Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-02-2016
Ran by Molly Poole (administrator) on POOLE-PC (09-02-2016 21:10:56)
Running from D:\Users\Molly Poole\Desktop
Loaded Profiles: Molly Poole & Molly (Available Profiles: Molly Poole & Molly)
Platform: Windows 8.1 Pro (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Malwarebytes) D:\Users\Molly Poole\Desktop\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) D:\Users\Molly Poole\Desktop\Malwarebytes Anti-Malware\mbamservice.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\epson\MyEpson Portal\mepService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\epson\MyEpson Portal\mep.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Validity Sensors, Inc.) C:\Windows\System32\valWBFPolicyService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe
(Malwarebytes) D:\Users\Molly Poole\Desktop\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATINEE.EXE
(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATINEE.EXE
(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
() C:\Program Files (x86)\Spellex\Spellex Dictation\spxsr.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\MSOSYNC.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) D:\Users\Molly Poole\Desktop\FRST64 (1).exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8444632 2015-08-04] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2817776 2014-04-11] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-09] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-11-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2068856 2011-10-12] (Flexera Software LLC.)
HKLM-x32\...\Run: [Spellex] => C:\Program Files (x86)\Spellex\Spellex Dictation\spxsr.exe [53760 2015-02-12] ()
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1065968 2015-07-23] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1343854479-873069186-2863876452-1002\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2068856 2011-10-12] (Flexera Software LLC.)
HKU\S-1-5-21-1343854479-873069186-2863876452-1002\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATINEE.EXE [298560 2013-12-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1343854479-873069186-2863876452-1002\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATINEE.EXE [298560 2013-12-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1343854479-873069186-2863876452-1003\...\Run: [moveuser] => C:\Windows\iansyst\imoveuser.exe [293213 2013-07-30] ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{139019A9-051D-4E9B-8DE0-B85849599CA1}: [DhcpNameServer] 192.168.5.253
Tcpip\..\Interfaces\{E290C363-028E-443D-B7BF-CFA28FF92AE5}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-1343854479-873069186-2863876452-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.co.uk
HKU\S-1-5-21-1343854479-873069186-2863876452-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.co.uk/?gws_rd=ssl
HKU\S-1-5-21-1343854479-873069186-2863876452-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.co.uk
HKU\S-1-5-21-1343854479-873069186-2863876452-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.co.uk
URLSearchHook: [S-1-5-21-1343854479-873069186-2863876452-1003] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\dgnriaie_x64.dll [2014-07-12] (Nuance Communications, Inc.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (Seiko Epson Corporation)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2016-01-19] (Microsoft Corporation)
BHO-x32: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\dgnriaie.dll [2014-07-12] (Nuance Communications, Inc.)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2016-01-17] (Microsoft Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (Seiko Epson Corporation)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-17] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-01-17] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-17] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-01-17] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-17] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-01-17] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-17] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-01-17] (Microsoft Corporation)
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-01-17] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: nuance.com/DgnRia2_x86_64 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\npDgnRia2_x64.dll [2014-07-12] (Nuance Communications, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2016-01-17] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin-x32: nuance.com/DgnRia2 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\npDgnRia2.dll [2014-07-12] (Nuance Communications, Inc.)
FF HKLM-x32\...\Firefox\Extensions: [
[email protected]] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2015-12-14] [not signed]
Chrome:
=======
CHR HomePage: Default -> hxxps://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_mdaffmarmarie_16_03¶m1=1¶m2=f%3D1%26b%3DChrome%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyDzztBtD0BtC0DzzyD0D0C0DtByDyDtBtN0D0Tzu0StCyEzztBtN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyDtBtCyByB0DyByEtGyByC0A0AtG0B0EyBtDtGtC0F0AtBtG0B0CyBzztB0FtC0F0DtDyD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytD0BtBtByD0B0BtGyEtA0BtCtGyEyCyE0AtGzzzy0BtCtGzz0B0B0A0DtD0E0C0F0E0Czz2QtN0A0LzutB%26cr%3D167945445%26a%3Dwncy_mdaffmarmarie_16_03%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BPro
CHR StartupUrls: Default -> "hxxps://www.google.co.uk/","hxxp://www.uea.ac.uk/is/portal","hxxp://en-gb.facebook.com/"
CHR Profile: C:\Users\Molly Poole\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Molly Poole\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-14]
CHR Extension: (Google Docs) - C:\Users\Molly Poole\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-31]
CHR Extension: (Google Drive) - C:\Users\Molly Poole\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-31]
CHR Extension: (YouTube) - C:\Users\Molly Poole\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-31]
CHR Extension: (Google Search) - C:\Users\Molly Poole\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-31]
CHR Extension: (Google Sheets) - C:\Users\Molly Poole\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-14]
CHR Extension: (Google Docs Offline) - C:\Users\Molly Poole\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-01-31]
CHR Extension: (AdBlock) - C:\Users\Molly Poole\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-02-07]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\Molly Poole\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2016-02-09]
CHR Extension: (Nebula) - C:\Users\Molly Poole\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlmflgnnmmojlnbmaokpfcjdkhkjbnok [2016-02-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Molly Poole\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-14]
CHR Extension: (Hola - Unlimited Proxy VPN) - C:\Users\Molly Poole\AppData\Local\Google\Chrome\User Data\Default\Extensions\opalpjjboefohnelaemnhdhlceibbcgl [2016-01-31]
CHR Extension: (Gmail) - C:\Users\Molly Poole\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-31]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2772720 2016-01-17] (Microsoft Corporation)
R2 DragonLoggerService; C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe [137280 2014-07-12] (Nuance Communications, Inc.)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328296 2014-10-17] (Intel Corporation)
R2 MBAMScheduler; D:\Users\Molly Poole\Desktop\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; D:\Users\Molly Poole\Desktop\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MyEpson Portal Service; C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe [703984 2014-09-22] (SEIKO EPSON CORPORATION)
S3 Olympus DVR Service; C:\Program Files (x86)\Common Files\Olympus Shared\DeviceManager\olydvrsv.exe [174592 2012-11-08] (OLYMPUS IMAGING CORP.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [293080 2015-08-04] (Realtek Semiconductor)
S2 SpxDictService; C:\Program Files (x86)\Spellex\Spellex Dictation\SpxDictService.exe [17920 2015-02-12] () [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [191728 2014-04-11] (Synaptics Incorporated)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [41472 2014-01-01] (Validity Sensors, Inc.) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-10-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-10-07] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-02-09] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [126976 2014-09-03] (Intel Corporation)
S3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [508120 2014-08-15] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3556056 2014-10-28] (Realtek Semiconductor Corporation )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-04-11] (Synaptics Incorporated)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-10-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-10-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-10-07] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20288 2012-08-03] (Hewlett-Packard Development Company, L.P.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-02-09 17:35 - 2016-02-09 17:35 - 00000000 ____D C:\Program Files (x86)\ESET
2016-02-09 16:44 - 2016-02-09 17:40 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-02-09 16:44 - 2016-02-09 16:44 - 00000674 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-02-09 16:44 - 2016-02-09 16:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-02-09 16:44 - 2016-02-09 16:44 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-02-09 16:44 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-02-09 16:44 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-02-09 16:44 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-02-09 15:44 - 2016-02-09 15:48 - 00000000 ____D C:\AdwCleaner
2016-02-09 14:28 - 2016-02-09 14:28 - 00000000 ____D C:\Users\Molly Poole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2016-02-09 11:48 - 2016-02-09 21:10 - 00000000 ____D C:\FRST
2016-01-31 19:25 - 2016-02-05 13:33 - 00002210 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-01-28 20:46 - 2016-01-28 20:46 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-01-22 18:57 - 2016-01-22 18:57 - 00000000 ____D C:\ProgramData\Unchecky
2016-01-19 12:50 - 2016-01-19 12:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sonocent Audio Notetaker
2016-01-19 12:50 - 2016-01-19 12:50 - 00000000 ____D C:\Program Files (x86)\Sonocent
2016-01-12 22:03 - 2015-12-10 00:40 - 00033456 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-01-12 22:03 - 2015-11-17 21:07 - 01380864 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-01-12 22:03 - 2015-11-17 21:07 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-01-12 22:03 - 2015-11-17 21:07 - 00792064 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-01-12 22:03 - 2015-11-17 21:07 - 00705024 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-01-12 22:03 - 2015-11-17 21:07 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-01-12 22:03 - 2015-11-17 21:07 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-01-12 22:03 - 2015-11-17 21:07 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-01-12 20:54 - 2015-12-11 04:38 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-01-12 20:54 - 2015-12-11 04:00 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-01-12 20:54 - 2015-12-11 03:55 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-01-12 20:54 - 2015-12-11 03:50 - 20367360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-01-12 20:54 - 2015-12-11 03:45 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-01-12 20:54 - 2015-12-11 03:21 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-01-12 20:54 - 2015-12-11 03:18 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-01-12 20:54 - 2015-12-11 03:09 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-01-12 20:54 - 2015-12-11 03:09 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-01-12 20:54 - 2015-12-11 03:03 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-01-12 20:54 - 2015-12-11 02:59 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-01-12 20:54 - 2015-12-11 02:43 - 04610560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-01-12 20:54 - 2015-12-11 02:43 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-01-12 20:54 - 2015-12-11 02:38 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-01-12 20:54 - 2015-12-11 02:37 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-01-12 20:54 - 2015-12-11 02:35 - 12856320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-01-12 20:54 - 2015-12-11 02:26 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-01-12 20:54 - 2015-12-11 02:14 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-01-12 20:54 - 2015-12-11 02:12 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-01-12 20:54 - 2015-12-11 02:08 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-01-12 20:54 - 2015-12-11 02:07 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-01-12 20:53 - 2015-12-30 19:32 - 07453016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-01-12 20:53 - 2015-12-30 19:32 - 01735000 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-01-12 20:53 - 2015-12-30 19:32 - 01499912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-01-12 20:53 - 2015-12-07 10:56 - 01380600 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-01-12 20:53 - 2015-12-05 05:58 - 02745184 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2016-01-12 20:53 - 2015-12-05 05:58 - 02528784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2016-01-12 20:53 - 2015-12-05 05:58 - 02450240 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2016-01-12 20:53 - 2015-12-05 05:58 - 02447136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
2016-01-12 20:53 - 2015-12-05 05:58 - 02334104 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2016-01-12 20:53 - 2015-12-05 05:58 - 02324744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2016-01-12 20:53 - 2015-12-05 05:58 - 01877504 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2016-01-12 20:53 - 2015-12-05 05:58 - 01798480 _____ (Microsoft Corporation) C:\Windows\system32\WMALFXGFXDSP.dll
2016-01-12 20:53 - 2015-12-05 05:58 - 01484888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
2016-01-12 20:53 - 2015-12-05 05:58 - 01288128 _____ (Microsoft Corporation) C:\Windows\system32\mfnetsrc.dll
2016-01-12 20:53 - 2015-12-05 05:58 - 01210200 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-01-12 20:53 - 2015-12-05 05:58 - 01150232 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2016-01-12 20:53 - 2015-12-05 05:58 - 01115640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetsrc.dll
2016-01-12 20:53 - 2015-12-05 05:58 - 01037680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2016-01-12 20:53 - 2015-12-05 05:58 - 00914672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
2016-01-12 20:53 - 2015-12-05 05:58 - 00850680 _____ (Microsoft Corporation) C:\Windows\system32\mfnetcore.dll
2016-01-12 20:53 - 2015-12-05 05:58 - 00735496 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-01-12 20:53 - 2015-12-05 05:58 - 00700360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetcore.dll
2016-01-12 20:53 - 2015-12-05 05:58 - 00629600 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2016-01-12 20:53 - 2015-12-05 05:58 - 00584656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-01-12 20:53 - 2015-12-05 05:58 - 00557856 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2016-01-12 20:53 - 2015-12-05 05:58 - 00498472 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll
2016-01-12 20:53 - 2015-12-05 05:58 - 00492736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2016-01-12 20:53 - 2015-12-05 05:58 - 00463776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2016-01-12 20:53 - 2015-12-05 05:58 - 00399776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll
2016-01-12 20:53 - 2015-12-05 05:58 - 00299080 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2016-01-12 20:53 - 2015-12-05 05:58 - 00275312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
2016-01-12 20:53 - 2015-12-05 05:58 - 00274280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
2016-01-12 20:53 - 2015-12-05 05:58 - 00250520 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2016-01-12 20:53 - 2015-12-05 05:58 - 00248432 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2016-01-12 20:53 - 2015-12-05 05:58 - 00246856 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2016-01-12 20:53 - 2015-12-05 05:58 - 00244296 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-01-12 20:53 - 2015-12-05 05:58 - 00229272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
2016-01-12 20:53 - 2015-12-05 05:58 - 00203016 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2016-01-12 20:53 - 2015-12-05 05:58 - 00184912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
2016-01-12 20:53 - 2015-12-05 05:58 - 00183856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
2016-01-12 20:53 - 2015-12-05 05:58 - 00116720 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-01-12 20:53 - 2015-12-05 05:58 - 00110544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-01-12 20:53 - 2015-12-05 05:58 - 00099136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
2016-01-12 20:53 - 2015-12-05 05:58 - 00090904 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2016-01-12 20:53 - 2015-12-05 05:58 - 00090392 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2016-01-12 20:53 - 2015-12-05 05:58 - 00081032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2016-01-12 20:53 - 2015-12-05 05:58 - 00076936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
2016-01-12 20:53 - 2015-12-04 15:00 - 01097216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-01-12 20:53 - 2015-12-03 19:42 - 00561952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-01-12 20:53 - 2015-12-03 19:42 - 00397224 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-01-12 20:53 - 2015-12-03 19:42 - 00137968 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-01-12 20:53 - 2015-12-03 19:42 - 00106960 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2016-01-12 20:53 - 2015-12-03 19:41 - 00177488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-01-12 20:53 - 2015-12-03 18:52 - 00340872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-01-12 20:53 - 2015-12-03 18:52 - 00120376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-01-12 20:53 - 2015-12-03 18:52 - 00091416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2016-01-12 20:53 - 2015-12-03 18:28 - 00401920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-01-12 20:53 - 2015-12-03 18:28 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-01-12 20:53 - 2015-12-03 18:07 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-01-12 20:53 - 2015-12-03 18:07 - 00289792 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2016-01-12 20:53 - 2015-12-03 18:05 - 00644608 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2016-01-12 20:53 - 2015-12-03 18:02 - 01664000 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-01-12 20:53 - 2015-12-03 18:00 - 00451072 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2016-01-12 20:53 - 2015-12-03 17:58 - 00378880 ____C (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2016-01-12 20:53 - 2015-12-03 17:51 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-01-12 20:53 - 2015-12-03 17:36 - 01697792 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-01-12 20:53 - 2015-12-03 17:30 - 00468480 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2016-01-12 20:53 - 2015-12-03 17:28 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-01-12 20:53 - 2015-12-03 17:28 - 00245760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2016-01-12 20:53 - 2015-12-03 17:27 - 00736256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
2016-01-12 20:53 - 2015-12-03 17:24 - 01411584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
2016-01-12 20:53 - 2015-12-03 17:23 - 00402432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
2016-01-12 20:53 - 2015-12-03 17:16 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-01-12 20:53 - 2015-12-03 17:13 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-01-12 20:53 - 2015-12-03 17:07 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-01-12 20:53 - 2015-12-03 17:06 - 01501184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-01-12 20:53 - 2015-12-03 17:01 - 00743936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
2016-01-12 20:53 - 2015-12-03 16:45 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-01-12 20:53 - 2015-12-03 16:40 - 01010688 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2016-01-12 20:53 - 2015-12-03 16:29 - 00887296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2016-01-12 20:53 - 2015-12-02 15:04 - 00670208 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-01-12 20:53 - 2015-12-02 15:01 - 00561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2016-01-12 20:52 - 2015-12-08 19:08 - 00685432 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-01-12 20:52 - 2015-12-08 19:07 - 00507176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-02-09 18:21 - 2015-12-08 09:24 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1343854479-873069186-2863876452-1002
2016-02-09 17:39 - 2015-12-14 13:39 - 00000937 _____ C:\Windows\Tasks\EPSON XP-322 323 325 Series Update {3F135F97-7E6C-46D6-BBA8-E64BB4DD38C1}.job
2016-02-09 17:38 - 2015-12-14 13:38 - 00000937 _____ C:\Windows\Tasks\EPSON XP-322 323 325 Series Update {178A5127-B7E2-4709-B44E-4F2F52BA4C65}.job
2016-02-09 17:31 - 2015-10-07 13:32 - 00000924 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-09 17:25 - 2015-12-08 11:54 - 00003950 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{D813D5A7-8FB5-485D-B469-BE69E474CFFF}
2016-02-09 17:19 - 2015-12-14 14:01 - 00000000 __RDO C:\Users\Molly Poole\OneDrive
2016-02-09 17:18 - 2015-10-07 13:32 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-09 17:18 - 2013-08-22 14:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-09 17:01 - 2013-08-22 13:36 - 00000000 ____D C:\Windows\Inf
2016-02-09 16:57 - 2015-12-08 09:17 - 00000000 ____D C:\Users\Molly Poole\AppData\Local\Packages
2016-02-09 15:49 - 2013-08-22 13:25 - 00524288 ___SH C:\Windows\system32\config\BBI
2016-02-09 10:04 - 2015-12-08 10:21 - 00000000 ____D C:\ProgramData\TEMP
2016-02-07 20:32 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\AppReadiness
2016-02-05 13:37 - 2015-12-08 10:47 - 00003108 _____ C:\Windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1343854479-873069186-2863876452-1002
2016-02-05 13:33 - 2015-10-07 13:32 - 00002239 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-05 13:27 - 2015-12-08 11:20 - 00000000 ____D C:\ProgramData\Claro Software
2016-02-04 13:39 - 2015-10-07 11:34 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2016-02-02 04:26 - 2015-10-07 13:32 - 00003896 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-02 04:26 - 2015-10-07 13:32 - 00003660 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-02-01 15:04 - 2015-12-08 11:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Claro Software
2016-02-01 15:04 - 2015-12-08 11:20 - 00000000 ____D C:\Program Files (x86)\Claro Software
2016-02-01 15:03 - 2015-12-08 11:21 - 00000000 ____D C:\ProgramData\regid.2004-06.com.clarosoftware
2016-02-01 13:14 - 2015-12-08 09:18 - 00000000 ____D C:\Users\Molly Poole\AppData\Local\Google
2016-01-28 20:46 - 2013-08-22 15:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-01-28 20:46 - 2013-08-22 15:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-01-28 20:45 - 2015-12-08 10:30 - 00000000 ____D C:\Program Files\Microsoft Office
2016-01-24 23:10 - 2015-12-08 09:17 - 00000000 ____D C:\Users\Molly Poole
2016-01-24 20:00 - 2013-08-22 15:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-01-22 21:29 - 2015-12-14 21:42 - 00000000 ____D C:\Users\Molly Poole\AppData\Local\Adobe
2016-01-22 18:10 - 2015-12-08 10:17 - 00000000 ____D C:\ProgramData\Nuance
2016-01-22 14:12 - 2015-12-08 10:24 - 00000000 ____D C:\Users\Molly Poole\AppData\Roaming\Apple Computer
2016-01-22 14:12 - 2014-11-22 01:00 - 00992588 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-19 13:41 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\rescache
2016-01-19 12:50 - 2015-12-08 10:30 - 00002457 _____ C:\Users\Public\Desktop\Sonocent Audio Notetaker.lnk
2016-01-19 12:00 - 2015-12-08 11:55 - 00001235 _____ C:\Users\Molly Poole\AppData\Roaming\SAS7_000.DAT
2016-01-18 22:07 - 2015-10-07 13:33 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-01-18 22:06 - 2015-10-07 13:33 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-01-13 21:41 - 2015-10-07 11:52 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-01-13 21:41 - 2015-10-07 11:52 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-01-13 21:40 - 2015-10-07 13:08 - 00000000 ____D C:\Windows\system32\appraiser
2016-01-13 21:40 - 2014-11-22 05:15 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-01-13 18:21 - 2013-08-22 15:20 - 00000000 ____D C:\Windows\CbsTemp
2016-01-13 18:20 - 2015-10-07 11:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-01-13 18:17 - 2015-10-07 13:00 - 00000000 ____D C:\Windows\system32\MRT
2016-01-13 18:14 - 2015-10-07 13:00 - 143671360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
==================== Files in the root of some directories =======
2015-12-08 11:55 - 2016-01-19 12:00 - 0001235 _____ () C:\Users\Molly Poole\AppData\Roaming\SAS7_000.DAT
Some files in TEMP:
====================
C:\Users\Molly Poole\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-02-05 17:12
==================== End of FRST.txt ============================