...\{A92A4DB0-CD37-42D1-BE1D-603D53C24328}) (Version: 4.90.0000 - Intel(R) Corporation)
    Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
    Intel(R) Turbo Boost Technology Monitor 2.6 (HKLM\...\{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}) (Version: 2.6.2.0 - Intel)
    Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
    Intel® PROSet/Wireless Software (HKLM-x32\...\{89a03d4c-5e14-4180-984e-6932893138fc}) (Version: 17.14.0 - Intel Corporation)
    Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
    jv16 PowerTools X (HKLM-x32\...\jv16 PowerTools X) (Version: - Macecraft Software)
    Kits Configuration Installer (x32 Version: 8.100.25984 - Microsoft) Hidden
    Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
    Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{D1D37853-0004-3E36-A7AA-74F4EEA35F64}) (Version: 4.5.50930 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
    Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
    Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Sync Framework 2.1 Core Components (x86) ENU (HKLM-x32\...\{7AC8EF88-D996-4D47-B40C-4DD93E307481}) (Version: 2.1.1648.0 - Microsoft Corporation)
    Microsoft Sync Framework 2.1 Provider Services (x86) ENU (HKLM-x32\...\{77610794-D144-422E-82B2-77BBE9052FDA}) (Version: 2.1.1648.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Mozilla Firefox 45.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.0.2 (x86 en-US)) (Version: 45.0.2 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.2.5941 - Mozilla)
    Mozilla Thunderbird 38.7.2 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 38.7.2 (x86 en-US)) (Version: 38.7.2 - Mozilla)
    MSI Development Tools (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
    My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
    paint.net (HKLM\...\{DADC2AF6-DC9F-4BCF-BFCE-DCEC16EF507C}) (Version: 4.0.9 - dotPDN LLC)
    Peachtree Complete Accounting 2005 (HKLM-x32\...\InstallShield_{D7614A76-A821-4FB1-8C80-37D0F7DE5040}) (Version: 12.00.01 - Best Software SB, Inc)
    Peachtree Complete Accounting 2005 (x32 Version: 12.00.01 - Best Software SB, Inc) Hidden
    PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
    Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
    Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.005 - Dell Inc.)
    Readiris Pro 12 (HKLM-x32\...\{3AC26580-A695-4134-84AE-5121B3AAE545}) (Version: 12.00.6468 - I.R.I.S.)
    Real-Draw PRO 4.0 (HKLM-x32\...\Real-Draw PRO_is1) (Version: - Mediachance)
    Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
    Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
    Revo Uninstaller Pro 3.1.5 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.5 - VS Revo Group, Ltd.)
    SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.14.0 - SAMSUNG Electronics Co., Ltd.)
    SDK Debuggers (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
    Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
    Smart View 2.0 (HKLM-x32\...\{FBAAAFAE-08A8-4C63-87EA-4AEA9DEE53E1}) (Version: 1.0.0.0 - Samsung)
    Sonic Activation Module (x32 Version: 1.0 - Sonic Solutions) Hidden
    SpaceMonger 2.1.1 (HKLM-x32\...\SpaceMonger) (Version: 2.1.1 - Sixty-Five)
    SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
    SUPER © v2013.build.59+Recorder (2013/12/18) version v2013.buil (HKLM-x32\...\{8E2A18E2-96AF-4DF9-8459-5C06B75139A4}_is1) (Version: v2013.build.59+Recorder - eRightSoft)
    System Requirements Lab for Intel (HKLM-x32\...\{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}) (Version: 4.5.24.0 - Husdawg, LLC)
    Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.8.2 - Tweaking.com)
    VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
    ViewSonic Monitor Drivers (HKLM-x32\...\{B4FEA924-630D-11D4-B78E-005004566E4D}) (Version: - )
    ViewSonic Windows 7 x64 Signed Files (HKLM-x32\...\{FC47C7A5-BE63-11D5-B7C9-005004566E4D}) (Version: - )
    VSDC Free Video Editor version 3.3.5.411 (HKLM-x32\...\VSDC Free Video Editor_is1) (Version: 3.3.5.411 - Flash-Integro LLC)
    Winamp (HKLM-x32\...\Winamp) (Version: 5.63 - Nullsoft, Inc)
    Winamp Detector Plug-in (HKU\S-1-5-21-217919241-653189731-3087365520-1001\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
    Windows Software Development Kit for Windows 8.1 (HKLM-x32\...\{2fc72c67-2837-46c2-b20a-9acb0d3cb2b2}) (Version: 8.100.25984 - Microsoft Corporation)
    Winmail Reader 1.2.15 (HKLM-x32\...\Winmail Reader_is1) (Version: - Kopf)
    WPT Redistributables (x32 Version: 8.100.26866 - Microsoft) Hidden
    WPTx64 (x32 Version: 8.100.26837 - Microsoft) Hidden

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-217919241-653189731-3087365520-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\roberta\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-217919241-653189731-3087365520-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {03D296EC-E82E-4D25-B2C2-A611B4E86334} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {06C0ECE9-BE29-4417-B073-84255F24326B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {08CCB8E7-52A2-4652-AF76-7FBD1FFBC1C3} - System32\Tasks\{DB9BEFA3-3616-4D2C-B56F-AD1484E263EE} => pcalua.exe -a D:\Bin\demo32.exe -d D:\Bin
    Task: {1310FFB1-C6F7-4186-8018-9B16EB4D0F3A} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {1A7AC3DC-5ED5-4959-910D-EE29755B683A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {1B3BC5C5-9D75-44B1-91B6-5AC102C596E6} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-04-04] (Microsoft Corporation)
    Task: {23BAE091-EC01-4B71-BB84-92AD122E9B40} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {23D4474D-1653-4422-B826-8AF34679B6E0} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-04-13] (Microsoft Corporation)
    Task: {26B27C75-E95C-45E4-9D25-F022EA2463DB} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2015-09-06] (Glarysoft Ltd)
    Task: {2F08FECA-7BF2-4A77-8A62-8A3E11241D33} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {36C8DC15-AE12-4AAE-9F9C-C2A17856E412} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {50E4C3A2-13A9-4741-AB37-41E3ECEB1882} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-04-04] (Microsoft Corporation)
    Task: {5D1EB274-1973-490C-BF4E-03B935313049} - System32\Tasks\Dell\Dell System Registration => C:\Program Files (x86)\System Registration\prodreg.exe [2012-07-09] (Dell, Inc.)
    Task: {6A85753B-7DCC-418C-AFAF-1F549314957B} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-04] (CyberLink)
    Task: {7870CA20-CC11-47ED-97AD-2DBEE134D936} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {7E82575A-0176-4182-8743-B0938AE62C44} - \PCDEventLauncherTask -> No File <==== ATTENTION
    Task: {812A12B0-5040-46D0-B8B0-DCF415560EFB} - \PCDoctorBackgroundMonitorTask -> No File <==== ATTENTION
    Task: {81FE64FF-A3BF-4F1A-BAB4-50B599E102F6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-02-12] (Piriform Ltd)
    Task: {8A2AD3BF-4F07-4E11-AB3E-BA568CBE464F} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
    Task: {91151FAF-9E99-4AC7-8267-F8FF6AEBEBAA} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2015-09-06] (Glarysoft Ltd)
    Task: {9624B71E-990B-4358-8D75-2521F4260743} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {9AB38E51-49A8-45C1-BF79-41988346E24C} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
    Task: {A04C46B0-A88E-4CA4-B502-34F22C7BD325} - \PCDEventLauncher -> No File <==== ATTENTION
    Task: {A66DB38B-229F-4FC9-A4AC-672E0B5D217B} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-04-04] (Microsoft Corporation)
    Task: {AA5C4C28-7B48-4CB7-B1F7-7DC851F4FBE1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {B410E3BC-31F7-426C-91AB-938F2E5A1585} - System32\Tasks\UninstallMonitor => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe
    Task: {BD31765A-3C98-4002-ABAA-8A772B940741} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
    Task: {BDE2BC80-10E1-4CCB-A7CF-D7C576D44F47} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-04-04] (Microsoft Corporation)
    Task: {CA68E378-4DEF-40EF-81BB-0D206B4BC705} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {CFF86C44-DF04-4B79-845A-BFC975F0F455} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2015-04-04] (Microsoft)
    Task: {D8D38B53-2F89-4283-BE51-5197D4ABA789} - \SystemToolsDailyTest -> No File <==== ATTENTION
    Task: {E79821B3-B533-4FC4-BEFA-FF899438A844} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    Task: {EAF31FD0-5B6B-4B48-95B8-51D85D2FEEC8} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
    Task: {EB66E65C-D000-42E6-BD3B-7E16B4438CD3} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
    Task: {EC311D37-CE0E-4157-91DD-3610A021A45E} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
    Task: {F7781B73-A584-4137-80B1-9BD6068A2DFE} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.)
    Task: {F8FFC6D2-48BF-4FE9-9001-626AD9A45E67} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/uninstall.html?aaa=KICMNMKMMMKMIMMJMJHMCNNMNJKMOMCNLMKJMJLJCNHMIMKMGMCNNMOJLJOJGMNJMMHMGMKMJJHMJNJICMIMCNGMCNIMFMOMOMCNPMCNGMJMPMPMFMJMCNMMCNGMJMPMPMCNNMJNPICMPMFMFMLMJNHICMEKMICNJJCKJNBJCMNIAJNJKJNILIOJJNKJCMJNNICMJNDJCMKJBJJNMJCMPMFMPMFMPMJNFICM (the data entry has 27 more characters).
    Task: {FEBC165C-A532-48C1-912A-4AEA9DE9D7A6} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2016-04-14 13:43 - 2016-04-14 13:43 - 00014848 _____ () C:\Program Files (x86)\CrashPlan\md564.dll
    2016-04-14 13:43 - 2016-04-14 13:43 - 00238592 _____ () \\?\C:\Program Files (x86)\CrashPlan\cpnative64.dll
    2007-06-05 14:20 - 2007-06-05 14:20 - 00177704 _____ () C:\Windows\SysWOW64\PSIService.exe
    2015-10-30 00:18 - 2015-10-30 00:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
    2016-04-13 04:17 - 2016-03-29 03:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
    2016-04-13 04:17 - 2016-03-29 03:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
    2015-12-18 09:47 - 2015-12-06 21:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
    2016-04-13 04:16 - 2016-04-01 20:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
    2016-04-13 04:17 - 2016-04-01 20:03 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
    2016-04-13 04:16 - 2016-04-01 19:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2016-04-13 04:17 - 2016-04-01 19:59 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
    2016-04-13 04:17 - 2016-04-01 20:02 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
    2014-12-25 07:46 - 2013-09-12 09:55 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
    2015-08-16 23:34 - 2015-08-16 23:34 - 00080160 _____ () C:\Program Files (x86)\Glary Utilities 5\zlib1.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\WINDOWS\system32\certsentry.exe_20160503205106:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\coin94.dll:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\dfp.exe:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\DfpCommon.dll:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\SET380D.tmp:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\SET3C2D.tmp:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\SET3D2C.tmp:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\UtcResources.dll:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\wu.upgrade.ps.dll:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\SysWOW64\AdvUninstCPL.cpl:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\IntcDAud.sys:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\point64.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Desktop\10 - The Rubberband Man.mp3:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Desktop\10 - The Rubberband Man.mp3:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Desktop\CrowdInspect.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Desktop\CrowdInspect.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Desktop\Me from camera 10 2015.jpg:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Desktop\Roberta.jpg:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\01-Jul-2015_to_01-Aug-2015.csv:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\01-Jul-2015_to_01-Aug-2015.csv:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\1.MFL37933576_E.pdf:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\1.MFL37933576_E.pdf:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\10 - The Rubberband Man(1).mp3:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\10 - The Rubberband Man(1).mp3:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\20150626_atc_new_research_finds_lonely_people_have_superior_social_skills.mp3:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\20150626_atc_new_research_finds_lonely_people_have_superior_social_skills.mp3:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\adksetup.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\adksetup.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\Antivirus_Free_Edition.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\Antivirus_Free_Edition.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\averywizard_5_0_0_3026_5_en-eu.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\averywizard_5_0_0_3026_5_en-eu.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\ConnectUtility.exe:$CmdTcID [130]
    AlternateDataStreams: C:\Users\roberta\Downloads\ConnectUtility.exe:$CmdZnID [29]
    AlternateDataStreams: C:\Users\roberta\Downloads\CoxBackup-5.1.30.18.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\CoxBackup-5.1.30.18.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\CrowdInspect.zip:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\CrowdInspect.zip:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\DBFPlus.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\DBFPlus.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\Decrap_Setup.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\delinf_10230.EXE:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\delinf_10230.EXE:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\DellCertFix.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\DellCertFix.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\Destination Service Request [599905-D1-V1] [BYARS, ROCHELLE] [Service Date_ 9_8_2015] Scott's Packing & Crating - Third Party.pdf:$CmdTcID [130]
    AlternateDataStreams: C:\Users\roberta\Downloads\Destination Service Request [599905-D1-V1] [BYARS, ROCHELLE] [Service Date_ 9_8_2015] Scott's Packing & Crating - Third Party.pdf:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\Drag and Drop Backup-2.1.33-prod.msi:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\Drag and Drop Backup-2.1.33-prod.msi:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\DropboxInstaller(1).exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\DropboxInstaller(1).exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\FastDuplicateFileFinder.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\FastDuplicateFileFinder.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\Firefox Setup Stub 39.0.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\Firefox Setup Stub 39.0.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\FSViewerSetup53.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\FSViewerSetup53.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\Glary_Utilities_v5.30.0.50 (1).exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\Glary_Utilities_v5.30.0.50 (1).exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\Glary_Utilities_v5.30.0.50.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\Glary_Utilities_v5.30.0.50.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\Glary_Utilities_v5.32.0.52.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\Glary_Utilities_v5.32.0.52.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\gu5setup.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\gu5setup.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\HPPSdr.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\HPPSdr.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\HPSupportSolutionsFramework-11.51.0049.msi:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\HPSupportSolutionsFramework-11.51.0049.msi:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\install_flash_player_ics.apk:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\install_flash_player_ics.apk:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\Intel Driver Update Utility Installer.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\Intel Driver Update Utility Installer.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\JavaSetup8u60.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\JavaSetup8u60.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\jre-8u51-windows-i586-iftw.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\jre-8u51-windows-i586-iftw.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\jre-8u51-windows-x64.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\jre-8u51-windows-x64.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\jre-8u60-windows-i586-iftw.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\jre-8u60-windows-i586-iftw.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\jre-8u60-windows-x64.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\jre-8u60-windows-x64.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\jv16pt_setup.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\jxpiinstall(1).exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\jxpiinstall(1).exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\mbam-setup-2.1.4.1018.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\mbam-setup-2.1.4.1018.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\mbam-setup-2.2.0.1024.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\mbam-setup-2.2.0.1024.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\mbar-1.09.3.1001.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\mbar-1.09.3.1001.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\MFC-7460DN-inst-B1-usa.EXE:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\MFC-7460DN-inst-B1-usa.EXE:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\MFC-7460DN-inst-C1-USA.EXE:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\MFC-7460DN-inst-C1-USA.EXE:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\Mozilla_Thunderbird_v38.0.1.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\Mozilla_Thunderbird_v38.0.1.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\msert.exe:$CmdTcID [130]
    AlternateDataStreams: C:\Users\roberta\Downloads\msert.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\nettool_12110.EXE:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\nettool_12110.EXE:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\paint.net.4.0.5.install.zip:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\paint.net.4.0.5.install.zip:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\PhotoScape_V3.6.2.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\PhotoScape_V3.6.2.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\PO-JEK-901172(1).pdf:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\PO-JEK-901172(1).pdf:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\PO-JEK-901172.pdf:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\PO-JEK-901172.pdf:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\qssetup.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\qssetup.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\Sales_and_Use_Tax_Return_10-09-14.xls:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\Sales_and_Use_Tax_Return_10-09-14.xls:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\SAMSUNG_USB_Driver_for_Mobile_Phones_v1.5.45.0.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\SAMSUNG_USB_Driver_for_Mobile_Phones_v1.5.45.0.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\SetPoint6.67.83_smart.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\SetPoint6.67.83_smart.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\signature-0.4.0.4.200610221528-fx+tb.xpi:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\signature-0.4.0.4.200610221528-fx+tb.xpi:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\SmartView2.msi:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\SmartView2.msi:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\win64_153338.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\win64_153338.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\WO-JEK-901172.pdf:$CmdTcID [130]
    AlternateDataStreams: C:\Users\roberta\Downloads\WO-JEK-901172.pdf:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\X414d5120514552504d5130312020202054fc75212a0ef380.pdf:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\X414d5120514552504d5130312020202054fc75212a0ef380.pdf:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\Y10E_C1-gdi-32-D2.EXE:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\Y10E_C1-gdi-32-D2.EXE:$CmdZnID [26]
     
  16. rbruculere

    rbruculere TS Rookie Topic Starter Posts: 22

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2012-07-25 22:26 - 2016-03-28 15:50 - 00000855 ____A C:\WINDOWS\system32\Drivers\etc\hosts

    127.0.0.1 localhost

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-217919241-653189731-3087365520-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\roberta\AppData\Roaming\FSL\IconRestorer\Wallpapers\IconRestorer.bmp
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\Services: Dell-Backup-Svc => 2
    MSCONFIG\Services: IDriverT => 3
    MSCONFIG\Services: McAWFwk => 3
    MSCONFIG\Services: mcmscsvc => 2
    MSCONFIG\Services: McNASvc => 2
    MSCONFIG\Services: RoxMediaDB9 => 3
    MSCONFIG\Services: RoxWatch9 => 2
    MSCONFIG\Services: stllssvr => 3
    HKLM\...\StartupApproved\StartupFolder: => "HP Digital Imaging Monitor.lnk"
    HKLM\...\StartupApproved\StartupFolder: => "Cox Cloud Drive.lnk"
    HKLM\...\StartupApproved\Run: => "BTMTrayAgent"
    HKLM\...\StartupApproved\Run: => "IntelTBRunOnce"
    HKLM\...\StartupApproved\Run: => "QuickSet"
    HKLM\...\StartupApproved\Run: => "SmartAudio"
    HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
    HKLM\...\StartupApproved\Run: => "Dell Backup Dashboard"
    HKLM\...\StartupApproved\Run: => "Corel Photo Downloader"
    HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
    HKLM\...\StartupApproved\Run: => "EvtMgr6"
    HKLM\...\StartupApproved\Run: => "IAStorIcon"
    HKLM\...\StartupApproved\Run32: => "CLMLServer_For_P2G8"
    HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
    HKLM\...\StartupApproved\Run32: => "Adobe ARM"
    HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
    HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
    HKLM\...\StartupApproved\Run32: => "HP Software Update"
    HKLM\...\StartupApproved\Run32: => "Corel Photo Downloader"
    HKLM\...\StartupApproved\Run32: => "Adobe Acrobat Speed Launcher"
    HKLM\...\StartupApproved\Run32: => "RoxWatchTray"
    HKLM\...\StartupApproved\Run32: => "KiesTrayAgent"
    HKLM\...\StartupApproved\Run32: => "Vault Explorer Cache Watcher"
    HKU\S-1-5-21-217919241-653189731-3087365520-1001\...\StartupApproved\StartupFolder: => "OneNote 2010 Screen Clipper and Launcher.lnk"
    HKU\S-1-5-21-217919241-653189731-3087365520-1001\...\StartupApproved\StartupFolder: => "DealFinder.lnk"
    HKU\S-1-5-21-217919241-653189731-3087365520-1001\...\StartupApproved\Run: => ""
    HKU\S-1-5-21-217919241-653189731-3087365520-1001\...\StartupApproved\Run: => "KiesAirMessage"
    HKU\S-1-5-21-217919241-653189731-3087365520-1001\...\StartupApproved\Run: => "KiesPreload"
    HKU\S-1-5-21-217919241-653189731-3087365520-1001\...\StartupApproved\Run: => "DellSystemDetect"
    HKU\S-1-5-21-217919241-653189731-3087365520-1001\...\StartupApproved\Run: => "GUDelayStartup"
    HKU\S-1-5-21-217919241-653189731-3087365520-1001\...\StartupApproved\Run: => "OneDrive"
    HKU\S-1-5-21-217919241-653189731-3087365520-1001\...\StartupApproved\Run: => "CCleaner Monitoring"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [{5060C364-B4AB-442C-A4F3-1CB9407945DA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{655ABC0B-66D4-4702-97B9-A2C17654522B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{FB14986F-0D11-4590-90B2-B2FDDA8C16C8}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    FirewallRules: [{00A8B8D6-62CD-4C46-A3FA-6081FD47A6FA}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    FirewallRules: [{2BCE0E06-129D-4D80-8DD3-94BFB61131E1}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
    FirewallRules: [{BA3AFECE-BBC6-4359-8410-C4EAD0B72838}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
    FirewallRules: [{10E4B00D-D4A0-41D4-BB84-F365C21C9B0A}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe
    FirewallRules: [{32429FA7-7190-4629-B115-D1518E7662B7}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe
    FirewallRules: [{4FC95EE1-ACE1-43DF-8610-C948355611F0}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe
    FirewallRules: [{32CD9D16-153E-45F3-BFD9-128A8EFE4A14}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe
    FirewallRules: [{3A0C4AF4-E997-4B55-845C-C8EEC77FEBC2}] => (Allow) C:\Users\roberta\AppData\Local\Temp\7zS28A7\HPDiagnosticCoreUI.exe
    FirewallRules: [{9CC237A8-DA51-4A92-A6AC-94A4BCD3AB1E}] => (Allow) C:\Users\roberta\AppData\Local\Temp\7zS28A7\HPDiagnosticCoreUI.exe
    FirewallRules: [{BBA9563E-E14D-4352-AB62-FC5335217D8A}] => (Allow) C:\Program Files (x86)\Dell\Tech Concierge\node.exe
    FirewallRules: [{8C788B5F-B336-4FC2-AB0F-8BD379D33A5B}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
    FirewallRules: [{6578936D-4BE6-4BC3-AB17-3523041D40C0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
    FirewallRules: [{910D1D57-FF08-4A09-8E0F-714D647A9829}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
    FirewallRules: [{CF6DEE7B-B4C7-4023-9321-4BEA222C041B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    FirewallRules: [{CB634967-D089-4075-BCAB-FC89A6978161}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
    FirewallRules: [{AA659F15-AA74-4200-BCA0-C2D34B2D97E9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
    FirewallRules: [{D0AC69F8-3AED-41B4-A6D0-B75D5CB053FE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
    FirewallRules: [{F38C770E-730B-496E-972B-857FE5977098}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
    FirewallRules: [{159FC5D6-0CF6-4213-9041-5F0C91285780}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
    FirewallRules: [{29855EAB-BBFD-488D-89A4-995BCE986933}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
    FirewallRules: [{A269AF83-A9A4-4399-A76F-8B1B75F1EE04}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
    FirewallRules: [{52A2CD79-DD1C-470D-A528-468680D24311}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
    FirewallRules: [{1BC93AD1-FC30-4284-8954-0283B018F546}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
    FirewallRules: [{B1AB3D89-8AB9-4812-94F1-3D5BC8D17E3A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
    FirewallRules: [{13536D1F-0EC0-4221-AD49-B0DD059330CE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
    FirewallRules: [{87F76901-29C9-4F32-AE76-A672F7B550CA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
    FirewallRules: [{0F577FC6-0FED-4205-B03A-4DF1799002B7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    FirewallRules: [{2A42928B-71DF-4697-BA6A-47213CD27BD7}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
    FirewallRules: [{482368FB-23C3-4329-90FE-96C2B706FAD2}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
    FirewallRules: [{274A6467-9F65-43D1-8E35-05877B3AAED0}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
    FirewallRules: [{32899002-1B21-448D-8918-51F8D49EE35F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
    FirewallRules: [{371FFBD7-78E1-4F75-91E2-AE32092A7B8E}] => (Allow) C:\Users\roberta\AppData\Local\Temp\7zS4E9B\hppiw.exe
    FirewallRules: [{BAAB4855-0143-4AB4-A3E8-2CB91593B20C}] => (Allow) C:\Users\roberta\AppData\Local\Temp\7zS4E9B\hppiw.exe
    FirewallRules: [{7810A3B0-B6B7-43F6-AD2E-95512B4C27D0}] => (Allow) C:\Users\roberta\AppData\Local\Temp\7zS5A53\HPDiagnosticCoreUI.exe
    FirewallRules: [{AE90421A-E2B3-4E24-BB5E-7BD6DB8995BB}] => (Allow) C:\Users\roberta\AppData\Local\Temp\7zS5A53\HPDiagnosticCoreUI.exe
    FirewallRules: [TCP Query User{DDB3745B-AD88-4E7C-9201-963C960AE3F2}C:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe] => (Allow) C:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe
    FirewallRules: [UDP Query User{D8C682A1-C57F-446E-BF05-3384154AD9D3}C:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe] => (Allow) C:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe
    FirewallRules: [{E8A67D17-B621-474B-9240-F62FC1229914}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{D524ABC7-E8EB-4CDF-8528-DE094B6296A7}] => (Allow) LPort=2869
    FirewallRules: [{6A157C54-A2C1-43AE-AD7B-A7421D760274}] => (Allow) LPort=1900
    FirewallRules: [{BDA1C5C3-CCAC-486F-B761-8C36772AD5A6}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
    FirewallRules: [{BA38E0C9-2DA5-478C-BF8B-60CB858207A0}] => (Allow) C:\Program Files (x86)\SmartView2\Smart View 2.0.exe
    FirewallRules: [{0210FE2D-24DA-4576-BB57-24E4041EB1C6}] => (Allow) C:\Program Files (x86)\SmartView2\Smart View 2.0.exe
    FirewallRules: [{0AA0CD6D-595E-4F0C-BC71-91C1DB7E9509}] => (Allow) C:\Program Files (x86)\SmartView2\Smart View 2.0.exe
    FirewallRules: [{818DB441-B6DB-4247-B8BD-C3E580C69288}] => (Allow) C:\Program Files (x86)\SmartView2\Smart View 2.0.exe
    FirewallRules: [{C30345FE-E676-4DB4-A45D-2D74D1A40D6C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{2A4D9707-8FEF-48B3-ADE5-6D6E24838E41}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{844737F4-A0DD-49E0-82A6-DE0D7069C5C6}] => (Allow) C:\Users\roberta\AppData\Local\Temp\7zS74F5\HPDiagnosticCoreUI.exe
    FirewallRules: [{3462BB93-8B29-4C8A-89AB-A3962B6C6EEE}] => (Allow) C:\Users\roberta\AppData\Local\Temp\7zS74F5\HPDiagnosticCoreUI.exe
    FirewallRules: [{D2110793-7E38-4255-B26A-C43DE98BA75F}] => (Allow) C:\Users\roberta\AppData\Local\Temp\7zS7EE8\HPDiagnosticCoreUI.exe
    FirewallRules: [{E31DABF5-0866-4813-9893-58A896714871}] => (Allow) C:\Users\roberta\AppData\Local\Temp\7zS7EE8\HPDiagnosticCoreUI.exe
    FirewallRules: [TCP Query User{6CDA0B39-AEDD-4914-ABED-BE1BE93A4A0A}C:\users\roberta\appdata\local\temp\7zs051b\enterprisedu.exe] => (Allow) C:\users\roberta\appdata\local\temp\7zs051b\enterprisedu.exe
    FirewallRules: [UDP Query User{CD79BFC1-0D73-479B-93ED-45554B4A7756}C:\users\roberta\appdata\local\temp\7zs051b\enterprisedu.exe] => (Allow) C:\users\roberta\appdata\local\temp\7zs051b\enterprisedu.exe
    FirewallRules: [{F8C39A79-FDC4-4D60-96F5-9B546144B91E}] => (Allow) C:\Users\roberta\AppData\Local\Temp\7zS0FA1\HPDiagnosticCoreUI.exe
    FirewallRules: [{61FBE461-FFA6-4BCA-A43D-BBD578E72BC3}] => (Allow) C:\Users\roberta\AppData\Local\Temp\7zS0FA1\HPDiagnosticCoreUI.exe
    FirewallRules: [{B4F4E405-A9A2-430A-BBC4-62EB4CC8C29E}] => (Allow) C:\Users\roberta\AppData\Local\Temp\7zS031F\hppiw.exe
    FirewallRules: [{4EB28CDC-8F45-4E97-9CB4-E0BA281C0F7D}] => (Allow) C:\Users\roberta\AppData\Local\Temp\7zS031F\hppiw.exe
    FirewallRules: [{062AFB40-31BB-422F-BC3A-4FB46FD1A6A1}] => (Allow) C:\Users\roberta\AppData\Local\Temp\7zS4BA1\HPDiagnosticCoreUI.exe
    FirewallRules: [{016BFBD2-BFF7-4F52-870B-B42C7B1BECAB}] => (Allow) C:\Users\roberta\AppData\Local\Temp\7zS4BA1\HPDiagnosticCoreUI.exe
    FirewallRules: [{8A9CF2D5-3023-4EC4-873F-6220124401D9}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\VideoEditor.exe
    FirewallRules: [{C6205CD0-492D-476C-BA35-8DF93BC0EFA9}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\VideoEditor.exe
    FirewallRules: [{AA79BEB8-C7DF-4B23-885B-9A1650B5F38C}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Updater.exe
    FirewallRules: [{40B91CAC-7E3F-4499-9600-6A4E00BF1380}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Updater.exe
    FirewallRules: [{F9C11085-7A36-422E-AC72-A4F6E0EC3A6D}] => (Allow) C:\Program Files (x86)\CrashPlan\CrashPlanService.exe

    ==================== Restore Points =========================

    17-04-2016 17:16:15 Windows Update
    26-04-2016 13:52:22 Scheduled Checkpoint
    01-05-2016 13:42:03 Windows Update
    02-05-2016 14:02:56 JRT Pre-Junkware Removal

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (05/02/2016 01:34:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program Integrator.exe version 5.32.0.52 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

    Process ID: 159c

    Start Time: 01d1a4b12a5a0aac

    Termination Time: 9

    Application Path: C:\Program Files (x86)\Glary Utilities 5\Integrator.exe

    Report Id: 38287e9b-10a5-11e6-8001-e0db55d256a6

    Faulting package full name:

    Faulting package-relative application ID:

    Error: (05/01/2016 11:55:18 AM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: BERT2)
    Description: HRESULT:0x8004FF6F
    Description:You don’t need to install Microsoft Security Essentials. Your version of Windows includes an updated version of Windows Defender that provides the same level of protection as Microsoft Security Essentials, along with other significant improvements. <a>For more information on the differences and improvements, see online Help</a>. Error code:0x8004FF6F.

    Error: (04/29/2016 11:49:08 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: svchost.exe, version: 10.0.10586.0, time stamp: 0x5632d7ba
    Faulting module name: ESENT.dll, version: 10.0.10586.212, time stamp: 0x56fa1686
    Exception code: 0xc0000602
    Fault offset: 0x000000000022885f
    Faulting process id: 0x3b8
    Faulting application start time: 0xsvchost.exe0
    Faulting application path: svchost.exe1
    Faulting module path: svchost.exe2
    Report Id: svchost.exe3
    Faulting package full name: svchost.exe4
    Faulting package-relative application ID: svchost.exe5

    Error: (04/29/2016 11:49:07 AM) (Source: ESENT) (EventID: 908) (User: )
    Description: svchost (952) Terminating process due to non-recoverable failure: PV: 10.0.10586.0 SV: 10.0.10586.0 GLE: 0 ERR: -1054(tm.cxx:1630): dllentry.cxx(103) (ESENT[10.0.10586.0] RETAIL RTM MBCS)

    Error: (04/27/2016 02:26:35 PM) (Source: Perflib) (EventID: 1008) (User: )
    Description: BITSC:\Windows\System32\bitsperf.dll8

    Error: (04/20/2016 09:04:42 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: SoftwareUpdate.exe, version: 5.27.4.0, time stamp: 0x5599d674
    Faulting module name: mfc90u.dll, version: 9.0.30729.6161, time stamp: 0x4dad06e1
    Exception code: 0xc0000005
    Fault offset: 0x00053544
    Faulting process id: 0xbd8
    Faulting application start time: 0xSoftwareUpdate.exe0
    Faulting application path: SoftwareUpdate.exe1
    Faulting module path: SoftwareUpdate.exe2
    Report Id: SoftwareUpdate.exe3
    Faulting package full name: SoftwareUpdate.exe4
    Faulting package-relative application ID: SoftwareUpdate.exe5

    Error: (04/20/2016 09:04:41 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: SoftwareUpdate.exe, version: 5.27.4.0, time stamp: 0x5599d674
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc00001a5
    Fault offset: 0x70747468
    Faulting process id: 0xbd8
    Faulting application start time: 0xSoftwareUpdate.exe0
    Faulting application path: SoftwareUpdate.exe1
    Faulting module path: SoftwareUpdate.exe2
    Report Id: SoftwareUpdate.exe3
    Faulting package full name: SoftwareUpdate.exe4
    Faulting package-relative application ID: SoftwareUpdate.exe5

    Error: (04/20/2016 09:04:40 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: SoftwareUpdate.exe, version: 5.27.4.0, time stamp: 0x5599d674
    Faulting module name: mfc90u.dll, version: 9.0.30729.6161, time stamp: 0x4dad06e1
    Exception code: 0xc0000409
    Fault offset: 0x00053544
    Faulting process id: 0xbd8
    Faulting application start time: 0xSoftwareUpdate.exe0
    Faulting application path: SoftwareUpdate.exe1
    Faulting module path: SoftwareUpdate.exe2
    Report Id: SoftwareUpdate.exe3
    Faulting package full name: SoftwareUpdate.exe4
    Faulting package-relative application ID: SoftwareUpdate.exe5

    Error: (04/20/2016 06:20:57 AM) (Source: Perflib) (EventID: 1008) (User: )
    Description: BITSC:\Windows\System32\bitsperf.dll8

    Error: (04/19/2016 08:22:45 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program Integrator.exe version 5.32.0.52 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

    Process ID: 1384

    Start Time: 01d19a4f0b35dd3c

    Termination Time: 20

    Application Path: C:\Program Files (x86)\Glary Utilities 5\Integrator.exe

    Report Id: 80464447-0642-11e6-bfff-e0db55d256a6

    Faulting package full name:

    Faulting package-relative application ID:


    System errors:
    =============
    Error: (05/04/2016 09:41:37 AM) (Source: DCOM) (EventID: 10010) (User: BERT2)
    Description: {DABF28BE-F6B4-4E40-8F40-C4FB26F3116C}

    Error: (05/04/2016 05:05:07 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
    Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}

    Error: (05/03/2016 04:46:06 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The User Data Access_1f4ea28 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (05/03/2016 04:46:06 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The User Data Storage_1f4ea28 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (05/03/2016 04:46:06 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Contact Data_1f4ea28 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (05/03/2016 04:46:06 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Sync Host_1f4ea28 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (05/03/2016 04:46:06 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

    Error: (05/03/2016 04:36:29 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
    Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}

    Error: (05/03/2016 01:56:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The User Data Access_494ac service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (05/03/2016 01:56:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The User Data Storage_494ac service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.


    CodeIntegrity:
    ===================================
    Date: 2016-05-04 06:58:00.259
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-04-29 12:52:38.421
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-04-15 04:26:28.146
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-04-14 14:16:21.589
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-04-13 22:05:09.739
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-04-07 15:17:51.649
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-04-04 10:00:27.310
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-04-04 10:00:27.300
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-04-04 10:00:25.993
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-04-04 10:00:25.983
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7-3632QM CPU @ 2.20GHz
    Percentage of memory in use: 37%
    Total physical RAM: 8061.27 MB
    Available physical RAM: 5022.09 MB
    Total Virtual: 9341.27 MB
    Available Virtual: 6256.55 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:917.67 GB) (Free:648.45 GB) NTFS
    Drive f: (My Passport) (Fixed) (Total:931.48 GB) (Free:732 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: 1F9D71C0)

    Partition: GPT.

    ========================================================
    Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 8534C8F5)
    Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================
     
  17. rbruculere

    rbruculere TS Rookie Topic Starter Posts: 22

    Thank You, done.
     
  18. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  19. rbruculere

    rbruculere TS Rookie Topic Starter Posts: 22

    Fix result of Farbar Recovery Scan Tool (x64) Version:06-05-2016 01
    Ran by roberta (2016-05-05 08:52:37) Run:1
    Running from C:\Users\roberta\Desktop
    Loaded Profiles: roberta & (Available Profiles: roberta & Administrator)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    HKLM-x32\...\Run: [] => [X]
    Winlogon\Notify\igfxcui: igfxdev.dll [X]
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-217919241-653189731-3087365520-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
    Toolbar: HKU\S-1-5-21-217919241-653189731-3087365520-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
    Toolbar: HKU\S-1-5-21-217919241-653189731-3087365520-1001 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - No File
    FF Plugin-x32: @mcafee.com/MVT -> C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll [No File]
    FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt => not found
    S3 InnovativeSolutions_monitor; C:\Program Files (x86)\Common Files\Innovative Solutions\Advanced Uninstaller\InnovativeSolutions_monitor_Svr.exe [X]
    S3 DIRECTIO; \??\C:\Program Files\PerformanceTest\DirectIo64.sys [X]
    2015-08-09 05:47 - 2015-08-09 05:47 - 0000020 ___SH () C:\Users\roberta\AppData\Roaming\Sys11965 DataCollection.dat
    2015-08-09 05:47 - 2015-08-09 05:47 - 0000020 ___SH () C:\Users\roberta\AppData\Roaming\System413_DataDB.ind
    2013-06-02 14:22 - 2015-08-17 05:48 - 0005120 _____ () C:\Users\roberta\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2015-10-30 11:10 - 2015-10-30 11:10 - 0001513 _____ () C:\Users\roberta\AppData\Local\recently-used.xbel
    2013-01-28 11:05 - 2015-12-18 14:54 - 0007650 _____ () C:\Users\roberta\AppData\Local\Resmon.ResmonCfg
    2013-03-23 14:27 - 2013-03-23 14:27 - 0000057 _____ () C:\ProgramData\Ament.ini
    2013-01-24 08:31 - 2013-03-24 21:41 - 0006899 _____ () C:\ProgramData\hpzinstall.log
    2012-11-26 09:40 - 2012-11-26 09:40 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
    2012-11-26 09:37 - 2012-11-26 09:37 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
    2012-11-26 09:38 - 2012-11-26 09:38 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
    2012-11-26 09:36 - 2012-11-26 09:37 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
    2012-11-26 09:39 - 2012-11-26 09:40 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log
    C:\Users\roberta\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\roberta\AppData\Local\Temp\jre-8u66-windows-au.exe
    C:\Users\roberta\AppData\Local\Temp\jre-8u71-windows-au.exe
    C:\Users\roberta\AppData\Local\Temp\libeay32.dll
    C:\Users\roberta\AppData\Local\Temp\msvcr120.dll
    C:\Users\roberta\AppData\Local\Temp\sqlite3.dll
    Task: {03D296EC-E82E-4D25-B2C2-A611B4E86334} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {06C0ECE9-BE29-4417-B073-84255F24326B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {1310FFB1-C6F7-4186-8018-9B16EB4D0F3A} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {1A7AC3DC-5ED5-4959-910D-EE29755B683A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {23BAE091-EC01-4B71-BB84-92AD122E9B40} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {2F08FECA-7BF2-4A77-8A62-8A3E11241D33} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {36C8DC15-AE12-4AAE-9F9C-C2A17856E412} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {7870CA20-CC11-47ED-97AD-2DBEE134D936} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {7E82575A-0176-4182-8743-B0938AE62C44} - \PCDEventLauncherTask -> No File <==== ATTENTION
    Task: {812A12B0-5040-46D0-B8B0-DCF415560EFB} - \PCDoctorBackgroundMonitorTask -> No File <==== ATTENTION
    Task: {9624B71E-990B-4358-8D75-2521F4260743} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {A04C46B0-A88E-4CA4-B502-34F22C7BD325} - \PCDEventLauncher -> No File <==== ATTENTION
    Task: {AA5C4C28-7B48-4CB7-B1F7-7DC851F4FBE1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {CA68E378-4DEF-40EF-81BB-0D206B4BC705} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {D8D38B53-2F89-4283-BE51-5197D4ABA789} - \SystemToolsDailyTest -> No File <==== ATTENTION
    AlternateDataStreams: C:\WINDOWS\system32\certsentry.exe_20160503205106:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\coin94.dll:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\dfp.exe:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\DfpCommon.dll:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\SET380D.tmp:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\SET3C2D.tmp:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\SET3D2C.tmp:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\UtcResources.dll:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\wu.upgrade.ps.dll:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\SysWOW64\AdvUninstCPL.cpl:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\IntcDAud.sys:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\point64.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Desktop\10 - The Rubberband Man.mp3:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Desktop\10 - The Rubberband Man.mp3:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Desktop\CrowdInspect.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Desktop\CrowdInspect.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Desktop\Me from camera 10 2015.jpg:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Desktop\Roberta.jpg:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\01-Jul-2015_to_01-Aug-2015.csv:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\01-Jul-2015_to_01-Aug-2015.csv:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\1.MFL37933576_E.pdf:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\1.MFL37933576_E.pdf:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\10 - The Rubberband Man(1).mp3:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\10 - The Rubberband Man(1).mp3:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\20150626_atc_new_research_finds_lonely_people_have_superior_social_skills.mp3:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\20150626_atc_new_research_finds_lonely_people_have_superior_social_skills.mp3:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\adksetup.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\adksetup.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\Antivirus_Free_Edition.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\Antivirus_Free_Edition.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\averywizard_5_0_0_3026_5_en-eu.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\averywizard_5_0_0_3026_5_en-eu.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\ConnectUtility.exe:$CmdTcID [130]
    AlternateDataStreams: C:\Users\roberta\Downloads\ConnectUtility.exe:$CmdZnID [29]
    AlternateDataStreams: C:\Users\roberta\Downloads\CoxBackup-5.1.30.18.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\CoxBackup-5.1.30.18.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\CrowdInspect.zip:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\CrowdInspect.zip:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\DBFPlus.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\DBFPlus.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\Decrap_Setup.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\delinf_10230.EXE:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\delinf_10230.EXE:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\DellCertFix.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\DellCertFix.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\Destination Service Request [599905-D1-V1] [BYARS, ROCHELLE] [Service Date_ 9_8_2015] Scott's Packing & Crating - Third Party.pdf:$CmdTcID [130]
    AlternateDataStreams: C:\Users\roberta\Downloads\Destination Service Request [599905-D1-V1] [BYARS, ROCHELLE] [Service Date_ 9_8_2015] Scott's Packing & Crating - Third Party.pdf:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\Drag and Drop Backup-2.1.33-prod.msi:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\Drag and Drop Backup-2.1.33-prod.msi:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\DropboxInstaller(1).exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\DropboxInstaller(1).exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\FastDuplicateFileFinder.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\FastDuplicateFileFinder.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\Firefox Setup Stub 39.0.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\Firefox Setup Stub 39.0.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\FSViewerSetup53.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\FSViewerSetup53.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\Glary_Utilities_v5.30.0.50 (1).exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\Glary_Utilities_v5.30.0.50 (1).exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\Glary_Utilities_v5.30.0.50.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\Glary_Utilities_v5.30.0.50.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\Glary_Utilities_v5.32.0.52.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\Glary_Utilities_v5.32.0.52.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\gu5setup.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\gu5setup.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\HPPSdr.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\HPPSdr.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\HPSupportSolutionsFramework-11.51.0049.msi:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\HPSupportSolutionsFramework-11.51.0049.msi:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\install_flash_player_ics.apk:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\install_flash_player_ics.apk:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\Intel Driver Update Utility Installer.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\Intel Driver Update Utility Installer.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\JavaSetup8u60.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\JavaSetup8u60.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\jre-8u51-windows-i586-iftw.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\jre-8u51-windows-i586-iftw.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\jre-8u51-windows-x64.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\jre-8u51-windows-x64.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\jre-8u60-windows-i586-iftw.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\jre-8u60-windows-i586-iftw.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\jre-8u60-windows-x64.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\jre-8u60-windows-x64.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\jv16pt_setup.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\jxpiinstall(1).exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\jxpiinstall(1).exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\mbam-setup-2.1.4.1018.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\mbam-setup-2.1.4.1018.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\mbam-setup-2.2.0.1024.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\mbam-setup-2.2.0.1024.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\mbar-1.09.3.1001.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\mbar-1.09.3.1001.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\MFC-7460DN-inst-B1-usa.EXE:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\MFC-7460DN-inst-B1-usa.EXE:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\MFC-7460DN-inst-C1-USA.EXE:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\MFC-7460DN-inst-C1-USA.EXE:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\Mozilla_Thunderbird_v38.0.1.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\Mozilla_Thunderbird_v38.0.1.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\msert.exe:$CmdTcID [130]
    AlternateDataStreams: C:\Users\roberta\Downloads\msert.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\nettool_12110.EXE:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\nettool_12110.EXE:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\paint.net.4.0.5.install.zip:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\paint.net.4.0.5.install.zip:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\PhotoScape_V3.6.2.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\PhotoScape_V3.6.2.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\PO-JEK-901172(1).pdf:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\PO-JEK-901172(1).pdf:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\PO-JEK-901172.pdf:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\PO-JEK-901172.pdf:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\qssetup.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\qssetup.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\Sales_and_Use_Tax_Return_10-09-14.xls:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\Sales_and_Use_Tax_Return_10-09-14.xls:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\SAMSUNG_USB_Driver_for_Mobile_Phones_v1.5.45.0.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\SAMSUNG_USB_Driver_for_Mobile_Phones_v1.5.45.0.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\SetPoint6.67.83_smart.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\SetPoint6.67.83_smart.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\signature-0.4.0.4.200610221528-fx+tb.xpi:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\signature-0.4.0.4.200610221528-fx+tb.xpi:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\SmartView2.msi:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\SmartView2.msi:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\win64_153338.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\win64_153338.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\WO-JEK-901172.pdf:$CmdTcID [130]
    AlternateDataStreams: C:\Users\roberta\Downloads\WO-JEK-901172.pdf:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\X414d5120514552504d5130312020202054fc75212a0ef380.pdf:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\X414d5120514552504d5130312020202054fc75212a0ef380.pdf:$CmdZnID [26]
    AlternateDataStreams: C:\Users\roberta\Downloads\Y10E_C1-gdi-32-D2.EXE:$CmdTcID [64]
    AlternateDataStreams: C:\Users\roberta\Downloads\Y10E_C1-gdi-32-D2.EXE:$CmdZnID [26]

    *****************

    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui" => key removed successfully
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully
    HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
    "HKLM\SOFTWARE\Policies\Google" => key removed successfully
    "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
    "HKU\S-1-5-21-217919241-653189731-3087365520-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value removed successfully
    HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => key not found.
    HKU\S-1-5-21-217919241-653189731-3087365520-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value removed successfully
    HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => key not found.
    HKU\S-1-5-21-217919241-653189731-3087365520-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{724D43A0-0D85-11D4-9908-00400523E39A} => value removed successfully
    "HKCR\CLSID\{724D43A0-0D85-11D4-9908-00400523E39A}" => key removed successfully
    "HKLM\Software\Wow6432Node\MozillaPlugins\@mcafee.com/MVT" => key removed successfully
    HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF} => value removed successfully
    InnovativeSolutions_monitor => service removed successfully
    DIRECTIO => service removed successfully
    C:\Users\roberta\AppData\Roaming\Sys11965 DataCollection.dat => moved successfully
    C:\Users\roberta\AppData\Roaming\System413_DataDB.ind => moved successfully
    C:\Users\roberta\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
    C:\Users\roberta\AppData\Local\recently-used.xbel => moved successfully
    C:\Users\roberta\AppData\Local\Resmon.ResmonCfg => moved successfully
    C:\ProgramData\Ament.ini => moved successfully
    C:\ProgramData\hpzinstall.log => moved successfully
    C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log => moved successfully
    C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log => moved successfully
    C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log => moved successfully
    C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log => moved successfully
    C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log => moved successfully
    C:\Users\roberta\AppData\Local\Temp\dllnt_dump.dll => moved successfully
    C:\Users\roberta\AppData\Local\Temp\jre-8u66-windows-au.exe => moved successfully
    C:\Users\roberta\AppData\Local\Temp\jre-8u71-windows-au.exe => moved successfully
    C:\Users\roberta\AppData\Local\Temp\libeay32.dll => moved successfully
    C:\Users\roberta\AppData\Local\Temp\msvcr120.dll => moved successfully
    C:\Users\roberta\AppData\Local\Temp\sqlite3.dll => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{03D296EC-E82E-4D25-B2C2-A611B4E86334}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{03D296EC-E82E-4D25-B2C2-A611B4E86334}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{06C0ECE9-BE29-4417-B073-84255F24326B}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{06C0ECE9-BE29-4417-B073-84255F24326B}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1310FFB1-C6F7-4186-8018-9B16EB4D0F3A}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1310FFB1-C6F7-4186-8018-9B16EB4D0F3A}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1A7AC3DC-5ED5-4959-910D-EE29755B683A}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1A7AC3DC-5ED5-4959-910D-EE29755B683A}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{23BAE091-EC01-4B71-BB84-92AD122E9B40}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{23BAE091-EC01-4B71-BB84-92AD122E9B40}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F08FECA-7BF2-4A77-8A62-8A3E11241D33}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F08FECA-7BF2-4A77-8A62-8A3E11241D33}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{36C8DC15-AE12-4AAE-9F9C-C2A17856E412}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{36C8DC15-AE12-4AAE-9F9C-C2A17856E412}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7870CA20-CC11-47ED-97AD-2DBEE134D936}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7870CA20-CC11-47ED-97AD-2DBEE134D936}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7E82575A-0176-4182-8743-B0938AE62C44}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7E82575A-0176-4182-8743-B0938AE62C44}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCDEventLauncherTask" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{812A12B0-5040-46D0-B8B0-DCF415560EFB}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{812A12B0-5040-46D0-B8B0-DCF415560EFB}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCDoctorBackgroundMonitorTask" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9624B71E-990B-4358-8D75-2521F4260743}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9624B71E-990B-4358-8D75-2521F4260743}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A04C46B0-A88E-4CA4-B502-34F22C7BD325}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A04C46B0-A88E-4CA4-B502-34F22C7BD325}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCDEventLauncher" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AA5C4C28-7B48-4CB7-B1F7-7DC851F4FBE1}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AA5C4C28-7B48-4CB7-B1F7-7DC851F4FBE1}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CA68E378-4DEF-40EF-81BB-0D206B4BC705}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CA68E378-4DEF-40EF-81BB-0D206B4BC705}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D8D38B53-2F89-4283-BE51-5197D4ABA789}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D8D38B53-2F89-4283-BE51-5197D4ABA789}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SystemToolsDailyTest" => key removed successfully
    C:\WINDOWS\system32\certsentry.exe_20160503205106 => ":$CmdTcID" ADS removed successfully.
    C:\WINDOWS\system32\coin94.dll => ":$CmdTcID" ADS removed successfully.
    C:\WINDOWS\system32\dfp.exe => ":$CmdTcID" ADS removed successfully.
    C:\WINDOWS\system32\DfpCommon.dll => ":$CmdTcID" ADS removed successfully.
    C:\WINDOWS\system32\SET380D.tmp => ":$CmdTcID" ADS removed successfully.
    C:\WINDOWS\system32\SET3C2D.tmp => ":$CmdTcID" ADS removed successfully.
    C:\WINDOWS\system32\SET3D2C.tmp => ":$CmdTcID" ADS removed successfully.
    C:\WINDOWS\system32\UtcResources.dll => ":$CmdTcID" ADS removed successfully.
    C:\WINDOWS\system32\wu.upgrade.ps.dll => ":$CmdTcID" ADS removed successfully.
    C:\WINDOWS\SysWOW64\AdvUninstCPL.cpl => ":$CmdTcID" ADS removed successfully.
    C:\WINDOWS\system32\Drivers\IntcDAud.sys => ":$CmdTcID" ADS removed successfully.
    C:\WINDOWS\system32\Drivers\point64.sys => ":$CmdTcID" ADS removed successfully.
    C:\Users\roberta\Desktop\10 - The Rubberband Man.mp3 => ":$CmdTcID" ADS removed successfully.
    C:\Users\roberta\Desktop\10 - The Rubberband Man.mp3 => ":$CmdZnID" ADS removed successfully.
    C:\Users\roberta\Desktop\CrowdInspect.exe => ":$CmdTcID" ADS removed successfully.
    C:\Users\roberta\Desktop\CrowdInspect.exe => ":$CmdZnID" ADS removed successfully.
    C:\Users\roberta\Desktop\Me from camera 10 2015.jpg => ":$CmdZnID" ADS removed successfully.
    C:\Users\roberta\Desktop\Roberta.jpg => ":$CmdZnID" ADS removed successfully.
    C:\Users\roberta\Downloads\01-Jul-2015_to_01-Aug-2015.csv => ":$CmdTcID" ADS removed successfully.
    C:\Users\roberta\Downloads\01-Jul-2015_to_01-Aug-2015.csv => ":$CmdZnID" ADS removed successfully.
    C:\Users\roberta\Downloads\1.MFL37933576_E.pdf => ":$CmdTcID" ADS removed successfully.
    C:\Users\roberta\Downloads\1.MFL37933576_E.pdf => ":$CmdZnID" ADS removed successfully.
    C:\Users\roberta\Downloads\10 - The Rubberband Man(1).mp3 => ":$CmdTcID" ADS removed successfully.
    C:\Users\roberta\Downloads\10 - The Rubberband Man(1).mp3 => ":$CmdZnID" ADS removed successfully.
    C:\Users\roberta\Downloads\20150626_atc_new_research_finds_lonely_people_have_superior_social_skills.mp3 => ":$CmdTcID" ADS removed successfully.
    C:\Users\roberta\Downloads\20150626_atc_new_research_finds_lonely_people_have_superior_social_skills.mp3 => ":$CmdZnID" ADS removed successfully.
    C:\Users\roberta\Downloads\adksetup.exe => ":$CmdTcID" ADS removed successfully.
    C:\Users\roberta\Downloads\adksetup.exe => ":$CmdZnID" ADS removed successfully.
    C:\Users\roberta\Downloads\Antivirus_Free_Edition.exe => ":$CmdTcID" ADS removed successfully.
    C:\Users\roberta\Downloads\Antivirus_Free_Edition.exe => ":$CmdZnID" ADS removed successfully.
    C:\Users\roberta\Downloads\averywizard_5_0_0_3026_5_en-eu.exe => ":$CmdTcID" ADS removed successfully.
    C:\Users\roberta\Downloads\averywizard_5_0_0_3026_5_en-eu.exe => ":$CmdZnID" ADS removed successfully.
    C:\Users\roberta\Downloads\ConnectUtility.exe => ":$CmdTcID" ADS removed successfully.
    C:\Users\roberta\Downloads\ConnectUtility.exe => ":$CmdZnID" ADS removed successfully.
    C:\Users\roberta\Downloads\CoxBackup-5.1.30.18.exe => ":$CmdTcID" ADS removed successfully.
    C:\Users\roberta\Downloads\CoxBackup-5.1.30.18.exe => ":$CmdZnID" ADS removed successfully.
    C:\Users\roberta\Downloads\CrowdInspect.zip => ":$CmdTcID" ADS removed successfully.
    C:\Users\roberta\Downloads\CrowdInspect.zip => ":$CmdZnID" ADS removed successfully.
    C:\Users\roberta\Downloads\DBFPlus.exe => ":$CmdTcID" ADS removed successfully.
    C:\Users\roberta\Downloads\DBFPlus.exe => ":$CmdZnID" ADS removed successfully.
    C:\Users\roberta\Downloads\Decrap_Setup.exe => ":$CmdZnID" ADS removed successfully.
    C:\Users\roberta\Downloads\delinf_10230.EXE => ":$CmdTcID" ADS removed successfully.
    C:\Users\roberta\Downloads\delinf_10230.EXE => ":$CmdZnID" ADS removed successfully.
    C:\Users\roberta\Downloads\DellCertFix.exe => ":$CmdTcID" ADS removed successfully.
    C:\Users\roberta\Downloads\DellCertFix.exe => ":$CmdZnID" ADS removed successfully.
    C:\Users\roberta\Downloads\Destination Service Request [599905-D1-V1] [BYARS, ROCHELLE] [Service Date_ 9_8_2015] Scott's Packing & Crating - Third Party.pdf => ":$CmdTcID" ADS removed successfully.
    C:\Users\roberta\Downloads\Destination Service Request [599905-D1-V1] [BYARS, ROCHELLE] [Service Date_ 9_8_2015] Scott's Packing & Crating - Third Party.pdf => ":$CmdZnID" ADS removed successfully.
    C:\Users\roberta\Downloads\Drag and Drop Backup-2.1.33-prod.msi => ":$CmdTcID" ADS removed successfully.
    C:\Users\roberta\Downloads\Drag and Drop Backup-2.1.33-prod.msi => ":$CmdZnID" ADS removed successfully.
    C:\Users\roberta\Downloads\DropboxInstaller(1).exe => ":$CmdTcID" ADS removed successfully.
    C:\Users\roberta\Downloads\DropboxInstaller(1).exe => ":$CmdZnID" ADS removed successfully.
    C:\Users\roberta\Downloads\FastDuplicateFileFinder.exe => ":$CmdTcID" ADS removed successfully.
    C:\Users\roberta\Downloads\FastDuplicateFileFinder.exe => ":$CmdZnID" ADS removed successfully.
    C:\Users\roberta\Downloads\Firefox Setup Stub 39.0.exe => ":$CmdTcID" ADS removed successfully.
    C:\Users\roberta\Downloads\Firefox Setup Stub 39.0.exe => ":$CmdZnID" ADS removed successfully.
    C:\Users\roberta\Downloads\FSViewerSetup53.exe => ":$CmdTcID" ADS removed successfully.
    C:\Users\roberta\Downloads\FSViewerSetup53.exe => ":$CmdZnID" ADS removed successfully.
    C:\Users\roberta\Downloads\Glary_Utilities_v5.30.0.50 (1).exe => ":$CmdTcID" ADS removed successfully.
    C:\Users\roberta\Downloads\Glary_Utilities_v5.30.0.50 (1).exe => ":$CmdZnID" ADS removed successfully.
    C:\Users\roberta\Downloads\Glary_Utilities_v5.30.0.50.exe => ":$CmdTcID" ADS removed successfully.
    C:\Users\roberta\Downloads\Glary_Utilities_v5.30.0.50.exe => ":$CmdZnID" ADS removed successfully.
    C:\Users\roberta\Downloads\Glary_Utilities_v5.32.0.52.exe => ":$CmdTcID" ADS removed successfully.
    C:\Users\roberta\Downloads\Glary_Utilities_v5.32.0.52.exe => ":$CmdZnID" ADS removed successfully.
    C:\Users\roberta\Downloads\gu5setup.exe => ":$CmdTcID" ADS removed successfully.
    C:\Users\roberta\Downloads\gu5setup.exe => ":$CmdZnID" ADS removed successfully.
    C:\Users\roberta\Downloads\HPPSdr.exe => ":$CmdTcID" ADS removed successfully.
    C:\Users\roberta\Downloads\HPPSdr.exe => ":$CmdZnID" ADS removed successfully.
    C:\Users\roberta\Downloads\HPSupportSolutionsFramework-11.51.0049.msi => ":$CmdTcID" ADS removed successfully.
    C:\Users\roberta\Downloads\HPSupportSolutionsFramework-11.51.0049.msi => ":$CmdZnID" ADS removed successfully.
    C:\Users\roberta\Downloads\install_flash_player_ics.apk => ":$CmdTcID" ADS removed successfully.
    C:\Users\roberta\Downloads\install_flash_player_ics.apk => ":$CmdZnID" ADS removed successfully.
    C:\Users\roberta\Downloads\Intel Driver Update Utility Installer.exe => ":$CmdTcID" ADS removed successfully.
    C:\Users\roberta\Downloads\Intel Driver Update Utility Installer.exe => ":$CmdZnID" ADS removed successfully.
    C:\Users\roberta\Downloads\JavaSetup8u60.exe => ":$CmdTcID" ADS removed successfully.
    C:\Users\roberta\Downloads\JavaSetup8u60.exe => ":$CmdZnID" ADS removed successfully.
    C:\Users\roberta\Downloads\jre-8u51-windows-i586-iftw.exe => ":$CmdTcID" ADS removed successfully.
    C:\Users\roberta\Downloads\jre-8u51-windows-i586-iftw.exe => ":$CmdZnID" ADS removed successfully.
    C:\Users\roberta\Downloads\jre-8u51-windows-x64.exe => ":$CmdTcID" ADS removed successfully.
    C:\Users\roberta\Downloads\jre-8u51-windows-x64.exe => ":$CmdZnID" ADS removed successfully.
    C:\Users\roberta\Downloads\jre-8u60-windows-i586-iftw.exe => ":$CmdTcID" ADS removed successfully.
    C:\Users\roberta\Downloads\jre-8u60-windows-i586-iftw.exe => ":$CmdZnID" ADS removed successfully.
    C:\Users\roberta\Downloads\jre-8u60-windows-x64.exe => ":$CmdTcID" ADS removed successfully.
    C:\Users\roberta\Downloads\jre-8u60-windows-x64.exe => ":$CmdZnID" ADS removed successfully.
    C:\Users\roberta\Downloads\jv16pt_setup.exe => ":$CmdZnID" ADS removed successfully.
    C:\Users\roberta\Downloads\jxpiinstall(1).exe => ":$CmdTcID" ADS removed successfully.
    C:\Users\roberta\Downloads\jxpiinstall(1).exe => ":$CmdZnID" ADS removed successfully.
    C:\Users\roberta\Downloads\mbam-setup-2.1.4.1018.exe => ":$CmdTcID" ADS removed successfully.
    C:\Users\roberta\Downloads\mbam-setup-2.1.4.1018.exe => ":$CmdZnID" ADS removed successfully.
    C:\Users\roberta\Downloads\mbam-setup-2.2.0.1024.exe => ":$CmdTcID" ADS removed successfully.
    C:\Users\roberta\Downloads\mbam-setup-2.2.0.1024.exe => ":$CmdZnID" ADS removed successfully.
    C:\Users\roberta\Downloads\mbar-1.09.3.1001.exe => ":$CmdTcID" ADS removed successfully.
    C:\Users\roberta\Downloads\mbar-1.09.3.1001.exe => ":$CmdZnID" ADS removed successfully.
    C:\Users\roberta\Downloads\MFC-7460DN-inst-B1-usa.EXE => ":$CmdTcID" ADS removed successfully.
    C:\Users\roberta\Downloads\MFC-7460DN-inst-B1-usa.EXE => ":$CmdZnID" ADS removed successfully.
    C:\Users\roberta\Downloads\MFC-7460DN-inst-C1-USA.EXE => ":$CmdTcID" ADS removed successfully.
    C:\Users\roberta\Downloads\MFC-7460DN-inst-C1-USA.EXE => ":$CmdZnID" ADS removed successfully.
    C:\Users\roberta\Downloads\Mozilla_Thunderbird_v38.0.1.exe => ":$CmdTcID" ADS removed successfully.
    C:\Users\roberta\Downloads\Mozilla_Thunderbird_v38.0.1.exe => ":$CmdZnID" ADS removed successfully.
    C:\Users\roberta\Downloads\msert.exe => ":$CmdTcID" ADS removed successfully.
    C:\Users\roberta\Downloads\msert.exe => ":$CmdZnID" ADS removed successfully.
    C:\Users\roberta\Downloads\nettool_12110.EXE => ":$CmdTcID" ADS removed successfully.
    C:\Users\roberta\Downloads\nettool_12110.EXE => ":$CmdZnID" ADS removed successfully.
    C:\Users\roberta\Downloads\paint.net.4.0.5.install.zip => ":$CmdTcID" ADS removed successfully.
    C:\Users\roberta\Downloads\paint.net.4.0.5.install.zip => ":$CmdZnID" ADS removed successfully.
    C:\Users\roberta\Downloads\PhotoScape_V3.6.2.exe => ":$CmdTcID" ADS removed successfully.
    C:\Users\roberta\Downloads\PhotoScape_V3.6.2.exe => ":$CmdZnID" ADS removed successfully.
    C:\Users\roberta\Downloads\PO-JEK-901172(1).pdf => ":$CmdTcID" ADS removed successfully.
    C:\Users\roberta\Downloads\PO-JEK-901172(1).pdf => ":$CmdZnID" ADS removed successfully.
    C:\Users\roberta\Downloads\PO-JEK-901172.pdf => ":$CmdTcID" ADS removed successfully.
    C:\Users\roberta\Downloads\PO-JEK-901172.pdf => ":$CmdZnID" ADS removed successfully.
    C:\Users\roberta\Downloads\qssetup.exe => ":$CmdTcID" ADS removed successfully.
    C:\Users\roberta\Downloads\qssetup.exe => ":$CmdZnID" ADS removed successfully.
    C:\Users\roberta\Downloads\Sales_and_Use_Tax_Return_10-09-14.xls => ":$CmdTcID" ADS removed successfully.
    C:\Users\roberta\Downloads\Sales_and_Use_Tax_Return_10-09-14.xls => ":$CmdZnID" ADS removed successfully.
    C:\Users\roberta\Downloads\SAMSUNG_USB_Driver_for_Mobile_Phones_v1.5.45.0.exe => ":$CmdTcID" ADS removed successfully.
    C:\Users\roberta\Downloads\SAMSUNG_USB_Driver_for_Mobile_Phones_v1.5.45.0.exe => ":$CmdZnID" ADS removed successfully.
    C:\Users\roberta\Downloads\SetPoint6.67.83_smart.exe => ":$CmdTcID" ADS removed successfully.
    C:\Users\roberta\Downloads\SetPoint6.67.83_smart.exe => ":$CmdZnID" ADS removed successfully.
    C:\Users\roberta\Downloads\signature-0.4.0.4.200610221528-fx+tb.xpi => ":$CmdTcID" ADS removed successfully.
    C:\Users\roberta\Downloads\signature-0.4.0.4.200610221528-fx+tb.xpi => ":$CmdZnID" ADS removed successfully.
    C:\Users\roberta\Downloads\SmartView2.msi => ":$CmdTcID" ADS removed successfully.
    C:\Users\roberta\Downloads\SmartView2.msi => ":$CmdZnID" ADS removed successfully.
    C:\Users\roberta\Downloads\win64_153338.exe => ":$CmdTcID" ADS removed successfully.
    C:\Users\roberta\Downloads\win64_153338.exe => ":$CmdZnID" ADS removed successfully.
    C:\Users\roberta\Downloads\WO-JEK-901172.pdf => ":$CmdTcID" ADS removed successfully.
    C:\Users\roberta\Downloads\WO-JEK-901172.pdf => ":$CmdZnID" ADS removed successfully.
    C:\Users\roberta\Downloads\X414d5120514552504d5130312020202054fc75212a0ef380.pdf => ":$CmdTcID" ADS removed successfully.
    C:\Users\roberta\Downloads\X414d5120514552504d5130312020202054fc75212a0ef380.pdf => ":$CmdZnID" ADS removed successfully.
    C:\Users\roberta\Downloads\Y10E_C1-gdi-32-D2.EXE => ":$CmdTcID" ADS removed successfully.
    C:\Users\roberta\Downloads\Y10E_C1-gdi-32-D2.EXE => ":$CmdZnID" ADS removed successfully.

    ==== End of Fixlog 08:52:39 ====
     
  20. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services

    Press "Scan".
    It will create a log (FSS.txt) in the same directory the tool is run.
    Please copy and paste the log to your reply.


    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    [​IMG] Download Sophos Free Virus Removal Tool and save it to your desktop.
    • Double click the icon and select Run
    • Click Next
    • Select I accept the terms in this license agreement, then click Next twice
    • Click Install
    • Click Finish to launch the program
    • Once the virus database has been updated click Start Scanning
    • If any threats are found click Details, then View log file... (bottom left hand corner)
    • Copy and paste the results in your reply
    • Close the Notepad document, close the Threat Details screen, then click Start cleanup
    • Click Exit to close the program
     
  21. rbruculere

    rbruculere TS Rookie Topic Starter Posts: 22

    Results of screen317's Security Check version 1.014 --- 12/23/15
    x64 (UAC is enabled)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Windows Defender
    WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
    Java 8 Update 91
    Java version 32-bit out of Date!
    Adobe Flash Player 21.0.0.213
    Mozilla Firefox (46.0.1)
    Mozilla Thunderbird (45.0.)
    ````````Process Check: objlist.exe by Laurent````````
    Windows Defender MSMpEng.exe
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbamscheduler.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: %
    ````````````````````End of Log``````````````````````
     
  22. rbruculere

    rbruculere TS Rookie Topic Starter Posts: 22

    Farbar Service Scanner Version: 27-01-2016
    Ran by roberta (administrator) on 06-05-2016 at 10:19:14
    Running from "C:\Users\roberta\Desktop"
    Microsoft Windows 10 Home (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Policy:
    ========================


    Security Center:
    ============


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============

    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => File is digitally signed
    C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
    C:\Windows\System32\drivers\afd.sys => File is digitally signed
    C:\Windows\System32\drivers\tdx.sys => File is digitally signed
    C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
    C:\Windows\System32\dnsrslvr.dll => File is digitally signed
    C:\Windows\System32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\System32\mpssvc.dll => File is digitally signed
    C:\Windows\System32\bfe.dll => File is digitally signed
    C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
    C:\Windows\System32\SDRSVC.dll => File is digitally signed
    C:\Windows\System32\vssvc.exe => File is digitally signed
    C:\Windows\System32\wscsvc.dll => File is digitally signed
    C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
    C:\Windows\System32\wuaueng.dll => File is digitally signed
    C:\Windows\System32\qmgr.dll => File is digitally signed
    C:\Windows\System32\es.dll => File is digitally signed
    C:\Windows\System32\cryptsvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
    C:\Windows\System32\ipnathlp.dll => File is digitally signed
    C:\Windows\System32\iphlpsvc.dll => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed


    **** End of log ****
     
  23. rbruculere

    rbruculere TS Rookie Topic Starter Posts: 22

    0 threats found. I assume I am clean? In your opinion, were there any issues?
     
  24. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Your computer is clean [​IMG]

    1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
    This is a very crucial step so make sure you don't skip it.
    Download [​IMG]DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

    Double-click Delfix.exe to start the tool.
    Make sure the following items are checked:
    • Activate UAC (optional; some users prefer to keep it off)
    • Remove disinfection tools
    • Create registry backup
    • Purge System Restore
    • Reset system settings
    Now click "Run" and wait patiently.
    Once finished a logfile will be created. You don't have to attach it to your next reply.

    2. Make sure Windows Updates are current.

    3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    4. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    11. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
    About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

    12. Please, let me know, how your computer is doing.
     
  25. rbruculere

    rbruculere TS Rookie Topic Starter Posts: 22

    Thank you very much, I'll check in once in a while.
    BTW, do you think Windows Defender is good enough protection?
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...