Inactive My wife's Surface will not update

[glhglh]

Frst 1:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-10-2015
Ran by garyh (administrator) on DESKTOP-LTKBGIB (20-01-2017 18:53:44)
Running from C:\Users\garyh\Desktop\Virus
Loaded Profiles: garyh (Available Profiles: Betty Hedrick & garyh)
Platform: Windows 10 Pro (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\syswow64\IntelCpHeciSvc.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [BoxSync] => C:\Program Files\Box\Box Sync\BoxSync.exe [6450920 2016-09-15] (Box, Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 2015\Acrobat\Acrotray.exe [1867856 2016-12-24] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-13] (SEIKO EPSON CORPORATION)
ShellIconOverlayIdentifiers: [ BoxSyncFileLocked] -> {d22ca197-6853-3b75-ae6e-61abbfcd2b7e} => C:\Windows\system32\mscoree.dll [2015-10-29] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ BoxSyncFileLockedByOther] -> {0138a222-adbf-38ee-8e6a-dd5a0372addf} => C:\Windows\system32\mscoree.dll [2015-10-29] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ BoxSyncNotSynced] -> {c5e7bdc7-07e4-3e5c-a822-ca71eb04c6e0} => C:\Windows\system32\mscoree.dll [2015-10-29] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ BoxSyncProblem] -> {1ef98ceb-fd57-3a6f-8e77-9d1df46957fd} => C:\Windows\system32\mscoree.dll [2015-10-29] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ BoxSyncSynced] -> {453f7980-9bd1-31d8-84a4-319628be4045} => C:\Windows\system32\mscoree.dll [2015-10-29] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{b0097c3d-9509-4b57-a3fb-89c5e4285fac}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-131823359-1301760758-2005619473-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nytimes.com/
HKU\S-1-5-21-131823359-1301760758-2005619473-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://www.google.com/?gws_rd=ssl
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-12-25] (Microsoft Corporation)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2016-07-20] (Siber Systems Inc.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2015\x64\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-25] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2015\x64\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-12-25] (Microsoft Corporation)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2016-07-20] (Siber Systems Inc.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2015\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-12-25] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2015\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2016-07-20] (Siber Systems Inc.)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2015\x64\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2016-07-20] (Siber Systems Inc.)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2015\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-25] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-25] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-25] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-25] (Microsoft Corporation)
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll [2016-03-28] (Microsoft Corporation)
Handler-x32: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll [2016-03-28] (Microsoft Corporation)

FireFox:
========
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-12-25] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-25] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-17] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 2015\Acrobat\Air\nppdf32.dll [2016-12-24] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems)
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 2015\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat DC - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 2015\Acrobat\Browser\WCFirefoxExtn [2016-07-21]

Chrome:
=======
CHR Profile: C:\Users\garyh\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\garyh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-01-20]
CHR Extension: (Google Docs) - C:\Users\garyh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-20]
CHR Extension: (Google Drive) - C:\Users\garyh\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-20]
CHR Extension: (YouTube) - C:\Users\garyh\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-20]
CHR Extension: (Adobe Acrobat) - C:\Users\garyh\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-01-20]
CHR Extension: (Google Sheets) - C:\Users\garyh\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-01-20]
CHR Extension: (Google Docs Offline) - C:\Users\garyh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\garyh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-20]
CHR Extension: (Gmail) - C:\Users\garyh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-20]
CHR Extension: (Chrome Media Router) - C:\Users\garyh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-20]
CHR Extension: (RoboForm Password Manager) - C:\Users\garyh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2017-01-20]
CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2016-07-20]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2016-07-20]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2218712 2016-12-13] (Adobe Systems, Incorporated)
S3 BoxSyncUpdateService; C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [37264 2016-05-23] (Box, Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3293384 2016-12-25] (Microsoft Corporation)
S3 cplspcon; C:\Windows\system32\IntelCpHDCPSvc.exe [465912 2016-07-14] (Intel Corporation)
S2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [391168 2016-07-14] (Intel Corporation)
S3 MessagingService; C:\Windows\System32\MessagingService.dll [52736 2015-10-29] (Microsoft Corporation)
S3 MessagingService_36fac; C:\Windows\system32\svchost.exe [43944 2015-10-29] (Microsoft Corporation)
S3 MessagingService_36fac; C:\Windows\SysWOW64\svchost.exe [37256 2015-10-29] (Microsoft Corporation)
S2 OneSyncSvc_36fac; C:\Windows\system32\svchost.exe [43944 2015-10-29] (Microsoft Corporation)
S2 OneSyncSvc_36fac; C:\Windows\SysWOW64\svchost.exe [37256 2015-10-29] (Microsoft Corporation)
R3 PimIndexMaintenanceSvc_36fac; C:\Windows\system32\svchost.exe [43944 2015-10-29] (Microsoft Corporation)
R3 PimIndexMaintenanceSvc_36fac; C:\Windows\SysWOW64\svchost.exe [37256 2015-10-29] (Microsoft Corporation)
S2 SurfaceService; C:\Windows\system32\SurfaceService.exe [759056 2016-11-20] (Microsoft Corporation)
S3 TieringEngineService; C:\Windows\system32\TieringEngineService.exe [290304 2015-10-29] (Microsoft Corporation)
S4 tzautoupdate; C:\Windows\system32\tzautoupdate.dll [87040 2016-06-30] (Microsoft Corporation)
R3 UnistoreSvc_36fac; C:\Windows\System32\svchost.exe [43944 2015-10-29] (Microsoft Corporation)
R3 UnistoreSvc_36fac; C:\Windows\SysWOW64\svchost.exe [37256 2015-10-29] (Microsoft Corporation)
R3 UserDataSvc_36fac; C:\Windows\system32\svchost.exe [43944 2015-10-29] (Microsoft Corporation)
R3 UserDataSvc_36fac; C:\Windows\SysWOW64\svchost.exe [37256 2015-10-29] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2016-10-25] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-10-25] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

[glhglh]

Frst 2:

S3 bcmfn; C:\Windows\System32\drivers\bcmfn.sys [9728 2015-10-29] (Windows (R) Win 7 DDK provider)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [245760 2016-03-28] (Microsoft Corporation)
R3 CSI2HostControllerDriver; C:\Windows\System32\drivers\CSI2HostControllerDriver.sys [125456 2016-07-16] (Intel(R) Corporation)
R3 iacamera64; C:\Windows\system32\DRIVERS\iacamera64.sys [2133520 2016-07-16] (Intel(R) Corporation)
S3 iai2c; C:\Windows\System32\drivers\iai2c.sys [81408 2015-10-29] (Intel(R) Corporation)
S3 iaLPSS2i_I2C; C:\Windows\System32\drivers\iaLPSS2i_I2C.sys [165888 2015-10-29] (Intel Corporation)
R3 iaLPSS2_GPIO2; C:\Windows\System32\drivers\iaLPSS2_GPIO2.sys [83768 2016-01-29] (Windows (R) Win 7 DDK provider)
R3 iaLPSS2_I2C; C:\Windows\System32\drivers\iaLPSS2_I2C.sys [185144 2016-01-29] (Intel Corporation)
S3 iaLPSS2_SPI; C:\Windows\System32\drivers\iaLPSS2_SPI.sys [152376 2016-01-29] (Intel Corporation)
S3 iaLPSS2_UART2; C:\Windows\System32\drivers\iaLPSS2_UART2.sys [281400 2016-01-29] (Intel Corporation)
R3 IntcAudioBus; C:\Windows\System32\drivers\IntcAudioBus.sys [217672 2016-06-28] (Intel(R) Corporation)
R3 IntcOED; C:\Windows\System32\drivers\IntcOED.sys [648264 2016-06-28] (Intel(R) Corporation)
R3 IntTouch; C:\Windows\System32\drivers\iaPreciseTouch.sys [761352 2016-12-29] (Intel Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [185384 2016-01-29] (Intel Corporation)
R3 mrvlpcie8897; C:\Windows\System32\drivers\mrvlpcie8897.sys [1058832 2016-04-22] (Marvell Semiconductors Inc.)
R3 ov5693; C:\Windows\System32\drivers\ov5693.sys [164880 2016-07-16] (Intel(R) Corporation)
R3 ov7251; C:\Windows\System32\drivers\ov7251.sys [156176 2016-07-16] (Intel Corporation)
R3 ov8865; C:\Windows\System32\drivers\ov8865.sys [162320 2016-07-16] (Intel Corporation)
R3 SkcController; C:\Windows\System32\drivers\SkcController.sys [170496 2016-07-16] (Intel(R) Corporation)
R3 supportdriver; C:\Windows\System32\drivers\iaisp64.sys [52752 2016-07-16] (Intel(R) Corporation)
S3 Surface3TypeCoverIntegration; C:\Windows\System32\drivers\Surface3TypeCoverIntegration.sys [46104 2015-09-23] (Microsoft Corporation)
R3 SurfaceAccessoryDevice; C:\Windows\System32\drivers\SurfaceAccessoryDevice.sys [70264 2015-09-23] (Microsoft Corporation)
R3 SurfaceButton; C:\Windows\System32\drivers\SurfaceButton.sys [128144 2016-06-28] (Microsoft Corporation)
R3 SurfaceCoSAR; C:\Windows\System32\drivers\SurfaceCoSAR.sys [64656 2016-04-14] (Microsoft Corporation)
R3 SurfaceDigitizerIntegration; C:\Windows\System32\drivers\SurfaceDigitizerIntegration.sys [58504 2015-09-23] (Microsoft Corporation)
R3 SurfaceDisplayCalibration; C:\Windows\System32\drivers\SurfaceDisplayCalibration.sys [51344 2015-11-30] (Microsoft Corporation)
R3 SurfaceIntegrationDriver; C:\Windows\System32\drivers\SurfaceIntegrationDriver.sys [113944 2016-11-20] (Microsoft Corporation)
S3 SurfacePenClickFilter; C:\Windows\System32\drivers\SurfacePenClickFilter.sys [56984 2015-09-23] (Microsoft Corporation)
R3 SurfacePenDriver; C:\Windows\system32\DRIVERS\SurfacePenDriver.sys [115592 2016-07-14] (Microsoft Corporation)
S3 SurfacePenIntegration; C:\Windows\System32\drivers\SurfacePenIntegration.sys [61464 2015-09-23] (Microsoft Corporation)
R3 SurfacePro4TypeCoverIntegration; C:\Windows\System32\drivers\SurfacePro4TypeCoverIntegration.sys [59448 2015-09-23] (Microsoft Corporation)
S3 SurfaceSoftwareServicing; C:\Windows\System32\drivers\SurfaceSoftwareServicingDriver.sys [33544 2015-09-23] (Microsoft Corporation)
R3 SurfaceStorageFwUpdate; C:\Windows\System32\drivers\SurfaceStorageFwUpdate.sys [3050768 2017-01-18] (Microsoft Corporation)
R3 SurfaceSystemTelemetryDriver; C:\Windows\System32\drivers\SurfaceSystemTelemetryDriver.sys [64000 2015-09-23] (Microsoft Corporation)
R3 SurfaceTouchServicingML; C:\Windows\System32\drivers\SurfaceTouchServicingML.sys [77584 2016-06-28] (Microsoft Corporation)
S3 SurfaceTypeCover; C:\Windows\System32\drivers\SurfaceTypeCover.sys [58896 2015-09-23] (Microsoft Corporation)
S3 SurfaceTypeCoverV3Integration; C:\Windows\System32\drivers\SurfaceTypeCoverV3Integration.sys [44072 2015-09-23] (Microsoft Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [45056 2015-10-29] (Microsoft Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-29] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-29] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-29] (Microsoft Corporation)
S3 WirelessKeyboardFilter; C:\Windows\System32\drivers\WirelessKeyboardFilter.sys [49896 2016-07-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-20 18:53 - 2017-01-20 18:53 - 00000000 ____D C:\FRST
2017-01-20 18:17 - 2017-01-20 18:20 - 00000000 ____D C:\AdwCleaner
2017-01-20 18:15 - 2017-01-20 18:15 - 02915320 _____ (Google) C:\Users\garyh\Downloads\chrome_cleanup_tool.exe
2017-01-20 18:15 - 2017-01-20 18:15 - 01663040 _____ (Malwarebytes) C:\Users\garyh\Downloads\JRT (1).exe
2017-01-20 18:04 - 2017-01-20 18:53 - 00000000 ____D C:\Users\garyh\Desktop\Virus
2017-01-20 18:04 - 2017-01-20 18:04 - 00002339 _____ C:\Users\garyh\Desktop\Google Chrome.lnk
2017-01-20 17:18 - 2017-01-20 17:18 - 00000000 ____D C:\Users\garyh\AppData\Local\PeerDistRepub
2017-01-20 15:57 - 2017-01-20 15:57 - 00003290 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task v2
2017-01-20 15:56 - 2017-01-20 16:35 - 00000000 ____D C:\Users\garyh\AppData\Local\Box Sync
2017-01-20 15:56 - 2017-01-20 15:56 - 00000000 ____D C:\Users\garyh\AppData\Roaming\Skype
2017-01-20 15:56 - 2017-01-20 15:56 - 00000000 ____D C:\Users\garyh\AppData\Roaming\Epson
2017-01-18 20:01 - 2017-01-18 20:01 - 03050768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\SurfaceStorageFwUpdate.sys
2017-01-17 22:22 - 2016-12-20 23:18 - 01372312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-01-17 22:22 - 2016-12-20 21:39 - 22373376 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2017-01-17 22:22 - 2016-12-20 21:03 - 18671616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2017-01-17 22:22 - 2016-11-22 01:32 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\UserDataTimeUtil.dll
2017-01-17 22:22 - 2016-11-22 01:24 - 02938408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-01-17 22:22 - 2016-11-22 01:17 - 00106896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-01-17 22:22 - 2016-11-22 01:16 - 00064072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-01-17 22:22 - 2016-11-22 00:49 - 02195640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2017-01-17 22:22 - 2016-11-22 00:48 - 01522672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2017-01-17 22:22 - 2016-11-22 00:47 - 01337240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2017-01-17 22:22 - 2016-11-22 00:12 - 00094720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataTimeUtil.dll
2017-01-17 22:22 - 2016-11-21 23:57 - 03351040 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2017-01-17 22:22 - 2016-11-21 23:54 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppCapture.dll
2017-01-17 22:22 - 2016-11-21 23:41 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcastdvr.exe
2017-01-17 22:22 - 2016-11-21 23:38 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GamePanel.exe
2017-01-17 22:22 - 2016-11-21 23:02 - 24610304 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-01-17 22:22 - 2016-11-21 22:59 - 03671040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2017-01-17 22:22 - 2016-11-21 22:55 - 01500160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-01-17 22:22 - 2016-11-21 22:35 - 19350016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-01-17 22:21 - 2016-12-21 01:01 - 01540224 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2017-01-17 22:21 - 2016-12-21 01:01 - 00692136 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
2017-01-17 22:21 - 2016-12-21 00:25 - 01594416 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-01-17 22:21 - 2016-12-20 22:56 - 01502208 _____ (Microsoft Corporation) C:\Windows\system32\RecoveryDrive.exe
2017-01-17 22:21 - 2016-12-20 21:41 - 04895744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-01-17 22:21 - 2016-12-20 21:15 - 07839232 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2017-01-17 22:21 - 2016-12-20 21:06 - 03663872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-01-17 22:21 - 2016-12-20 20:48 - 05658624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2017-01-17 22:21 - 2016-11-22 03:42 - 00384864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2017-01-17 22:21 - 2016-11-22 02:43 - 03692040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-01-17 22:21 - 2016-11-22 02:36 - 00159640 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-01-17 22:21 - 2016-11-22 02:35 - 00609056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2017-01-17 22:21 - 2016-11-22 02:35 - 00075448 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-01-17 22:21 - 2016-11-22 02:04 - 02549456 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2017-01-17 22:21 - 2016-11-22 02:03 - 01777280 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2017-01-17 22:21 - 2016-11-22 02:02 - 01399216 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2017-01-17 22:21 - 2016-11-22 01:21 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-01-17 22:21 - 2016-11-22 01:13 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-01-17 22:21 - 2016-11-22 01:00 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-01-17 22:21 - 2016-11-22 00:59 - 00221696 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-01-17 22:21 - 2016-11-22 00:55 - 00431104 _____ (Microsoft Corporation) C:\Windows\system32\bcastdvr.exe
2017-01-17 22:21 - 2016-11-22 00:50 - 00715776 _____ (Microsoft Corporation) C:\Windows\system32\GamePanel.exe
2017-01-17 22:21 - 2016-11-22 00:35 - 00784896 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-01-17 22:21 - 2016-11-22 00:32 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2017-01-17 22:21 - 2016-11-22 00:27 - 01752576 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-01-17 22:21 - 2016-11-22 00:20 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
2017-01-17 22:21 - 2016-11-22 00:04 - 03587584 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2017-01-17 22:21 - 2016-11-21 23:53 - 01728000 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-01-17 22:21 - 2016-11-21 23:36 - 00766464 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2017-01-17 22:21 - 2016-11-21 23:26 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-01-17 22:21 - 2016-11-21 23:26 - 00687616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-01-17 22:21 - 2016-11-21 23:21 - 01526272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-01-17 22:21 - 2016-11-21 23:01 - 13392384 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-01-17 22:21 - 2016-11-21 22:34 - 12134400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-20 18:53 - 2016-06-17 16:57 - 00000000 ____D C:\Windows\AppReadiness
2017-01-20 18:52 - 2016-07-20 15:57 - 00000275 _____ C:\Windows\WindowsUpdate.log
2017-01-20 18:52 - 2016-06-17 16:13 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-20 18:52 - 2016-06-17 16:07 - 00000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-01-20 18:21 - 2016-06-17 16:57 - 00000000 ____D C:\Windows\system32\sru
2017-01-20 18:04 - 2016-07-21 11:18 - 00000000 ____D C:\Users\garyh\AppData\Local\Google
2017-01-20 17:57 - 2016-06-17 16:57 - 00000000 ____D C:\Windows\rescache
2017-01-20 17:50 - 2016-02-11 16:49 - 00834360 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-20 17:44 - 2016-08-12 02:17 - 00040190 _____ C:\Windows\system32\OV7251_FRONT.aiqd
2017-01-20 17:44 - 2016-06-17 16:48 - 00786432 ___SH C:\Windows\system32\config\BBI
2017-01-20 17:25 - 2016-06-17 17:03 - 00000000 ___DC C:\Windows\Panther
2017-01-20 17:14 - 2016-07-21 14:47 - 00002469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2017-01-20 17:13 - 2016-11-21 03:31 - 00000000 ___HD C:\$WINDOWS.~BT
2017-01-20 17:13 - 2016-06-17 16:57 - 00000000 ____D C:\Windows\LiveKernelReports
2017-01-20 17:03 - 2016-06-17 16:04 - 00000000 ____D C:\Windows\system32\SleepStudy
2017-01-20 16:18 - 2016-07-20 16:02 - 00000000 ____D C:\Windows\Firmware
2017-01-20 16:15 - 2016-07-21 11:52 - 00017886 _____ C:\Windows\PFRO.log
2017-01-20 16:15 - 2016-06-17 16:04 - 00348344 _____ C:\Windows\system32\FNTCACHE.DAT
2017-01-20 16:11 - 2016-06-17 16:57 - 00000000 ____D C:\Windows\system32\oobe
2017-01-20 16:07 - 2016-07-21 11:18 - 00000000 ____D C:\Users\garyh\AppData\Local\Packages
2017-01-20 16:06 - 2016-06-17 16:04 - 00008781 _____ C:\Windows\setupact.log
2017-01-20 15:57 - 2016-07-21 11:22 - 00002370 _____ C:\Users\garyh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-01-20 15:57 - 2016-07-21 11:22 - 00000000 ___RD C:\Users\garyh\OneDrive
2017-01-18 00:29 - 2016-07-20 19:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-01-17 23:31 - 2016-07-20 16:03 - 00000000 ____D C:\Users\Betty Hedrick\AppData\Local\Packages
2017-01-17 23:06 - 2016-07-20 17:57 - 00000000 ____D C:\Windows\system32\MRT
2017-01-17 23:06 - 2016-06-17 16:53 - 00000000 ____D C:\Windows\CbsTemp
2017-01-17 23:05 - 2016-07-20 17:57 - 135657872 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-01-17 22:56 - 2016-07-21 14:47 - 00002131 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2017-01-17 22:48 - 2016-07-21 14:48 - 00004562 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-01-17 22:36 - 2016-07-20 19:16 - 00002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-01-17 22:30 - 2016-07-20 19:15 - 00003416 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-01-17 22:30 - 2016-07-20 19:15 - 00003292 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-01-17 22:25 - 2016-07-21 16:16 - 00000000 ___RD C:\Users\Betty Hedrick\Box Sync
2016-12-29 22:07 - 2016-06-17 17:03 - 00761352 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaPreciseTouch.sys
2016-12-22 14:48 - 2016-06-17 16:58 - 00835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-12-22 14:48 - 2016-06-17 16:58 - 00177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

Some files in TEMP:
====================
C:\Users\Betty Hedrick\AppData\Local\Temp\AdobeApplicationManager.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2017-01-18 00:31

==================== End of FRST.txt ============================

 

[glhglh]

Addition 1:
Additional scan result of Farbar Recovery Scan Tool (x64) Version:04-10-2015
Ran by garyh (2017-01-20 18:54:07)
Running from C:\Users\garyh\Desktop\Virus
Windows 10 Pro (X64) (2016-07-20 23:59:04)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-131823359-1301760758-2005619473-500 - Administrator - Disabled)
Betty Hedrick (S-1-5-21-131823359-1301760758-2005619473-1001 - Administrator - Enabled) => C:\Users\Betty Hedrick
DefaultAccount (S-1-5-21-131823359-1301760758-2005619473-503 - Limited - Disabled)
garyh (S-1-5-21-131823359-1301760758-2005619473-1002 - Administrator - Enabled) => C:\Users\garyh
Guest (S-1-5-21-131823359-1301760758-2005619473-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0E0F06755100}) (Version: 15.006.30280 - Adobe Systems Incorporated)
Box Sync (HKLM\...\{5C15714C-1956-47D4-9C1D-452CC2C2C10B}) (Version: 4.0.7724.0 - Box, Inc.)
Box Sync (x32 Version: 4.0.7571.0 - Box Inc.) Hidden
Box Tools (HKLM-x32\...\{56647361-687B-452B-8999-6179125FFD63}) (Version: 3.2.10.1533 - Box)
Epson Event Manager (HKLM-x32\...\{9F205E94-9E42-4486-A92A-DF3F6CB85444}) (Version: 3.10.0061 - Seiko Epson Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Laser App Enterprise (HKLM-x32\...\Laser App Enterprise) (Version: 11.0.0.18 - Laser App Software Inc.)
Laser App Enterprise (x32 Version: 11.0.0.18 - Laser App Software Inc.) Hidden
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.7369.2102 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-131823359-1301760758-2005619473-1002\...\OneDriveSetup.exe) (Version: 17.3.6720.1207 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7369.2102 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7369.2102 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7369.2102 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7369.2102 - Microsoft Corporation) Hidden
RoboForm 7-9-19-7 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-19-7 - Siber Systems)
VueScan x64 (HKLM\...\VueScan x64) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-131823359-1301760758-2005619473-1002_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\garyh\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\FileCoAuth.exe (Microsoft Corporation)

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-29 23:24 - 2015-10-29 23:21 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0C78AD10-D832-4DD2-B220-5DCD11BBB828} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-01-03] (Microsoft Corporation)
Task: {10B0CB70-1AC0-4A7A-85D0-ADF623918F29} - System32\Tasks\Microsoft\Windows\Management\Provisioning\Retry => C:\Windows\system32\ProvTool.exe [2016-02-11] (Microsoft Corporation)
Task: {13DDFD34-0264-41FE-8C1B-E99F0CF05D1B} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceManagerTask => C:\Windows\system32\SpaceMan.exe [2015-10-29] (Microsoft Corporation)
Task: {17478B22-6B8C-4E28-9DA5-C0B10EB55B46} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceSettingChange
Task: {23E92897-46A4-4873-B83C-3E41633A4C9D} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-25] (Microsoft Corporation)
Task: {282CDB41-12C5-4038-AB83-C8F3B9FD6331} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-25] (Microsoft Corporation)
Task: {2B5913A1-D51C-4CA1-ACAD-DF16C7F398EA} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2016-07-20] (Siber Systems)
Task: {313B9D46-65EA-4F77-91E6-B67EA6226DA3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {420CD5B2-5579-4755-8CA3-587C7CC690A7} - System32\Tasks\Microsoft\Windows\License Manager\TempSignedLicenseExchange
Task: {4E098BB2-33D8-4FEF-8B42-733EA845299C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-20] (Google Inc.)
Task: {58A13A78-5F50-4257-A377-676DBA1FEEF1} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => C:\Windows\system32\compattelrunner.exe [2016-10-04] (Microsoft Corporation)
Task: {66B87219-22D8-4AC3-9416-037E996A4E2C} - System32\Tasks\Microsoft\Windows\Storage Tiers Management\Storage Tiers Management Initialization
Task: {7354A2E9-F5E8-4A0C-8609-B75603EDD329} - System32\Tasks\Microsoft\Windows\Management\Provisioning\Logon => C:\Windows\system32\ProvTool.exe [2016-02-11] (Microsoft Corporation)
Task: {74916AB9-D16A-471B-8B7D-B373454EE0EF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-20] (Google Inc.)
Task: {7E97E9F1-CB10-456B-858B-D0FD4C23F26D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-01-03] (Microsoft Corporation)
Task: {92B16A46-FC6C-4AF7-95A4-5B2A3F66A2AA} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattelrunner.exe [2016-10-04] (Microsoft Corporation)
Task: {9940B47E-A0BE-4F99-B9DF-8A97D406A3BC} - System32\Tasks\Microsoft\Windows\ErrorDetails\ErrorDetailsUpdate
Task: {A37C962D-82B8-4686-8702-9A455CEA8252} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic1
Task: {A6B09E1C-DEA0-4CC5-BF48-018A7648803F} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceScreenOnOff
Task: {A99B2380-4D9D-4945-80C8-BDB4E3923E33} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceConnectedToNetwork
Task: {B4566BCA-AB32-4F3B-87DC-00558B75FFD2} - System32\Tasks\Microsoft\Windows\ErrorDetails\EnableErrorDetailsUpdate
Task: {BA36FE17-F4E2-4CBE-AAC2-4EB3ED176D30} - System32\Tasks\Microsoft\Windows\DiskFootprint\StorageSense => Rundll32.exe %windir%\system32\StorageUsage.dll,GetStorageUsageInfo
Task: {BF8144AF-149B-42DC-ACE8-2B7B673448F7} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterUserDevice
Task: {C7F1ADB2-6DAC-416A-B4EA-EF51377C0E1F} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic6
Task: {D198EE1F-E169-418D-AA52-0790ECBB1835} - System32\Tasks\OneDrive Standalone Update Task v2 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {D7313745-CF61-4E68-B82A-0FDB613BF8ED} - System32\Tasks\Microsoft\Windows\DUSM\dusmtask => C:\Windows\System32\dusmtask.exe [2015-10-29] (Microsoft Corporation)
Task: {DA96CA65-5E2B-4D2C-8B15-28F9D7E42711} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic24
Task: {DF905164-6511-4D7F-BB34-B37BA38D3DAD} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/test-pass.h...MMMLMFMOMPMJNFICMGJLJKJBJLIGJLIGJKJMIBNKJHIKJ"
Task: {E169DF3E-932C-46E5-80F3-49DFF580A82B} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-01-03] (Microsoft Corporation)
Task: {F9BD15D3-EFA9-44A4-AF84-5AA2A609645E} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\IntegrityCheck
Task: {FD676CD4-1480-4DF5-9CEF-6AF4FFF9AEDA} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceAccountChange
Task: {FD7124CE-48D4-46C9-A30A-AC8EDEB15856} - System32\Tasks\Microsoft\Windows\CertificateServicesClient\CryptoPolicyTask

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Loaded Modules (Whitelisted) ==============

2015-10-29 23:17 - 2015-10-29 23:17 - 00028672 _____ () C:\Windows\SYSTEM32\efsext.dll
2015-10-29 23:18 - 2015-10-29 23:18 - 00185856 _____ () C:\Windows\SYSTEM32\ism32k.dll
2016-11-08 16:01 - 2016-10-25 01:42 - 02656952 _____ () C:\Windows\system32\CoreUIComponents.dll
2016-11-08 16:01 - 2016-10-25 01:42 - 02656952 _____ () C:\Windows\System32\CoreUIComponents.dll
2017-01-20 15:56 - 2017-01-20 15:56 - 01678560 _____ () C:\Users\garyh\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\amd64\ClientTelemetry.dll
2016-07-20 19:12 - 2016-12-25 12:14 - 08923848 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-02-11 16:36 - 2016-02-11 16:36 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-20 17:57 - 2016-06-30 19:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-11-08 16:02 - 2016-10-24 20:49 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-08 16:01 - 2016-10-24 20:44 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-08 16:02 - 2016-10-24 20:45 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-08 16:01 - 2016-10-24 20:48 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-07-20 19:07 - 2016-07-20 19:07 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-10-29 23:18 - 2015-10-29 23:18 - 00218456 _____ () c:\windows\system32\WerEtw.dll
2016-07-20 19:07 - 2016-07-20 19:07 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-07-20 19:07 - 2016-07-20 19:07 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2017-01-20 15:56 - 2017-01-20 15:56 - 01244376 _____ () C:\Users\garyh\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\ClientTelemetry.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Program Files (x86)\Epson Software:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Laser App Enterprise:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Microsoft Office:Win32App_1
AlternateDataStreams: C:\ProgramData\regid.1991-06.com.microsoft:Win32App_1

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52} => ""="Firmware"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SpbCx.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\uefi.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52} => ""="Firmware"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-131823359-1301760758-2005619473-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\garyh\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\853_10151767637662483_491472491_n.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{9E31F9CD-B962-4073-A7CD-2E58312FFF22}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{755AF69E-E162-4F74-8D68-1C00FD0B4771}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{37F3B1FF-B929-4D4F-97A1-2CE0260DDE7A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{A0D3E88F-A26D-4CDD-8135-FE9F6B440986}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{37650C3F-E919-46B4-AC4F-E295C08DC670}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [TCP Query User{5B14B3D6-0639-4084-8DB6-2A609C5E6A24}C:\windows\system32\wuapihost.exe] => (Allow) C:\windows\system32\wuapihost.exe
FirewallRules: [UDP Query User{4DF93840-E632-4650-B4A1-F3C9D494807E}C:\windows\system32\wuapihost.exe] => (Allow) C:\windows\system32\wuapihost.exe
FirewallRules: [{4292D7BD-2422-4166-BF19-6BBE25D24FD4}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{2867944E-4D93-4101-963F-C48A4515E47D}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{FC7CFF6F-F52B-41A6-A0F0-DB68B31D56F5}] => (Allow) C:\Program Files\VueScan\vuescan.exe
FirewallRules: [{6CEAE6D3-1F81-4069-BFCF-EBB1A6FB9923}] => (Allow) C:\Program Files\VueScan\vuescan.exe
FirewallRules: [TCP Query User{72E56DD7-37BD-4683-BA6B-E74DCDAEF55E}C:\users\betty hedrick\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\betty hedrick\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{7C8D8370-A6F0-4888-B885-3C31756572F8}C:\users\betty hedrick\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\betty hedrick\appdata\roaming\spotify\spotify.exe
FirewallRules: [{E8A3D68C-3DE8-4002-BD9C-D4F6573FC2C8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/20/2017 05:57:01 PM) (Source: VSS) (EventID: 12292) (User: )
Description: Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {3e02620c-e180-44f3-b154-2473646e4cb8} [0x80040154, Class not registered
].


Operation:
Obtain a callable interface for this provider
List interfaces for all providers supporting this context
Query Shadow Copies

Context:
Provider ID: {74600e39-7dc5-4567-a03b-f091d6c7b092}
Class ID: {3e02620c-e180-44f3-b154-2473646e4cb8}
Snapshot Context: -1
Snapshot Context: -1
Execution Context: Coordinator

Error: (01/20/2017 05:57:01 PM) (Source: VSS) (EventID: 22) (User: )
Description: Volume Shadow Copy Service error: A critical component required by the Volume Shadow Copy service is not registered.
This might happened if an error occurred during Windows setup or during installation of a Shadow Copy provider.
The error returned from CoCreateInstance on class with CLSID {3e02620c-e180-44f3-b154-2473646e4cb8} and Name SW_PROV is [0x80040154, Class not registered
].


Operation:
Obtain a callable interface for this provider
List interfaces for all providers supporting this context
Query Shadow Copies

Context:
Provider ID: {74600e39-7dc5-4567-a03b-f091d6c7b092}
Class ID: {3e02620c-e180-44f3-b154-2473646e4cb8}
Snapshot Context: -1
Snapshot Context: -1
Execution Context: Coordinator

Error: (01/20/2017 05:13:28 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (01/18/2017 08:16:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_OneSyncSvc_1df241, version: 10.0.10586.0, time stamp: 0x5632d7ba
Faulting module name: SYNCUTIL.dll, version: 10.0.10586.672, time stamp: 0x580efc78
Exception code: 0xe0464645
Fault offset: 0x00000000000160d0
Faulting process id: 0x11c4
Faulting application start time: 0xsvchost.exe_OneSyncSvc_1df2410
Faulting application path: svchost.exe_OneSyncSvc_1df2411
Faulting module path: svchost.exe_OneSyncSvc_1df2412
Report Id: svchost.exe_OneSyncSvc_1df2413
Faulting package full name: svchost.exe_OneSyncSvc_1df2414
Faulting package-relative application ID: svchost.exe_OneSyncSvc_1df2415

Error: (01/18/2017 02:50:39 AM) (Source: SharpShell) (EventID: 0) (User: )
Description: System.NullReferenceException: Object reference not set to an instance of an object.
at IconOverlayClient.BoxIconOverlay.CanShowOverlay(String path, FILE_ATTRIBUTE attributes)
at SharpShell.SharpIconOverlayHandler.SharpIconOverlayHandler.SharpShell.Interop.IShellIconOverlayIdentifier.IsMemberOf(String pwszPath, FILE_ATTRIBUTE dwAttrib)

Error: (01/18/2017 02:50:39 AM) (Source: SharpShell) (EventID: 0) (User: )
Description: System.NullReferenceException: Object reference not set to an instance of an object.
at IconOverlayClient.BoxIconOverlay.CanShowOverlay(String path, FILE_ATTRIBUTE attributes)
at SharpShell.SharpIconOverlayHandler.SharpIconOverlayHandler.SharpShell.Interop.IShellIconOverlayIdentifier.IsMemberOf(String pwszPath, FILE_ATTRIBUTE dwAttrib)

Error: (01/18/2017 02:50:39 AM) (Source: SharpShell) (EventID: 0) (User: )
Description: LockedIconOverlay: IsMemberOf: An exception occured when determining whether to show the overlay for 'C:\Users\Betty Hedrick\Box Sync\Personal\70273'.

Error: (01/18/2017 02:50:39 AM) (Source: SharpShell) (EventID: 0) (User: )
Description: LockedIconOverlay: IsMemberOf: An exception occured when determining whether to show the overlay for 'C:\Users\Betty Hedrick\Box Sync\Personal\Ben'.

Error: (01/18/2017 01:06:29 AM) (Source: VSS) (EventID: 12292) (User: )
Description: Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {3e02620c-e180-44f3-b154-2473646e4cb8} [0x80040154, Class not registered
].


Operation:
Obtain a callable interface for this provider
List interfaces for all providers supporting this context
Query Shadow Copies

Context:
Provider ID: {74600e39-7dc5-4567-a03b-f091d6c7b092}
Class ID: {3e02620c-e180-44f3-b154-2473646e4cb8}
Snapshot Context: -1
Snapshot Context: -1
Execution Context: Coordinator

Error: (01/18/2017 01:06:29 AM) (Source: VSS) (EventID: 22) (User: )
Description: Volume Shadow Copy Service error: A critical component required by the Volume Shadow Copy service is not registered.
This might happened if an error occurred during Windows setup or during installation of a Shadow Copy provider.
The error returned from CoCreateInstance on class with CLSID {3e02620c-e180-44f3-b154-2473646e4cb8} and Name SW_PROV is [0x80040154, Class not registered
].


Operation:
Obtain a callable interface for this provider
List interfaces for all providers supporting this context
Query Shadow Copies

Context:
Provider ID: {74600e39-7dc5-4567-a03b-f091d6c7b092}
Class ID: {3e02620c-e180-44f3-b154-2473646e4cb8}
Snapshot Context: -1
Snapshot Context: -1
Execution Context: Coordinator


System errors:
=============
Error: (01/20/2017 06:20:56 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_13d40d service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (01/20/2017 06:20:56 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_13d40d service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (01/20/2017 06:20:56 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_13d40d service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (01/20/2017 06:20:56 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_13d40d service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (01/20/2017 06:20:28 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (01/20/2017 06:19:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (01/20/2017 06:19:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Surface Integration Service service terminated unexpectedly. It has done this 1 time(s).

Error: (01/20/2017 06:19:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Office Click-to-Run Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (01/20/2017 06:19:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Genuine Software Integrity Service service terminated unexpectedly. It has done this 1 time(s).

Error: (01/20/2017 06:19:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).


CodeIntegrity:
===================================
Date: 2017-01-20 17:25:12.219
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-01-20 16:16:31.246
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-01-18 00:30:06.205
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-01-17 23:24:03.781
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-01-17 23:24:03.252
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-01-17 22:13:59.605
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-11-21 17:16:38.828
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-11-09 20:14:26.081
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-11-09 16:55:29.371
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-11-09 08:23:27.087
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-6650U CPU @ 2.20GHz
Percentage of memory in use: 13%
Total physical RAM: 16310.14 MB
Available physical RAM: 14171.8 MB
Total Virtual: 18742.14 MB
Available Virtual: 16798.19 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:475.74 GB) (Free:410.57 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: 8BE8A9BC)

Partition: GPT.

==================== End of Addition.txt ============================

 

[Broni]

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===========================

We can run couple of scans but I don't see much there.

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

• Close all the running programs
• Double click on downloaded setup.exe file to install the program.
• Click on Start Scan button.
• Click on another Start Scan button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.

Please download Malwarebytes to your desktop.

• Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
• Then click Finish.
• Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
• If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
• When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
• Restart your computer when prompted to do so.
• The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

Please download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.
  Vista/Windows 7/8 users right-click and select Run As Administrator
• The tool will start to update the database if one is required.
• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• After the scan has finished, click on the Logfile button.
• A window will open which lists the logs of your scans.
• Click on the Scan tab.
• Double-click the most recent scan which will be at the top of the list....the log will appear.
• Review the results...see note below
• After reviewing the log, click on the Clean button.
• Press OK when asked to close all programs and follow the onscreen prompts.
• Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
• After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
• To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
• Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
• A copy of all logfiles are saved to C:\AdwCleaner.

-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

 

[glhglh]

Rogue Killer:
I couldn't figure out if I should have checked the boxes and deleted:

RogueKiller V12.9.4.0 (x64) [Jan 16 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.10586) 64 bits version
Started in : Normal mode
User : garyh [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 01/20/2017 19:42:54 (Duration : 00:15:42)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 2 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-131823359-1301760758-2005619473-1002\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.nytimes.com/ -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-131823359-1301760758-2005619473-1002\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.nytimes.com/ -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: NVMe SAMSUNG MZFLV512 +++++
--- User ---
[MBR] 936aefa5f32b0cd7df11a2fd9aecc961
[BSP] ec7307f3b39ea5f6a9c3ef3a5f9d68a6 : Empty|VT.Unknown MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 260 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 534528 | Size: 128 MB
2 - Basic data partition | Offset (sectors): 796672 | Size: 487157 MB
3 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 998494208 | Size: 840 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )

 

[glhglh]

Mbites:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 1/20/17
Scan Time: 8:09 PM
Logfile: Malware.txt
Administrator: Yes

-Software Information-
Version: 3.0.5.1299
Components Version: 1.0.43
Update Package Version: 1.0.1068
License: Trial

-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: DESKTOP-LTKBGIB\garyh

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 402156
Time Elapsed: 1 min, 59 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 4
PUP.Optional.MindSpark, C:\USERS\BETTY HEDRICK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_fromdoctopdf.dl.tb.ask.com_0.localstorage, Quarantined, [342], [240306],1.0.1068
PUP.Optional.MindSpark, C:\USERS\BETTY HEDRICK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_fromdoctopdf.dl.tb.ask.com_0.localstorage-journal, Quarantined, [342], [240306],1.0.1068
PUP.Optional.MindSpark, C:\USERS\BETTY HEDRICK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_fromdoctopdf.dl.myway.com_0.localstorage, Quarantined, [342], [240305],1.0.1068
PUP.Optional.MindSpark, C:\USERS\BETTY HEDRICK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_fromdoctopdf.dl.myway.com_0.localstorage-journal, Quarantined, [342], [240305],1.0.1068

Physical Sector: 0
(No malicious items detected)


(end)

 

[glhglh]

Adware:

# AdwCleaner v6.042 - Logfile created 20/01/2017 at 20:21:18
# Updated on 06/01/2017 by Malwarebytes
# Database : 2017-01-20.2 [Local]
# Operating System : Windows 10 Pro (X64)
# Username : garyh - DESKTOP-LTKBGIB
# Running from : C:\Users\garyh\Desktop\Virus\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****



***** [ Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****



***** [ Web browsers ] *****

[-] [C:\Users\garyh\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\garyh\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1670 Bytes] - [20/01/2017 18:20:01]
C:\AdwCleaner\AdwCleaner[C2].txt - [1052 Bytes] - [20/01/2017 20:21:18]
C:\AdwCleaner\AdwCleaner[S0].txt - [1708 Bytes] - [20/01/2017 18:18:53]
C:\AdwCleaner\AdwCleaner[S1].txt - [1449 Bytes] - [20/01/2017 20:21:04]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1271 Bytes] ##########

 

[Broni]

Nothing serious there.

In this forum, we make sure, your computer is free of malware and your computer is clean
Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
You'll get more attention.

Good luck

 

[glhglh]

Jrt unable to create restore point:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 10 Pro x64
Ran by garyh (Administrator) on Fri 01/20/2017 at 20:29:38.08
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 1

Successfully deleted: C:\ProgramData\Start Menu\Programs\search.lnk (Shortcut)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 01/20/2017 at 20:31:20.23
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[Broni]

Please read my previous reply.

 

[glhglh]

Thanks!

 

[Broni]