Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Something is not right


  • Please log in to reply

#1
starter005

starter005

    Member

  • Member
  • PipPip
  • 35 posts
I'm having issues with my PC. I have a Dell [email protected] with 8GB RAM x64 running Win 10. It just doesn't seem to be working right. Today I went on and my taskbar at the bottom of the screen had no icons and I had to reboot a couple of times before they showed up. I've also been having a lot of trouble with yahoo crashing in Microsoft Edge as well as Yahoo mail freezing. I ran all my anti viral and Malware programs but nothing shows. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-02-2016 Ran by start_000 (administrator) on RALPH (17-02-2016 12:23:40) Running from C:\Users\start_000\Desktop Loaded Profiles: start_000 (Available Profiles: start_000 & Administrator & DefaultAppPool) Platform: Windows 10 Home Version 1511 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Edge) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe (IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Microsoft Corporation) C:\Windows\System32\mqsvc.exe () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe (Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Microsoft Corporation) C:\Windows\System32\Speech_OneCore\Common\SpeechRuntime.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (Brother Industries Ltd.) C:\Brother\BPRSP\resources\BrSupSsp.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe (Microsoft Corporation) C:\Windows\System32\browser_broker.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.49020.0_x64__8wekyb3d8bbwe\Calculator.exe () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.201.11370.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe () C:\Program Files\WindowsApps\9E2F88E3.Twitter_4.3.4.0_x86__wgeqdkkx372wm\Twitter.Windows.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133440 2012-07-19] (Intel Corporation) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139768 2016-02-06] (AVAST Software) HKLM-x32\...\Run: [PowerDVD14Agent] => C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe [795672 2014-08-12] (CyberLink Corp.) HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc.) HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2014-06-16] (Brother Industries, Ltd.) HKLM-x32\...\Run: [BrHelp] => c:\program files (x86)\brother\brother help\brotherhelp.exe [2009088 2013-01-18] (Brother Industries, Ltd.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596016 2016-01-29] (Oracle Corporation) Winlogon\Notify\igfxcui: igfxdev.dll [X] HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248176 2015-07-13] (TomTom) HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation) HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7935904 2016-01-22] (SUPERAntiSpyware) HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8619224 2016-01-15] (Piriform Ltd) HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403304 2016-01-28] (Garmin Ltd. or its subsidiaries) HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\RunOnce: [Uninstall C:\Users\start_000\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\start_000\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64" HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\Policies\Explorer: [NoInstrumentation] 0 HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403304 2016-01-28] (Garmin Ltd. or its subsidiaries) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-02-04] (AVAST Software) ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\WINDOWS\system32\mscoree.dll [2015-10-30] (Microsoft Corporation) ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\WINDOWS\system32\mscoree.dll [2015-10-30] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-01-22] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-01-22] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-01-22] (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Brother BPRSP.lnk [2015-08-28] ShortcutTarget: Brother BPRSP.lnk -> C:\Windows\Installer\{8040527F-DD74-4B45-8A06-C4BF145B6C76}\BrSupSsp.exe_6861D01CB00C428FAA7298BB572A9511.exe (Flexera Software LLC) Startup: C:\Users\Ralph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2014-03-17] ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{8def33c9-d402-4c1f-b94b-3b2aca53daa6}: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{aa55db39-edac-4607-a04d-bf2130a2cd71}: [DhcpNameServer] 192.168.1.254 Internet Explorer: ================== HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/ SearchScopes: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D010316-A7CC6EA01761F42C6B1F&form=CONBDF&conlogo=CT3331971&q={searchTerms} SearchScopes: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D010316-A7CC6EA01761F42C6B1F&form=CONBDF&conlogo=CT3331971&q={searchTerms} SearchScopes: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008 -> {729582B7-CDB9-4D1F-A6EA-3CE1F3F03E02} URL = SearchScopes: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008 -> {96CAAC3F-DDAC-429C-8D64-745C19A15013} URL = BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-12-18] (Microsoft Corporation) BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_74\bin\ssv.dll [2016-02-09] (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-02-04] (AVAST Software) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-01-22] (Microsoft Corporation) BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_74\bin\jp2ssv.dll [2016-02-09] (Oracle Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-12-18] (Microsoft Corporation) BHO-x32: Protect My Choices (Beta) -> {3DFCDCA1-AEAC-4302-A690-BFB683568BAA} -> C:\Program Files (x86)\DigitalAdvertisingAlliance\Protect My Choices\pmc.dll [2015-09-16] (Digital Advertising Alliance) BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-02-04] (AVAST Software) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-01-22] (Microsoft Corporation) Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Toolbar: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com/bin/srldetect_intel_4.5.22.0.cab Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation) Edge: ====== Edge HomeButtonPage: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008 -> hxxp://www.yahoo.com/ FireFox: ======== FF ProfilePath: C:\Users\start_000\AppData\Roaming\Mozilla\Firefox\Profiles\fcly5hd4.default FF NewTab: about:home FF DefaultSearchEngine: Google FF DefaultSearchEngine.US: Google FF DefaultSearchUrl: hxxps://search.yahoo.com/yhs/search FF SearchEngineOrder.1: Yahoo! (Avast) FF SelectedSearchEngine: Google FF Homepage: hxxp://www.yahoo.com FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-10] () FF Plugin: @java.com/DTPlugin,version=11.74.2 -> C:\Program Files\Java\jre1.8.0_74\bin\dtplugin\npDeployJava1.dll [2016-02-09] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.74.2 -> C:\Program Files\Java\jre1.8.0_74\bin\plugin2\npjp2.dll [2016-02-09] (Oracle Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-10] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1223183.dll [2015-12-21] (Adobe Systems, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-04] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-04] (Intel Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-03-21] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-4239315751-2608994865-2960470113-1008: @citrixonline.com/appdetectorplugin -> C:\Users\start_000\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-11-07] (Citrix Online) FF SearchPlugin: C:\Users\start_000\AppData\Roaming\Mozilla\Firefox\Profiles\fcly5hd4.default\searchplugins\bing-lavasoft.xml [2016-01-03] FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-02-04] FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-02-04] Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2016-02-04] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-02-04] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-02-04] (AVAST Software) S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed] R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2787512 2015-12-22] (Microsoft Corporation) S3 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [803856 2016-01-28] (Garmin Ltd. or its subsidiaries) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation) R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed] S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-25] (Intel Corporation) R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2945312 2016-01-14] (IObit) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed] S3 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.) S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-03-26] (CyberLink) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation) S4 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-06-21] () S4 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [1436160 2012-11-29] (Wyse Technology.) [File not signed] R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-06-19] (Atheros) [File not signed] U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-02-04] (AVAST Software) R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-02-04] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-02-04] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-02-04] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-02-04] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1065720 2016-02-04] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [463744 2016-02-04] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [165344 2016-02-04] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287016 2016-02-11] (AVAST Software) R3 athr; C:\Windows\System32\drivers\athw10x.sys [4341424 2016-01-06] (Qualcomm Atheros Communications, Inc.) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-08-29] (CyberLink) R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-03-22] (REALiX™) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [185088 2015-12-04] (Intel Corporation) S0 ngvss; no ImagePath R1 RawDisk3; C:\WINDOWS\system32\drivers\rawdsk3.sys [32912 2015-03-25] (EldoS Corporation) R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [935168 2015-12-20] (Realtek ) S3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [407768 2015-12-04] (Realsil Semiconductor Corporation) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [21984 2015-06-04] () S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation) R2 {C5F942FD-1110-4664-86CE-0C6BDA305235}; C:\Program Files (x86)\CyberLink\PowerDVD14\Common\NavFilter\000.fcl [32456 2014-08-11] (CyberLink Corp.) U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-02-17 12:23 - 2016-02-17 12:23 - 02371072 _____ (Farbar) C:\Users\start_000\Desktop\FRST64.exe 2016-02-17 12:23 - 2016-02-17 12:23 - 00000000 ____D C:\Users\start_000\Desktop\FRST-OlderVersion 2016-02-15 09:04 - 2016-02-15 09:04 - 00003500 _____ C:\Users\start_000\Desktop\Search.txt 2016-02-15 08:53 - 2016-02-15 08:55 - 01508352 _____ C:\Users\start_000\Desktop\AdwCleaner.exe 2016-02-15 08:53 - 2016-02-15 08:53 - 00001079 _____ C:\Users\start_000\Downloads\AdwCleaner - Shortcut.lnk 2016-02-15 08:17 - 2016-02-15 08:17 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-RALPH-Windows-10-Home-(64-bit).dat 2016-02-15 08:17 - 2016-02-15 08:17 - 00000000 ____D C:\RegBackup 2016-02-15 08:16 - 2016-02-15 08:16 - 00002334 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk 2016-02-15 08:16 - 2016-02-15 08:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com 2016-02-15 08:16 - 2016-02-15 08:16 - 00000000 ____D C:\Program Files (x86)\Tweaking.com 2016-02-15 08:14 - 2016-02-15 08:15 - 04777232 _____ (Tweaking.com) C:\Users\start_000\Downloads\tweaking.com_registry_backup_setup.exe 2016-02-14 10:55 - 2016-02-14 10:55 - 02190552 _____ C:\Users\start_000\Downloads\appmanagersetup_2.0_b4_292 (1).exe 2016-02-14 10:55 - 2016-02-14 10:55 - 00000000 ____D C:\Program Files (x86)\FileHippo.com 2016-02-14 10:27 - 2016-02-14 10:27 - 00044302 _____ C:\Users\start_000\Desktop\Addition.txt 2016-02-14 10:26 - 2016-02-17 12:24 - 00020853 _____ C:\Users\start_000\Desktop\FRST.txt 2016-02-14 10:25 - 2016-02-14 10:25 - 00000000 ___HD C:\$Windows.~WS 2016-02-14 10:25 - 2016-02-14 10:25 - 00000000 ____D C:\$WINDOWS.~BT 2016-02-14 10:24 - 2016-02-14 10:24 - 02370560 _____ (Farbar) C:\Users\start_000\Downloads\FRST64 (2).exe 2016-02-12 08:35 - 2016-02-15 08:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-02-11 10:08 - 2016-02-11 10:08 - 00034751 _____ C:\Users\start_000\Desktop\SysInfo.xml 2016-02-11 10:05 - 2016-02-11 10:06 - 00386752 _____ (Intel Corporation) C:\Users\start_000\Downloads\SSU.exe 2016-02-11 09:19 - 2016-02-11 09:19 - 00287016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys 2016-02-10 17:01 - 2016-02-10 17:01 - 24603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2016-02-10 17:01 - 2016-02-10 17:01 - 22564328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2016-02-10 17:01 - 2016-02-10 17:01 - 22394368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2016-02-10 17:01 - 2016-02-10 17:01 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2016-02-10 17:01 - 2016-02-10 17:01 - 19339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2016-02-10 17:01 - 2016-02-10 17:01 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2016-02-10 17:01 - 2016-02-10 17:01 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2016-02-10 17:01 - 2016-02-10 17:01 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2016-02-10 17:01 - 2016-02-10 17:01 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2016-02-10 17:01 - 2016-02-10 17:01 - 07835648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2016-02-10 17:01 - 2016-02-10 17:01 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2016-02-10 17:01 - 2016-02-10 17:01 - 04894720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2016-02-10 17:01 - 2016-02-10 17:01 - 04064320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe 2016-02-10 17:01 - 2016-02-10 17:01 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2016-02-10 17:01 - 2016-02-10 17:01 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2016-02-10 17:01 - 2016-02-10 17:01 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2016-02-10 17:01 - 2016-02-10 17:01 - 01819720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2016-02-10 17:01 - 2016-02-10 17:01 - 01557776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2016-02-10 17:01 - 2016-02-10 17:01 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2016-02-10 17:01 - 2016-02-10 17:01 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2016-02-10 17:01 - 2016-02-10 17:01 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iassam.dll 2016-02-10 17:01 - 2016-02-10 17:01 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll 2016-02-10 17:01 - 2016-02-10 17:01 - 00085320 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpenWith.exe 2016-02-10 17:01 - 2016-02-10 17:01 - 00081112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpenWith.exe 2016-02-10 17:01 - 2016-02-10 17:01 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\cfgbkend.dll 2016-02-10 17:00 - 2016-02-10 17:00 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2016-02-10 17:00 - 2016-02-10 17:00 - 07476064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2016-02-10 17:00 - 2016-02-10 17:00 - 06605544 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2016-02-10 17:00 - 2016-02-10 17:00 - 05242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll 2016-02-10 17:00 - 2016-02-10 17:00 - 04502352 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe 2016-02-10 17:00 - 2016-02-10 17:00 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2016-02-10 17:00 - 2016-02-10 17:00 - 02757120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2016-02-10 17:00 - 2016-02-10 17:00 - 02606824 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll 2016-02-10 17:00 - 2016-02-10 17:00 - 02275328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2016-02-10 17:00 - 2016-02-10 17:00 - 02230784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2016-02-10 17:00 - 2016-02-10 17:00 - 01998176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2016-02-10 17:00 - 2016-02-10 17:00 - 01824264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll 2016-02-10 17:00 - 2016-02-10 17:00 - 01734656 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2016-02-10 17:00 - 2016-02-10 17:00 - 01504768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2016-02-10 17:00 - 2016-02-10 17:00 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2016-02-10 17:00 - 2016-02-10 17:00 - 01270072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll 2016-02-10 17:00 - 2016-02-10 17:00 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll 2016-02-10 17:00 - 2016-02-10 17:00 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2016-02-10 17:00 - 2016-02-10 17:00 - 00820704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll 2016-02-10 17:00 - 2016-02-10 17:00 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2016-02-10 17:00 - 2016-02-10 17:00 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2016-02-10 17:00 - 2016-02-10 17:00 - 00576352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys 2016-02-10 17:00 - 2016-02-10 17:00 - 00359776 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll 2016-02-10 17:00 - 2016-02-10 17:00 - 00304752 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe 2016-02-10 17:00 - 2016-02-10 17:00 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll 2016-02-10 17:00 - 2016-02-10 17:00 - 00295264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll 2016-02-10 17:00 - 2016-02-10 17:00 - 00258048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iassam.dll 2016-02-10 17:00 - 2016-02-10 17:00 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll 2016-02-10 17:00 - 2016-02-10 17:00 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll 2016-02-10 17:00 - 2016-02-10 17:00 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys 2016-02-10 17:00 - 2016-02-10 17:00 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll 2016-02-10 17:00 - 2016-02-10 17:00 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll 2016-02-10 17:00 - 2016-02-10 17:00 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll 2016-02-10 17:00 - 2016-02-10 17:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll 2016-02-10 17:00 - 2016-02-10 17:00 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll 2016-02-10 17:00 - 2016-02-10 17:00 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cfgbkend.dll 2016-02-10 17:00 - 2016-02-10 17:00 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll 2016-02-10 17:00 - 2016-02-10 17:00 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll 2016-02-10 17:00 - 2016-02-10 17:00 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ztrace_maps.dll 2016-02-10 17:00 - 2016-02-10 17:00 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ztrace_maps.dll 2016-02-10 16:53 - 2016-02-10 16:53 - 00828920 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2016-02-10 16:53 - 2016-02-10 16:53 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2016-02-09 11:30 - 2016-02-09 11:31 - 129957096 _____ (Intel Corporation) C:\Users\start_000\Downloads\win64_153338.exe 2016-02-09 11:29 - 2016-02-09 11:29 - 00110176 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll 2016-02-08 15:23 - 2016-02-08 15:23 - 00041914 _____ C:\Users\start_000\Downloads\Addition.txt 2016-02-08 15:21 - 2016-02-17 12:23 - 00000000 ____D C:\FRST 2016-02-08 10:53 - 2016-02-08 10:53 - 00631383 _____ C:\Users\start_000\Downloads\Statement_Jan 2016.pdf 2016-02-08 10:13 - 2016-02-08 10:13 - 00388608 _____ (Trend Micro Inc.) C:\Users\start_000\Downloads\HijackThis.exe 2016-02-06 14:20 - 2016-02-06 14:20 - 00001886 _____ C:\Users\start_000\Desktop\Intel® HD Graphics 2500 Saturday, February 6, 2016 .txt 2016-02-05 17:19 - 2016-02-05 17:20 - 00000022 _____ C:\Users\start_000\Downloads\Attachments_201625 (7).zip 2016-02-05 17:16 - 2016-02-05 17:17 - 00000022 _____ C:\Users\start_000\Downloads\Attachments_201625 (6).zip 2016-02-05 17:16 - 2016-02-05 17:16 - 00000022 _____ C:\Users\start_000\Downloads\Attachments_201625 (5).zip 2016-02-05 17:15 - 2016-02-05 17:16 - 00000022 _____ C:\Users\start_000\Downloads\Attachments_201625 (4).zip 2016-02-05 17:14 - 2016-02-05 17:15 - 00000022 _____ C:\Users\start_000\Downloads\Attachments_201625 (3).zip 2016-02-05 17:13 - 2016-02-05 17:14 - 00000022 _____ C:\Users\start_000\Downloads\Attachments_201625 (2).zip 2016-02-05 17:13 - 2016-02-05 17:13 - 01131054 _____ C:\Users\start_000\Downloads\Attachments_201625 (1).zip 2016-02-05 17:11 - 2016-02-05 17:12 - 00000022 _____ C:\Users\start_000\Downloads\Attachments_201625.zip 2016-02-04 09:18 - 2016-02-04 09:18 - 00004006 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update 2016-02-04 09:18 - 2016-02-04 09:18 - 00003156 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1454594977 2016-02-04 09:18 - 2016-02-04 09:18 - 00001987 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk 2016-02-04 09:18 - 2016-02-04 09:18 - 00001090 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk 2016-02-04 09:18 - 2016-02-04 09:05 - 01065720 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys 2016-02-04 09:18 - 2016-02-04 09:05 - 00463744 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys 2016-02-04 09:18 - 2016-02-04 09:05 - 00398152 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2016-02-04 09:18 - 2016-02-04 09:05 - 00165344 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys 2016-02-04 09:18 - 2016-02-04 09:05 - 00107792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2016-02-04 09:18 - 2016-02-04 09:05 - 00103064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys 2016-02-04 09:18 - 2016-02-04 09:05 - 00074544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys 2016-02-04 09:18 - 2016-02-04 09:05 - 00037656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys 2016-02-04 09:18 - 2016-02-04 09:05 - 00037144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys 2016-02-04 09:05 - 2016-02-04 09:05 - 00052184 _____ (AVAST Software) C:\WINDOWS\avastSS.scr 2016-02-02 09:03 - 2016-02-02 09:03 - 00003622 _____ C:\WINDOWS\System32\Tasks\GarminUpdaterTask 2016-02-02 09:03 - 2016-02-02 09:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin 2016-01-29 09:10 - 2016-01-29 09:11 - 14423632 _____ (IObit ) C:\Users\start_000\Downloads\driver_booster_setup (1).exe 2016-01-29 09:09 - 2016-01-16 01:37 - 00202472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll 2016-01-29 09:09 - 2016-01-16 01:36 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2016-01-29 09:09 - 2016-01-16 01:36 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2016-01-29 09:09 - 2016-01-16 01:34 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2016-01-29 09:09 - 2016-01-16 01:24 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll 2016-01-29 09:09 - 2016-01-16 01:23 - 08728920 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2016-01-29 09:09 - 2016-01-16 01:23 - 00848160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll 2016-01-29 09:09 - 2016-01-16 01:23 - 00785088 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll 2016-01-29 09:09 - 2016-01-16 01:23 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll 2016-01-29 09:09 - 2016-01-16 01:23 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll 2016-01-29 09:09 - 2016-01-16 01:23 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe 2016-01-29 09:09 - 2016-01-16 01:21 - 01750440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe 2016-01-29 09:09 - 2016-01-16 01:20 - 06971752 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll 2016-01-29 09:09 - 2016-01-16 01:20 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll 2016-01-29 09:09 - 2016-01-16 01:20 - 00431240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll 2016-01-29 09:09 - 2016-01-16 01:20 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll 2016-01-29 09:09 - 2016-01-16 01:19 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll 2016-01-29 09:09 - 2016-01-16 01:19 - 00405568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll 2016-01-29 09:09 - 2016-01-16 01:12 - 01415200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll 2016-01-29 09:09 - 2016-01-16 01:09 - 01089880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys 2016-01-29 09:09 - 2016-01-16 01:08 - 01174008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll 2016-01-29 09:09 - 2016-01-16 01:08 - 00440152 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe 2016-01-29 09:09 - 2016-01-16 00:46 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys 2016-01-29 09:09 - 2016-01-16 00:45 - 16986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2016-01-29 09:09 - 2016-01-16 00:44 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe 2016-01-29 09:09 - 2016-01-16 00:44 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasadhlp.dll 2016-01-29 09:09 - 2016-01-16 00:44 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll 2016-01-29 09:09 - 2016-01-16 00:43 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttpcom.dll 2016-01-29 09:09 - 2016-01-16 00:42 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll 2016-01-29 09:09 - 2016-01-16 00:42 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscoreext.dll 2016-01-29 09:09 - 2016-01-16 00:41 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe 2016-01-29 09:09 - 2016-01-16 00:40 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll 2016-01-29 09:09 - 2016-01-16 00:40 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe 2016-01-29 09:09 - 2016-01-16 00:40 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasautou.exe 2016-01-29 09:09 - 2016-01-16 00:39 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll 2016-01-29 09:09 - 2016-01-16 00:38 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll 2016-01-29 09:09 - 2016-01-16 00:38 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2016-01-29 09:09 - 2016-01-16 00:38 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimCfg.dll 2016-01-29 09:09 - 2016-01-16 00:38 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbio.dll 2016-01-29 09:09 - 2016-01-16 00:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll 2016-01-29 09:09 - 2016-01-16 00:37 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll 2016-01-29 09:09 - 2016-01-16 00:37 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll 2016-01-29 09:09 - 2016-01-16 00:37 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll 2016-01-29 09:09 - 2016-01-16 00:36 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll 2016-01-29 09:09 - 2016-01-16 00:36 - 00475648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll 2016-01-29 09:09 - 2016-01-16 00:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2016-01-29 09:09 - 2016-01-16 00:36 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimAuth.dll 2016-01-29 09:09 - 2016-01-16 00:36 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll 2016-01-29 09:09 - 2016-01-16 00:35 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2016-01-29 09:09 - 2016-01-16 00:35 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2016-01-29 09:09 - 2016-01-16 00:35 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasadhlp.dll 2016-01-29 09:09 - 2016-01-16 00:34 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll 2016-01-29 09:09 - 2016-01-16 00:34 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll 2016-01-29 09:09 - 2016-01-16 00:34 - 00477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll 2016-01-29 09:09 - 2016-01-16 00:34 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2016-01-29 09:09 - 2016-01-16 00:34 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttpcom.dll 2016-01-29 09:09 - 2016-01-16 00:33 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll 2016-01-29 09:09 - 2016-01-16 00:33 - 00574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll 2016-01-29 09:09 - 2016-01-16 00:33 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll 2016-01-29 09:09 - 2016-01-16 00:32 - 00621568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll 2016-01-29 09:09 - 2016-01-16 00:32 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe 2016-01-29 09:09 - 2016-01-16 00:31 - 00851456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll 2016-01-29 09:09 - 2016-01-16 00:31 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll 2016-01-29 09:09 - 2016-01-16 00:31 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll 2016-01-29 09:09 - 2016-01-16 00:31 - 00343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll 2016-01-29 09:09 - 2016-01-16 00:31 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasautou.exe 2016-01-29 09:09 - 2016-01-16 00:30 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2016-01-29 09:09 - 2016-01-16 00:30 - 01053696 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2016-01-29 09:09 - 2016-01-16 00:30 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2016-01-29 09:09 - 2016-01-16 00:30 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimCfg.dll 2016-01-29 09:09 - 2016-01-16 00:30 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winbio.dll 2016-01-29 09:09 - 2016-01-16 00:29 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe 2016-01-29 09:09 - 2016-01-16 00:29 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll 2016-01-29 09:09 - 2016-01-16 00:28 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll 2016-01-29 09:09 - 2016-01-16 00:28 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll 2016-01-29 09:09 - 2016-01-16 00:28 - 00884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll 2016-01-29 09:09 - 2016-01-16 00:28 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimAuth.dll 2016-01-29 09:09 - 2016-01-16 00:27 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2016-01-29 09:09 - 2016-01-16 00:26 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll 2016-01-29 09:09 - 2016-01-16 00:26 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll 2016-01-29 09:09 - 2016-01-16 00:26 - 00260608 _____ C:\WINDOWS\system32\MTFServer.dll 2016-01-29 09:09 - 2016-01-16 00:26 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll 2016-01-29 09:09 - 2016-01-16 00:25 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll 2016-01-29 09:09 - 2016-01-16 00:25 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll 2016-01-29 09:09 - 2016-01-16 00:25 - 00235008 _____ C:\WINDOWS\system32\MTF.dll 2016-01-29 09:09 - 2016-01-16 00:24 - 02057216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll 2016-01-29 09:09 - 2016-01-16 00:24 - 00613888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll 2016-01-29 09:09 - 2016-01-16 00:24 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll 2016-01-29 09:09 - 2016-01-16 00:24 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll 2016-01-29 09:09 - 2016-01-16 00:23 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2016-01-29 09:09 - 2016-01-16 00:23 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2016-01-29 09:09 - 2016-01-16 00:21 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll 2016-01-29 09:09 - 2016-01-16 00:20 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll 2016-01-29 09:09 - 2016-01-16 00:20 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll 2016-01-29 09:09 - 2016-01-16 00:20 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll 2016-01-29 09:09 - 2016-01-16 00:20 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll 2016-01-29 09:09 - 2016-01-16 00:19 - 00733184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll 2016-01-29 09:09 - 2016-01-16 00:19 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll 2016-01-29 09:09 - 2016-01-16 00:19 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll 2016-01-29 09:09 - 2016-01-16 00:19 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll 2016-01-29 09:09 - 2016-01-16 00:18 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll 2016-01-29 09:09 - 2016-01-16 00:17 - 05503488 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll 2016-01-29 09:09 - 2016-01-16 00:16 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll 2016-01-29 09:09 - 2016-01-16 00:16 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll 2016-01-29 09:09 - 2016-01-16 00:15 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll 2016-01-29 09:09 - 2016-01-16 00:14 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll 2016-01-29 09:09 - 2016-01-16 00:14 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll 2016-01-29 09:09 - 2016-01-16 00:11 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll 2016-01-26 09:15 - 2016-01-26 09:15 - 06828320 _____ (Piriform Ltd) C:\Users\start_000\Downloads\ccsetup514.exe 2016-01-21 15:28 - 2016-01-21 15:28 - 02006715 _____ C:\Users\start_000\Downloads\DivineEats_Chicken.pdf 2016-01-21 15:28 - 2016-01-21 15:28 - 02006715 _____ C:\Users\start_000\Downloads\DivineEats_Chicken (2).pdf 2016-01-21 15:28 - 2016-01-21 15:28 - 02006715 _____ C:\Users\start_000\Downloads\DivineEats_Chicken (1).pdf 2016-01-21 07:32 - 2016-01-21 07:32 - 41171496 _____ (IObit ) C:\Users\start_000\Downloads\advanced-systemcare-setup.exe 2016-01-19 09:18 - 2016-02-05 17:16 - 00000000 ____D C:\Users\start_000\Desktop\Upstate NY Pics ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-02-17 12:24 - 2014-12-22 11:11 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2016-02-17 12:18 - 2014-08-08 14:54 - 00004156 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{0B596711-D62E-4C9A-A60C-AE56F81F2B11} 2016-02-17 11:59 - 2015-10-30 02:24 - 00000000 ___HD C:\Program Files\WindowsApps 2016-02-17 11:59 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-02-17 11:52 - 2014-03-11 15:44 - 00007891 _____ C:\WINDOWS\BRRBCOM.INI 2016-02-16 15:12 - 2015-11-23 16:11 - 00917148 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-02-16 15:12 - 2015-10-30 02:21 - 00000000 ____D C:\WINDOWS\INF 2016-02-16 13:49 - 2015-11-23 15:58 - 00000000 ____D C:\Users\start_000 2016-02-16 13:49 - 2014-07-22 13:58 - 00000000 __SHD C:\Users\start_000\IntelGraphicsProfiles 2016-02-16 13:48 - 2015-11-23 16:13 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-02-15 10:02 - 2015-11-23 08:13 - 00000000 ___RD C:\Users\start_000\Desktop\Performance 2016-02-15 08:55 - 2015-11-13 16:02 - 00000000 ____D C:\AdwCleaner 2016-02-15 08:51 - 2013-12-05 12:58 - 00000000 __RHD C:\Users\Public\AccountPictures 2016-02-15 08:49 - 2015-10-22 14:41 - 00000000 ____D C:\Program Files (x86)\IObit 2016-02-15 08:49 - 2014-12-22 10:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-02-15 08:48 - 2015-10-30 04:07 - 00000000 ____D C:\Program Files\Windows Journal 2016-02-15 08:48 - 2015-10-30 01:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI 2016-02-15 08:45 - 2015-03-22 09:07 - 00000000 ____D C:\ProgramData\ProductData 2016-02-15 08:43 - 2015-03-22 09:07 - 00000000 ____D C:\ProgramData\IObit 2016-02-14 10:27 - 2015-11-23 18:51 - 00000000 ___DC C:\WINDOWS\Panther 2016-02-14 10:27 - 2014-03-11 19:44 - 00057728 _____ C:\WINDOWS\diagwrn.xml 2016-02-14 10:27 - 2014-03-11 19:44 - 00055848 _____ C:\WINDOWS\diagerr.xml 2016-02-13 16:19 - 2014-07-23 03:27 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2016-02-12 09:34 - 2014-03-11 17:31 - 00000000 ____D C:\WINDOWS\system32\MRT 2016-02-12 09:31 - 2014-03-11 17:31 - 146614896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2016-02-10 17:01 - 2015-10-30 02:11 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-02-09 11:30 - 2014-07-23 03:17 - 00000000 ____D C:\Program Files\Java 2016-02-09 11:29 - 2015-08-21 14:17 - 00000000 ____D C:\Users\start_000\.oracle_jre_usage 2016-02-09 11:29 - 2014-03-11 18:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2016-02-09 11:24 - 2015-06-12 18:10 - 00000000 ____D C:\Users\start_000\Documents\My Filehippo Downloads 2016-02-08 10:14 - 2014-07-22 13:58 - 00000000 ____D C:\Users\start_000\AppData\Local\VirtualStore 2016-02-07 10:36 - 2014-07-22 18:27 - 00000000 ___RD C:\Users\start_000\OneDrive 2016-02-06 14:11 - 2014-12-27 09:07 - 00000000 ____D C:\Users\start_000\Downloads\Intel Components 2016-02-06 14:04 - 2015-11-23 15:58 - 00000000 ____D C:\Users\DefaultAppPool 2016-02-05 17:19 - 2014-07-22 13:58 - 00000000 ____D C:\Users\start_000\AppData\Local\Packages 2016-02-05 08:45 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\registration 2016-02-05 08:24 - 2014-12-17 15:24 - 00000000 ____D C:\Users\start_000\AppData\Local\ElevatedDiagnostics 2016-02-04 09:05 - 2015-01-11 09:42 - 00000000 ____D C:\ProgramData\AVAST Software 2016-02-02 09:04 - 2014-03-11 16:01 - 00000000 ____D C:\ProgramData\Package Cache 2016-02-02 09:03 - 2015-11-07 16:00 - 00000000 ____D C:\Program Files (x86)\Garmin 2016-01-31 10:48 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\rescache 2016-01-30 10:13 - 2015-11-09 15:31 - 00000000 ____D C:\Program Files\SUPERAntiSpyware 2016-01-30 10:12 - 2015-10-30 02:24 - 00000000 ___SD C:\WINDOWS\system32\F12 2016-01-30 10:12 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog 2016-01-30 10:12 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2016-01-30 10:12 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2016-01-30 10:12 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\oobe 2016-01-30 10:12 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\appraiser 2016-01-30 10:12 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\bcastdvr 2016-01-30 10:04 - 2014-11-26 13:50 - 00000178 _____ C:\Users\start_000\Desktop\Yahoo.url 2016-01-29 09:03 - 2014-12-22 10:55 - 00001240 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2016-01-29 09:03 - 2014-12-22 10:55 - 00001228 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2016-01-26 09:16 - 2015-12-21 09:23 - 00000867 _____ C:\Users\Public\Desktop\CCleaner.lnk 2016-01-22 13:02 - 2015-10-30 02:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2016-01-22 13:01 - 2014-03-12 15:25 - 00000000 ____D C:\Program Files\Microsoft Office 15 2016-01-21 07:33 - 2015-03-22 09:07 - 00000000 ____D C:\Users\start_000\AppData\Roaming\IObit 2016-01-19 08:03 - 2015-11-23 15:58 - 00000000 ____D C:\Users\Ralph 2016-01-19 08:03 - 2015-11-23 15:58 - 00000000 ____D C:\Users\Administrator ==================== Files in the root of some directories ======= 2014-07-22 16:09 - 2014-07-22 16:09 - 0000017 _____ () C:\Users\start_000\AppData\Local\resmon.resmoncfg 2013-10-09 14:46 - 2013-10-09 14:46 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log 2013-10-09 14:43 - 2013-10-09 14:43 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log 2013-10-09 14:43 - 2013-10-09 14:44 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log 2013-10-09 14:42 - 2013-10-09 14:42 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log 2013-10-09 14:45 - 2013-10-09 14:46 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-02-13 09:32 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version:17-02-2016 Ran by start_000 (2016-02-17 12:24:29) Running from C:\Users\start_000\Desktop Windows 10 Home (X64) (2015-11-23 21:20:35) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-4239315751-2608994865-2960470113-500 - Administrator - Disabled) => C:\Users\Administrator DefaultAccount (S-1-5-21-4239315751-2608994865-2960470113-503 - Limited - Disabled) Guest (S-1-5-21-4239315751-2608994865-2960470113-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-4239315751-2608994865-2960470113-1007 - Limited - Enabled) start_000 (S-1-5-21-4239315751-2608994865-2960470113-1008 - Administrator - Enabled) => C:\Users\start_000 ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated) Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated) Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.3.183 - Adobe Systems, Inc.) ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2253 - AVAST Software) Brother MFL-Pro Suite MFC-J475DW (HKLM-x32\...\{7B4C83B6-17C1-4BFD-B86D-4D7AD4498CBB}) (Version: 1.0.3.0 - Brother Industries, Ltd.) Brother Product Research and Support Program (HKLM-x32\...\{8040527F-DD74-4B45-8A06-C4BF145B6C76}) (Version: 2.1.1.0002 - Brother Industries, Ltd.) CCleaner (HKLM\...\CCleaner) (Version: 5.14 - Piriform) Combined Community Codec Pack 2014-07-13 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2014.07.13.0 - CCCP Project) Conexant HD Audio (HKLM-x32\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 1.0.50.0 - Conexant) Conexant SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.50.12.0 - Conexant) CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 11.0 - CyberLink Corp.) CyberLink PowerDVD 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.4412.58 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.5.0.0 - Dell Inc.) Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.5.0.0 - Dell Inc.) Dell System Detect (HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\73f463568823ebbe) (Version: 5.13.0.1 - Dell) Dell Wireless Driver Installation (HKLM-x32\...\{451517F1-7E41-400B-AA36-FB7E2563526D}) (Version: 10.0 - Dell) Digital Advertising Alliance Protect My Choices (Beta) (HKLM-x32\...\{B0E895EC-AF4D-48EB-A03B-18DA8ACF5F9A}) (Version: 1.6.0.0 - Digital Advertising Alliance) DSC/AA Factory Installer (Version: 3.3.6261.27 - PC-Doctor, Inc.) Hidden Elevated Installer (x32 Version: 4.1.16.0 - Garmin Ltd or its subsidiaries) Hidden FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version: - FileHippo.com) Garmin Express (x32 Version: 4.1.16.0 - Garmin Ltd or its subsidiaries) Hidden Garmin Express Tray (x32 Version: 4.1.16.0 - Garmin Ltd or its subsidiaries) Hidden Intel Driver Update Utility (HKLM-x32\...\{a699b395-cd93-4135-85ec-828113841355}) (Version: 2.2.0.6 - Intel) Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation) Intel® Driver Update Utility 2.2.0.6 (x32 Version: 2.2.0.1 - Intel) Hidden Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation) Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation) Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation) IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC) Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden Java 8 Update 72 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418072F0}) (Version: 8.0.720.15 - Oracle Corporation) Java 8 Update 74 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418074F0}) (Version: 8.0.740.2 - Oracle Corporation) Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes) Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4787.1002 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Mozilla Firefox 44.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 en-US)) (Version: 44.0.2 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.3.6261.27 - PC-Doctor, Inc.) Nuance PaperPort 12 (HKLM-x32\...\{869FCC6C-5669-4B0B-827E-2BBAACD88A87}) (Version: 12.1.0006 - Nuance Communications, Inc.) Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4787.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4787.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4787.1002 - Microsoft Corporation) Hidden PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.) PocketCloud (HKLM-x32\...\{AAF1E996-6AE6-4684-88A8-41F4E98E2899}) (Version: 2.6.21 - Wyse Technology) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.30136 - Realtek Semiconductor Corp.) SafeZone Stable 1.48.2066.44 (x32 Version: 1.48.2066.44 - Avast Software) Hidden Scansoft PDF Professional (x32 Version: - ) Hidden Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1208 - SUPERAntiSpyware.com) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden System Requirements Lab for Intel (HKLM-x32\...\{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}) (Version: 4.5.22.0 - Husdawg, LLC) TomTom HOME (HKLM-x32\...\{0E09BE17-EDEA-42CA-8974-42A587F51510}) (Version: 2.9.8 - TomTom) TomTom HOME (HKLM-x32\...\{5DCB2EB3-87AD-426E-8D74-8B92C9D731C4}) (Version: 2.9.8 - TomTom) TomTom HOME (HKLM-x32\...\{BB05590A-6602-43F3-A400-77EA0976BC0A}) (Version: 2.9.8 - TomTom) TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.) Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.3.1 - Tweaking.com) Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.) Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) WModem Driver Installer (HKLM-x32\...\HTC_WModemDriver) (Version: 3.0.9.0 - HTC) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\start_000\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0AE30774-2E87-4745-8D50-C923A8791957} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {16777BE2-E394-4E04-85C6-751F5A790E48} - \ProfessionalCleaningSoftware_Popup -> No File <==== ATTENTION Task: {1F0B65C1-3AF0-492C-8391-7153CF34B6D7} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-02-12] (Microsoft Corporation) Task: {2366C53B-764F-4A67-96E0-374D1BAA0F0D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {3F66089B-EF64-45AF-AA9D-1D7161B4782A} - \ProPCCleaner_Start -> No File <==== ATTENTION Task: {416C35DB-11E1-416B-BB02-D43ACA7B80AF} - System32\Tasks\SafeZone scheduled Autoupdate 1454594977 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-02-01] (Avast Software) Task: {43706976-862E-470D-A13D-F89954D98F51} - \SystemToolsDailyTest -> No File <==== ATTENTION Task: {468AF792-E386-481A-8CEF-A2B8F84ABC49} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated) Task: {47F550B7-EDF7-4828-9C2A-907D8E694CCD} - System32\Tasks\PocketCloudVirtualChannel => C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WPCRDPVirtualChannelServer.exe Task: {4EFC3408-8DC0-48FE-9322-B9210341B79F} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-12-22] (Microsoft Corporation) Task: {504BD9DC-D44A-4B7C-9A29-2D62386F14AC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-28] (Microsoft Corporation) Task: {506E8EA5-3088-46D8-A599-475966FE7BC4} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-02-04] (AVAST Software) Task: {51B2365D-1F26-43B0-9AFB-38DC6F9000E5} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-04] (CyberLink) Task: {568D2607-2E95-4D32-82E0-0BC464E51599} - \PCDoctorBackgroundMonitorTask -> No File <==== ATTENTION Task: {5C1E17B6-33A6-4B92-85A1-08BF5196D5F1} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {5D277F32-B4A8-4C34-AD42-B65329D0630C} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {69144A40-0124-430B-B3F8-B22DCE590922} - \ProPCCleaner_Popup -> No File <==== ATTENTION Task: {6C71B6A5-9904-484E-93D6-0B8537CCA0D0} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.) Task: {71C9B2DE-7999-4745-B97B-A5399F3AB7F8} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {7964398A-221B-4809-AC53-40ED00D8ED85} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-01-15] (Piriform Ltd) Task: {7F7B6BB1-A4ED-4587-95BF-1343A39A74B7} - \ProfessionalCleaningSoftware_Start -> No File <==== ATTENTION Task: {8080D58F-F969-48BD-9B6E-EA6DFA8CFD76} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {8C726201-EFB2-45A5-8213-3ED0C8E42C15} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {8E9C390E-B679-44BC-975F-8E9954E01EFC} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {96C39582-E10C-4B38-BA54-2CE39A50A06B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-28] (Microsoft Corporation) Task: {9DAC99AF-40EB-4E23-B19B-F5E8D748B054} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {A2791BBA-30B1-4CF1-8DA8-3B7E91892AC0} - \PCDEventLauncherTask -> No File <==== ATTENTION Task: {AC7A934C-97E9-4D72-BCE7-C9235A09283D} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2016-01-28] () Task: {B357D940-DADB-41F4-AAB1-2F0833166F51} - System32\Tasks\PocketCloud => C:\Program Task: {BCC5E87D-2245-47E2-B38C-1DBCC5C8AE05} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-10] (Adobe Systems Incorporated) Task: {CBECAE10-CCB7-4E4B-8994-FF26BDE300C2} - System32\Tasks\JetBoost_AutoUpdate => C:\Program Files (x86)\BlueSprig\JetBoost\AutoUpdate.exe Task: {CEE6A43F-6131-4E7E-AF16-356FCE6F3105} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-12-22] (Microsoft Corporation) Task: {CFC78AED-C551-4E41-975A-6071343F4BE8} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION Task: {D980C5EA-9D4A-498A-AA76-F972309D9970} - System32\Tasks\PocketCloudUpdater => C:\Program Task: {EE05D4C9-6234-4612-8442-C9CE60CD2F75} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2015-10-30 02:18 - 2015-10-30 02:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-01-22 12:58 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2014-03-11 15:41 - 2005-04-21 23:36 - 00143360 _____ () C:\WINDOWS\system32\BrSNMP64.dll 2013-10-17 14:27 - 2013-10-17 14:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe 2015-12-03 14:11 - 2015-11-22 05:47 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2015-12-03 14:11 - 2015-11-22 05:47 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2015-10-28 16:26 - 2015-09-01 11:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2016-01-22 12:53 - 2016-01-22 12:53 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe 2016-01-12 15:36 - 2016-01-04 20:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-01-29 09:09 - 2016-01-16 00:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2015-12-18 07:58 - 2015-12-06 23:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2015-12-18 07:58 - 2015-12-06 23:00 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2016-01-12 15:36 - 2016-01-04 20:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-01-12 15:36 - 2016-01-04 20:24 - 00936960 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll 2016-01-29 09:09 - 2016-01-16 00:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2016-01-21 07:31 - 2016-01-21 07:31 - 03746816 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.49020.0_x64__8wekyb3d8bbwe\Calculator.exe 2015-12-15 08:10 - 2015-12-15 08:10 - 00258560 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.49020.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll 2016-02-05 08:28 - 2016-02-05 08:28 - 00015872 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.201.11370.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe 2016-02-05 08:28 - 2016-02-05 08:28 - 14869504 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.201.11370.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll 2015-11-24 08:11 - 2015-11-24 08:11 - 00258560 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.201.11370.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll 2016-02-17 11:59 - 2016-02-17 11:59 - 00015872 _____ () C:\Program Files\WindowsApps\9E2F88E3.Twitter_4.3.4.0_x86__wgeqdkkx372wm\Twitter.Windows.exe 2016-02-04 09:05 - 2016-02-04 09:05 - 00113496 _____ () C:\Program Files\AVAST Software\Avast\log.dll 2016-02-04 09:05 - 2016-02-04 09:05 - 00133768 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2016-02-15 08:51 - 2016-02-15 08:51 - 02829824 _____ () C:\Program Files\AVAST Software\Avast\defs\16021501\algo.dll 2016-02-04 09:05 - 2016-02-04 09:05 - 00480760 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll 2016-02-16 13:49 - 2016-02-16 13:49 - 02831360 _____ () C:\Program Files\AVAST Software\Avast\defs\16021602\algo.dll 2016-02-17 10:17 - 2016-02-17 10:17 - 02835968 _____ () C:\Program Files\AVAST Software\Avast\defs\16021700\algo.dll 2015-11-08 09:13 - 2014-10-16 10:26 - 00622880 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll 2016-01-22 12:53 - 2016-01-22 12:53 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll 2016-01-22 12:53 - 2016-01-22 12:53 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll 2015-12-04 08:54 - 2015-12-04 08:54 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2015-06-16 14:22 - 2013-03-04 22:40 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll 2013-03-05 10:41 - 2013-03-05 10:41 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll 2014-12-23 11:32 - 2013-09-04 05:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll 2016-02-17 11:59 - 2016-02-17 11:59 - 09562624 _____ () C:\Program Files\WindowsApps\9E2F88E3.Twitter_4.3.4.0_x86__wgeqdkkx372wm\Twitter.Windows.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\dell.com -> dell.com IE trusted site: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\localhost -> localhost IE trusted site: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\webcompanion.com -> hxxp://webcompanion.com IE restricted site: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\008k.com -> 008k.com IE restricted site: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\00hq.com -> 00hq.com IE restricted site: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\0190-dialers.com -> 0190-dialers.com IE restricted site: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\01i.info -> 01i.info IE restricted site: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com IE restricted site: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\05p.com -> 05p.com IE restricted site: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com IE restricted site: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com IE restricted site: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com IE restricted site: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\0calories.net -> 0calories.net IE restricted site: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\0cj.net -> 0cj.net IE restricted site: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\0scan.com -> 0scan.com IE restricted site: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com IE restricted site: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\1-domains-registrations.com -> 1-domains-registrations.com IE restricted site: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\1-se.com -> 1-se.com IE restricted site: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\1001movie.com -> 1001movie.com IE restricted site: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\1001night.biz -> 1001night.biz IE restricted site: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\100gal.net -> 100gal.net IE restricted site: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\100sexlinks.com -> 100sexlinks.com There are 4790 more sites. ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\Control Panel\Desktop\\Wallpaper -> C:\Users\start_000\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\desktop background.bmp DNS Servers: 192.168.1.254 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: WysePocketCloud => 2 MSCONFIG\Services: WyseRemoteAccess => 2 MSCONFIG\startupreg: BrHelp => HKLM\...\StartupApproved\Run32: => "BrHelp" HKLM\...\StartupApproved\Run32: => "ControlCenter4" HKLM\...\StartupApproved\Run32: => "IndexSearch" HKLM\...\StartupApproved\Run32: => "PaperPort PTD" HKLM\...\StartupApproved\Run32: => "RemoteControl10" HKLM\...\StartupApproved\Run32: => "F-Secure Hoster (53784)" HKLM\...\StartupApproved\Run32: => "F-Secure Manager" HKLM\...\StartupApproved\Run32: => "PowerDVD14Agent" HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\StartupApproved\StartupFolder: => "Content Anywhere.lnk" HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\StartupApproved\Run: => "CCleaner Monitoring" HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\StartupApproved\Run: => "TomTomHOME.exe" HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\StartupApproved\Run: => "ISUSPM" HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\StartupApproved\Run: => "GarminExpressTrayApp" HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\StartupApproved\Run: => "Itibiti.exe" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [{31D76E43-1623-49C1-A52F-16193788A73C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{6024DDEF-A88F-4210-9CCC-C7AA6B7244EF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{0A367021-57DA-41DB-BB45-B5E248D7274E}] => (Allow) LPort=54925 FirewallRules: [{B22FE7CE-E6BC-4179-9050-61414BF6E6C7}] => (Allow) C:\Program Files (x86)\Brother\Brmfl13b\FAXRX.EXE FirewallRules: [{66CD6CE6-02A2-4C0A-AFBF-04E41D97588A}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe FirewallRules: [{FF80914C-0A38-4B5D-AA25-2D9F5B5D34EF}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe FirewallRules: [{9528A3B1-F3DC-47F4-9860-DD41BB68DF3C}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe FirewallRules: [{4B35E4D6-B875-499D-8100-37888DF01721}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe FirewallRules: [{718A6E7D-462F-40F3-97F7-5DD609C5F5FD}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe FirewallRules: [{3C99700C-C51E-4ADA-AC61-0284AAA6197F}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe FirewallRules: [{C4F407F2-05BE-487A-A960-E3D3C38EC2F9}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe FirewallRules: [{BFAB4BF0-1742-4B5D-8D88-B9202D85A153}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe FirewallRules: [{6FEA035A-B718-442B-BEF9-9E2062C15298}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe FirewallRules: [{083EA1E7-9E50-4298-8DA5-BDE5A7428DA3}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe FirewallRules: [{935B70A3-F6FE-4C80-A69D-1D8E92E5A88A}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe FirewallRules: [{BBC61E43-0536-4629-8F95-A22A8A5683D0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{B858A7E8-6B0D-44A2-8D57-442BA2453252}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Restore Points ========================= 02-02-2016 09:02:50 Garmin Express 05-02-2016 08:30:22 Restore Operation 10-02-2016 16:52:54 Windows Modules Installer 10-02-2016 16:58:16 Windows Modules Installer ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (02/16/2016 04:42:39 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: BITSC:\Windows\System32\bitsperf.dll8 Error: (02/16/2016 01:52:01 PM) (Source: SideBySide) (EventID: 35) (User: ) Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3. Component identity found in manifest does not match the identity of the component requested. Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0". Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0". Please use sxstrace.exe for detailed diagnosis. Error: (02/16/2016 01:50:24 PM) (Source: Windows Search Service) (EventID: 7010) (User: ) Description: The index cannot be initialized. Details: The specified object cannot be found. Specify the name of an existing object. (HRESULT : 0x80040d06) (0x80040d06) Error: (02/16/2016 01:50:24 PM) (Source: Windows Search Service) (EventID: 3058) (User: ) Description: The application cannot be initialized. Context: Windows Application Details: The specified object cannot be found. Specify the name of an existing object. (HRESULT : 0x80040d06) (0x80040d06) Error: (02/16/2016 01:50:24 PM) (Source: Windows Search Service) (EventID: 3028) (User: ) Description: The gatherer object cannot be initialized. Context: Windows Application, SystemIndex Catalog Details: The specified object cannot be found. Specify the name of an existing object. (HRESULT : 0x80040d06) (0x80040d06) Error: (02/16/2016 01:50:24 PM) (Source: Windows Search Service) (EventID: 3029) (User: ) Description: The plug-in in cannot be initialized. Context: Windows Application, SystemIndex Catalog Details: The specified object cannot be found. Specify the name of an existing object. (HRESULT : 0x80040d06) (0x80040d06) Error: (02/16/2016 01:50:23 PM) (Source: Windows Search Service) (EventID: 3057) (User: ) Description: The plug-in manager cannot be initialized. Context: Windows Application Details: (HRESULT : 0x8e5e0210) (0x8e5e0210) Error: (02/16/2016 01:50:23 PM) (Source: Windows Search Service) (EventID: 7042) (User: ) Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt. Details: The content index catalog is corrupt. 0xc0041801 (0xc0041801) Error: (02/16/2016 01:50:09 PM) (Source: Windows Search Service) (EventID: 7040) (User: ) Description: The search service has detected corrupted data files in the index {id=4810 - base\appmodel\search\search\ytrip\common\util\jetutil.cpp (203)}. The service will attempt to automatically correct this problem by rebuilding the index. Details: 0x8e5e0210 (0x8e5e0210) Error: (02/16/2016 01:50:08 PM) (Source: ESENT) (EventID: 455) (User: ) Description: SearchIndexer (3824) Windows: Error -1811 (0xfffff8ed) occurred while opening logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb00043.log. System errors: ============= Error: (02/17/2016 10:42:27 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: ) Description: 4 Error: (02/16/2016 06:13:33 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: ) Description: 4 Error: (02/16/2016 01:52:44 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: ) Description: 4 Error: (02/16/2016 01:52:36 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY) Description: {784E29F4-5EBE-4279-9948-1E8FE941646D} Error: (02/16/2016 01:52:34 PM) (Source: DCOM) (EventID: 10016) (User: RALPH) Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}Ralphstart_000S-1-5-21-4239315751-2608994865-2960470113-1008LocalHost (Using LRPC)Microsoft.WindowsStore_2016.27.2.0_x64__8wekyb3d8bbweS-1-15-2-1609473798-1231923017-684268153-4268514328-882773646-2760585773-1760938157 Error: (02/16/2016 01:50:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (02/16/2016 01:50:24 PM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The Windows Search service terminated with the following service-specific error: %%2147749126 Error: (02/16/2016 01:48:28 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 3:39:23 PM on ‎2/‎15/‎2016 was unexpected. Error: (02/16/2016 01:45:00 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Sync Host_bf2f8 service to connect. Error: (02/16/2016 01:45:00 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the User Data Storage_bf2f8 service to connect. CodeIntegrity: =================================== Date: 2016-02-16 13:38:44.422 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-02-15 08:50:56.299 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-02-11 08:17:18.494 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-01-30 10:17:20.553 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-01-12 16:27:28.721 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-01-10 17:02:02.045 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-01-07 15:01:36.542 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-01-03 15:20:15.793 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2015-12-31 09:44:17.931 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2015-12-20 09:58:15.378 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Core™ i5-3330 CPU @ 3.00GHz Percentage of memory in use: 30% Total physical RAM: 8063.52 MB Available physical RAM: 5643.21 MB Total Virtual: 9343.52 MB Available Virtual: 6478.3 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:917.83 GB) (Free:856.55 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 80870621) Partition: GPT. ==================== End of Addition.txt ============================
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP

I can't read your posts.  Please open them only in notepad and copy and paste.  If you open them in something else you lose the formatting.  If all else fails, attach them by clicking on More Reply Options, Then Choose Files, Open then Attach this File.

 

 
Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer
 
NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.
 
Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).
 
scan-results.jpg
 
Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
 
The report will be saved in the C:\AdwCleaner folder.
 
 
 
Junkware-Removal-Tool
 
Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus.  Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  
     
     
    Run FRST again.
     
    •  
  • Right click to run as administrator.  Make sure the Addition.txt button is checked.
  • Press Scan button. 
  • [Copy and paste or if you must attach to a reply.
     

    • 0

    #3
    starter005

    starter005

      Member

    • Topic Starter
    • Member
    • PipPip
    • 35 posts

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.0.3 (02.09.2016)
    Operating System: Windows 10 Home x64
    Ran by start_000 (Administrator) on Mon 02/22/2016 at 16:05:24.17
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    File System: 11

    Successfully deleted: C:\ProgramData\iobit\driver booster (Folder)
    Successfully deleted: C:\ProgramData\productdata (Folder)
    Successfully deleted: C:\Users\start_000\AppData\Roaming\iobit\driver booster (Folder)
    Successfully deleted: C:\Users\start_000\AppData\Roaming\productdata (Folder)
    Successfully deleted: C:\Program Files (x86)\iobit\driver booster (Folder)
    Successfully deleted: C:\WINDOWS\prefetch\DRIVER_BOOSTER_SETUP.TMP-23EF340C.pf (File)
    Successfully deleted: C:\WINDOWS\prefetch\DRIVER_BOOSTER_SETUP.TMP-58157083.pf (File)
    Successfully deleted: C:\WINDOWS\prefetch\DRIVERBOOSTER.EXE-96C4BAB3.pf (File)
    Successfully deleted: C:\WINDOWS\prefetch\DRIVERUPDATEUI.EXE-DB70E5FC.pf (File)
    Successfully deleted: C:\WINDOWS\SysWOW64\RENE6E6.tmp (File)
    Successfully deleted: C:\WINDOWS\SysWOW64\RENF258.tmp (File)



    Registry: 4

    Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{729582B7-CDB9-4D1F-A6EA-3CE1F3F03E02} (Registry Key)
    Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96CAAC3F-DDAC-429C-8D64-745C19A15013} (Registry Key)
    Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3DFCDCA1-AEAC-4302-A690-BFB683568BAA} (Registry Key)
    Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3DFCDCA1-AEAC-4302-A690-BFB683568BAA} (Registry Key)




    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Mon 02/22/2016 at 16:06:41.46
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     

    # AdwCleaner v5.020 - Logfile created 13/11/2015 at 16:03:54
    # Updated 13/11/2015 by Xplode
    # Database : 2015-11-13.3 [Server]
    # Operating system : Windows 8.1  (x64)
    # Username : start_000 - RALPH
    # Running from : C:\Users\start_000\AppData\Local\Microsoft\Windows\INetCache\IE\IHC3S8HA\AdwCleaner.exe
    # Option : Cleaning
    # Support : http://toolslib.net/forum

    ***** [ Services ] *****


    ***** [ Folders ] *****

    [-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
    [-] Folder Deleted : C:\Users\Ralph\AppData\Roaming\Systweak
    [-] Folder Deleted : C:\Users\Ralph\AppData\Roaming\DriverTurbo
    [-] Folder Deleted : C:\Users\start_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd
    [-] Folder Deleted : C:\Users\start_000\AppData\Roaming\Mozilla\Firefox\Profiles\fcly5hd4.default\Extensions\[email protected]

    ***** [ Files ] *****

    [-] File Deleted : C:\Users\start_000\AppData\Roaming\Mozilla\Firefox\Profiles\fcly5hd4.default\user.js
    [-] File Deleted : C:\WINDOWS\Reimage.ini

    ***** [ DLLs ] *****


    ***** [ Shortcuts ] *****


    ***** [ Scheduled tasks ] *****


    ***** [ Registry ] *****

    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
    [-] Key Deleted : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F8A4FC32-DDA3-4DD9-8C62-49F778FF630B}
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10921475-03CE-4E04-90CE-E2E7EF20C814}
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{09CFDB88-F9F0-40BA-885E-F47A957D12E6}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{2B1B440F-A9DB-46E3-ADCF-AA6E08143FB8}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}
    [-] Key Deleted : HKCU\Software\Reimage
    [-] Key Deleted : HKLM\SOFTWARE\systweak
    [-] Key Deleted : HKLM\SOFTWARE\Uniblue
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.1.6
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Reimage

    ***** [ Web browsers ] *****

    [-] [C:\Users\start_000\AppData\Roaming\Mozilla\Firefox\Profiles\fcly5hd4.default\prefs.js] [Preference] Deleted : user_pref("network.hxxp.request.max-start-delay", 0);
    [-] [C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
    [-] [C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
    [-] [C:\Users\start_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
    [-] [C:\Users\start_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com

    *************************

    :: "Tracing" keys removed
    :: Winsock settings cleared

    ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [4085 bytes] ##########
    # AdwCleaner v5.036 - Logfile created 22/02/2016 at 15:39:53
    # Updated 22/02/2016 by Xplode
    # Database : 2016-02-22.2 [Server]
    # Operating system : Windows 10 Home  (x64)
    # Username : start_000 - RALPH
    # Running from : C:\Users\start_000\Downloads\AdwCleaner (2).exe
    # Option : Cleaning
    # Support : http://toolslib.net/forum

    ***** [ Services ] *****


    ***** [ Folders ] *****


    ***** [ Files ] *****

    [-] File Deleted : C:\searchplugins\bing-lavasoft.xml
    [-] File Deleted : C:\Users\start_000\AppData\Roaming\Mozilla\Firefox\Profiles\fcly5hd4.default\searchplugins\bing-lavasoft.xml
    [-] File Deleted : C:\WINDOWS\SysNative\LavasoftTcpService64.dll
    [-] File Deleted : C:\WINDOWS\SysNative\LavasoftTcpServiceOff.ini
    [-] File Deleted : C:\WINDOWS\SysWOW64\lavasofttcpservice.dll
    [-] File Deleted : C:\WINDOWS\SysWOW64\LavasoftTcpServiceOff.ini

    ***** [ DLLs ] *****


    ***** [ Shortcuts ] *****


    ***** [ Scheduled tasks ] *****


    ***** [ Registry ] *****

    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
    [-] Key Deleted : HKCU\Software\WebBar
    [-] Key Deleted : HKCU\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\4E30E037E0535E84D9E3349209D354D4
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4
    [!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
    [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    [-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
    [-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\ask.com
    [-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.ask.com
    [-] Key Deleted : HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\ask.com
    [-] Key Deleted : HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.ask.com

    ***** [ Web browsers ] *****

    [-] [C:\Users\start_000\AppData\Roaming\Mozilla\Firefox\Profiles\fcly5hd4.default\prefs.js] [Preference] Deleted : user_pref("network.hxxp.request.max-start-delay", 0);

    *************************

    :: "Tracing" keys removed
    :: Winsock settings cleared

    *************************

    C:\AdwCleaner\AdwCleaner[C1].txt - [7240 bytes] - [13/11/2015 16:03:54]
    C:\AdwCleaner\AdwCleaner[S1].txt - [5404 bytes] - [13/11/2015 16:02:12]
    C:\AdwCleaner\AdwCleaner[S2].txt - [3178 bytes] - [22/02/2016 15:38:03]

    ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [7459 bytes] ##########
     

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-02-2016
    Ran by start_000 (administrator) on RALPH (22-02-2016 16:08:42)
    Running from C:\Users\start_000\Desktop
    Loaded Profiles: start_000 (Available Profiles: start_000 & Administrator & DefaultAppPool)
    Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Edge)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    (IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
    (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
    (Microsoft Corporation) C:\Windows\System32\mqsvc.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    (Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
    (Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
    (Microsoft Corporation) C:\Windows\System32\Speech_OneCore\Common\SpeechRuntime.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
    (Microsoft Corporation) C:\Windows\System32\browser_broker.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133440 2012-07-19] (Intel Corporation)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139768 2016-02-16] (AVAST Software)
    HKLM-x32\...\Run: [PowerDVD14Agent] => C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe [795672 2014-08-12] (CyberLink Corp.)
    HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc.)
    HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc.)
    HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2014-06-16] (Brother Industries, Ltd.)
    HKLM-x32\...\Run: [BrHelp] => c:\program files (x86)\brother\brother help\brotherhelp.exe [2009088 2013-01-18] (Brother Industries, Ltd.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596016 2016-01-29] (Oracle Corporation)
    Winlogon\Notify\igfxcui: igfxdev.dll [X]
    HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248176 2015-07-13] (TomTom)
    HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
    HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7935904 2016-01-22] (SUPERAntiSpyware)
    HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8619224 2016-01-15] (Piriform Ltd)
    HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403304 2016-01-28] (Garmin Ltd. or its subsidiaries)
    HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\RunOnce: [Uninstall C:\Users\start_000\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\start_000\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64"
    HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\Policies\Explorer: [NoInstrumentation] 0
    HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403304 2016-01-28] (Garmin Ltd. or its subsidiaries)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-02-04] (AVAST Software)
    ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\WINDOWS\system32\mscoree.dll [2015-10-30] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\WINDOWS\system32\mscoree.dll [2015-10-30] (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-01-22] (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-01-22] (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-01-22] (Microsoft Corporation)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Brother BPRSP.lnk [2015-08-28]
    ShortcutTarget: Brother BPRSP.lnk -> C:\Windows\Installer\{8040527F-DD74-4B45-8A06-C4BF145B6C76}\BrSupSsp.exe_6861D01CB00C428FAA7298BB572A9511.exe (Flexera Software LLC)
    Startup: C:\Users\Ralph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2014-03-17]
    ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
    Tcpip\..\Interfaces\{8def33c9-d402-4c1f-b94b-3b2aca53daa6}: [DhcpNameServer] 192.168.1.254
    Tcpip\..\Interfaces\{aa55db39-edac-4607-a04d-bf2130a2cd71}: [DhcpNameServer] 192.168.1.254

    Internet Explorer:
    ==================
    HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/
    SearchScopes: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-12-18] (Microsoft Corporation)
    BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_74\bin\ssv.dll [2016-02-09] (Oracle Corporation)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-02-04] (AVAST Software)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-01-22] (Microsoft Corporation)
    BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_74\bin\jp2ssv.dll [2016-02-09] (Oracle Corporation)
    BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-12-18] (Microsoft Corporation)
    BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-02-04] (AVAST Software)
    BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-01-22] (Microsoft Corporation)
    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
    Toolbar: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
    DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com/bin/srldetect_intel_4.5.22.0.cab
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)

    Edge:
    ======
    Edge HomeButtonPage: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008 -> hxxp://www.yahoo.com/

    FireFox:
    ========
    FF ProfilePath: C:\Users\start_000\AppData\Roaming\Mozilla\Firefox\Profiles\fcly5hd4.default
    FF NewTab: about:home
    FF DefaultSearchEngine: Google
    FF DefaultSearchEngine.US: Google
    FF DefaultSearchUrl: hxxps://search.yahoo.com/yhs/search
    FF SearchEngineOrder.1: Yahoo! (Avast)
    FF SelectedSearchEngine: Google
    FF Homepage: hxxp://www.yahoo.com
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-10] ()
    FF Plugin: @java.com/DTPlugin,version=11.74.2 -> C:\Program Files\Java\jre1.8.0_74\bin\dtplugin\npDeployJava1.dll [2016-02-09] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.74.2 -> C:\Program Files\Java\jre1.8.0_74\bin\plugin2\npjp2.dll [2016-02-09] (Oracle Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-10] ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1223183.dll [2015-12-21] (Adobe Systems, Inc.)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-04] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-04] (Intel Corporation)
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-03-21] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-4239315751-2608994865-2960470113-1008: @citrixonline.com/appdetectorplugin -> C:\Users\start_000\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-11-07] (Citrix Online)
    FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-02-04]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
    FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-02-04]

    Chrome:
    =======
    CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2016-02-04]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-02-04]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-02-04] (AVAST Software)
    S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2787512 2015-12-22] (Microsoft Corporation)
    S3 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [803856 2016-01-28] (Garmin Ltd. or its subsidiaries)
    R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
    R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation)
    R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
    S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-25] (Intel Corporation)
    R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2945312 2016-01-14] (IObit)
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
    R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
    S3 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
    S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-03-26] (CyberLink)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
    S4 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-06-21] ()
    S4 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [1436160 2012-11-29] (Wyse Technology.) [File not signed]
    R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-06-19] (Atheros) [File not signed]
    U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-02-04] (AVAST Software)
    R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-02-04] (AVAST Software)
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-02-04] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-02-04] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-02-04] (AVAST Software)
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1065720 2016-02-04] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [463744 2016-02-04] (AVAST Software)
    S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [165344 2016-02-04] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287016 2016-02-11] (AVAST Software)
    R3 athr; C:\Windows\System32\drivers\athw10x.sys [4341424 2016-01-06] (Qualcomm Atheros Communications, Inc.)
    R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-08-29] (CyberLink)
    R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-03-22] (REALiX™)
    R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
    S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
    R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [185088 2015-12-04] (Intel Corporation)
    S0 ngvss; no ImagePath
    R1 RawDisk3; C:\WINDOWS\system32\drivers\rawdsk3.sys [32912 2015-03-25] (EldoS Corporation)
    R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [935168 2015-12-20] (Realtek                                            )
    S3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [407768 2015-12-04] (Realsil Semiconductor Corporation)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()
    S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
    S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
    R2 {C5F942FD-1110-4664-86CE-0C6BDA305235}; C:\Program Files (x86)\CyberLink\PowerDVD14\Common\NavFilter\000.fcl [32456 2014-08-11] (CyberLink Corp.)
    U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-02-22 16:08 - 2016-02-22 16:09 - 00019116 _____ C:\Users\start_000\Desktop\FRST.txt
    2016-02-22 16:06 - 2016-02-22 16:06 - 00001988 _____ C:\Users\start_000\Desktop\JRT.txt
    2016-02-22 16:04 - 2016-02-22 16:05 - 01609216 _____ (Malwarebytes) C:\Users\start_000\Downloads\JRT.exe
    2016-02-22 15:43 - 2016-02-22 15:43 - 01511936 _____ C:\Users\start_000\Downloads\adwcleaner_5.036 (1).exe
    2016-02-22 15:37 - 2016-02-22 15:37 - 01511936 _____ C:\Users\start_000\Downloads\AdwCleaner (2).exe
    2016-02-22 15:36 - 2016-02-22 15:36 - 01511936 _____ C:\Users\start_000\Downloads\AdwCleaner (1).exe
    2016-02-22 15:35 - 2016-02-22 15:35 - 01511936 _____ C:\Users\start_000\Downloads\AdwCleaner.exe
    2016-02-22 15:32 - 2016-02-22 15:33 - 01511936 _____ C:\Users\start_000\Downloads\adwcleaner_5.036.exe
    2016-02-17 17:49 - 2016-02-17 17:49 - 00002487 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    2016-02-17 12:23 - 2016-02-17 12:23 - 02371072 _____ (Farbar) C:\Users\start_000\Desktop\FRST64.exe
    2016-02-17 12:23 - 2016-02-17 12:23 - 00000000 ____D C:\Users\start_000\Desktop\FRST-OlderVersion
    2016-02-15 08:53 - 2016-02-15 08:53 - 00001079 _____ C:\Users\start_000\Downloads\AdwCleaner - Shortcut.lnk
    2016-02-15 08:17 - 2016-02-15 08:17 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-RALPH-Windows-10-Home-(64-bit).dat
    2016-02-15 08:17 - 2016-02-15 08:17 - 00000000 ____D C:\RegBackup
    2016-02-15 08:16 - 2016-02-15 08:16 - 00002334 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
    2016-02-15 08:16 - 2016-02-15 08:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2016-02-15 08:16 - 2016-02-15 08:16 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
    2016-02-15 08:14 - 2016-02-15 08:15 - 04777232 _____ (Tweaking.com) C:\Users\start_000\Downloads\tweaking.com_registry_backup_setup.exe
    2016-02-14 10:55 - 2016-02-14 10:55 - 02190552 _____ C:\Users\start_000\Downloads\appmanagersetup_2.0_b4_292 (1).exe
    2016-02-14 10:55 - 2016-02-14 10:55 - 00000000 ____D C:\Program Files (x86)\FileHippo.com
    2016-02-14 10:25 - 2016-02-14 10:25 - 00000000 ___HD C:\$Windows.~WS
    2016-02-14 10:25 - 2016-02-14 10:25 - 00000000 ____D C:\$WINDOWS.~BT
    2016-02-14 10:24 - 2016-02-14 10:24 - 02370560 _____ (Farbar) C:\Users\start_000\Downloads\FRST64 (2).exe
    2016-02-12 08:35 - 2016-02-15 08:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2016-02-11 10:05 - 2016-02-11 10:06 - 00386752 _____ (Intel Corporation) C:\Users\start_000\Downloads\SSU.exe
    2016-02-11 09:19 - 2016-02-11 09:19 - 00287016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys
    2016-02-10 17:01 - 2016-02-10 17:01 - 24603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2016-02-10 17:01 - 2016-02-10 17:01 - 22564328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
    2016-02-10 17:01 - 2016-02-10 17:01 - 22394368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2016-02-10 17:01 - 2016-02-10 17:01 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
    2016-02-10 17:01 - 2016-02-10 17:01 - 19339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2016-02-10 17:01 - 2016-02-10 17:01 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2016-02-10 17:01 - 2016-02-10 17:01 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2016-02-10 17:01 - 2016-02-10 17:01 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2016-02-10 17:01 - 2016-02-10 17:01 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
    2016-02-10 17:01 - 2016-02-10 17:01 - 07835648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2016-02-10 17:01 - 2016-02-10 17:01 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2016-02-10 17:01 - 2016-02-10 17:01 - 04894720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2016-02-10 17:01 - 2016-02-10 17:01 - 04064320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
    2016-02-10 17:01 - 2016-02-10 17:01 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2016-02-10 17:01 - 2016-02-10 17:01 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2016-02-10 17:01 - 2016-02-10 17:01 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
    2016-02-10 17:01 - 2016-02-10 17:01 - 01819720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
    2016-02-10 17:01 - 2016-02-10 17:01 - 01557776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
    2016-02-10 17:01 - 2016-02-10 17:01 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
    2016-02-10 17:01 - 2016-02-10 17:01 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
    2016-02-10 17:01 - 2016-02-10 17:01 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iassam.dll
    2016-02-10 17:01 - 2016-02-10 17:01 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
    2016-02-10 17:01 - 2016-02-10 17:01 - 00085320 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpenWith.exe
    2016-02-10 17:01 - 2016-02-10 17:01 - 00081112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpenWith.exe
    2016-02-10 17:01 - 2016-02-10 17:01 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\cfgbkend.dll
    2016-02-10 17:00 - 2016-02-10 17:00 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
    2016-02-10 17:00 - 2016-02-10 17:00 - 07476064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2016-02-10 17:00 - 2016-02-10 17:00 - 06605544 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
    2016-02-10 17:00 - 2016-02-10 17:00 - 05242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
    2016-02-10 17:00 - 2016-02-10 17:00 - 04502352 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
    2016-02-10 17:00 - 2016-02-10 17:00 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2016-02-10 17:00 - 2016-02-10 17:00 - 02757120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2016-02-10 17:00 - 2016-02-10 17:00 - 02606824 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
    2016-02-10 17:00 - 2016-02-10 17:00 - 02275328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2016-02-10 17:00 - 2016-02-10 17:00 - 02230784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2016-02-10 17:00 - 2016-02-10 17:00 - 01998176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
    2016-02-10 17:00 - 2016-02-10 17:00 - 01824264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
    2016-02-10 17:00 - 2016-02-10 17:00 - 01734656 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2016-02-10 17:00 - 2016-02-10 17:00 - 01504768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2016-02-10 17:00 - 2016-02-10 17:00 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2016-02-10 17:00 - 2016-02-10 17:00 - 01270072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
    2016-02-10 17:00 - 2016-02-10 17:00 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
    2016-02-10 17:00 - 2016-02-10 17:00 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
    2016-02-10 17:00 - 2016-02-10 17:00 - 00820704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
    2016-02-10 17:00 - 2016-02-10 17:00 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
    2016-02-10 17:00 - 2016-02-10 17:00 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
    2016-02-10 17:00 - 2016-02-10 17:00 - 00576352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
    2016-02-10 17:00 - 2016-02-10 17:00 - 00359776 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
    2016-02-10 17:00 - 2016-02-10 17:00 - 00304752 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
    2016-02-10 17:00 - 2016-02-10 17:00 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
    2016-02-10 17:00 - 2016-02-10 17:00 - 00295264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
    2016-02-10 17:00 - 2016-02-10 17:00 - 00258048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iassam.dll
    2016-02-10 17:00 - 2016-02-10 17:00 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
    2016-02-10 17:00 - 2016-02-10 17:00 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
    2016-02-10 17:00 - 2016-02-10 17:00 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
    2016-02-10 17:00 - 2016-02-10 17:00 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
    2016-02-10 17:00 - 2016-02-10 17:00 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
    2016-02-10 17:00 - 2016-02-10 17:00 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
    2016-02-10 17:00 - 2016-02-10 17:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
    2016-02-10 17:00 - 2016-02-10 17:00 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
    2016-02-10 17:00 - 2016-02-10 17:00 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cfgbkend.dll
    2016-02-10 17:00 - 2016-02-10 17:00 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
    2016-02-10 17:00 - 2016-02-10 17:00 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
    2016-02-10 17:00 - 2016-02-10 17:00 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ztrace_maps.dll
    2016-02-10 17:00 - 2016-02-10 17:00 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ztrace_maps.dll
    2016-02-10 16:53 - 2016-02-10 16:53 - 00828920 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2016-02-10 16:53 - 2016-02-10 16:53 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2016-02-09 11:30 - 2016-02-09 11:31 - 129957096 _____ (Intel Corporation) C:\Users\start_000\Downloads\win64_153338.exe
    2016-02-09 11:29 - 2016-02-09 11:29 - 00110176 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
    2016-02-08 15:23 - 2016-02-08 15:23 - 00041914 _____ C:\Users\start_000\Downloads\Addition.txt
    2016-02-08 15:21 - 2016-02-22 16:08 - 00000000 ____D C:\FRST
    2016-02-08 10:53 - 2016-02-08 10:53 - 00631383 _____ C:\Users\start_000\Downloads\Statement_Jan 2016.pdf
    2016-02-08 10:13 - 2016-02-08 10:13 - 00388608 _____ (Trend Micro Inc.) C:\Users\start_000\Downloads\HijackThis.exe
    2016-02-06 14:20 - 2016-02-06 14:20 - 00001886 _____ C:\Users\start_000\Desktop\Intel® HD Graphics 2500 Saturday, February 6, 2016 .txt
    2016-02-05 17:19 - 2016-02-05 17:20 - 00000022 _____ C:\Users\start_000\Downloads\Attachments_201625 (7).zip
    2016-02-05 17:16 - 2016-02-05 17:17 - 00000022 _____ C:\Users\start_000\Downloads\Attachments_201625 (6).zip
    2016-02-05 17:16 - 2016-02-05 17:16 - 00000022 _____ C:\Users\start_000\Downloads\Attachments_201625 (5).zip
    2016-02-05 17:15 - 2016-02-05 17:16 - 00000022 _____ C:\Users\start_000\Downloads\Attachments_201625 (4).zip
    2016-02-05 17:14 - 2016-02-05 17:15 - 00000022 _____ C:\Users\start_000\Downloads\Attachments_201625 (3).zip
    2016-02-05 17:13 - 2016-02-05 17:14 - 00000022 _____ C:\Users\start_000\Downloads\Attachments_201625 (2).zip
    2016-02-05 17:13 - 2016-02-05 17:13 - 01131054 _____ C:\Users\start_000\Downloads\Attachments_201625 (1).zip
    2016-02-05 17:11 - 2016-02-05 17:12 - 00000022 _____ C:\Users\start_000\Downloads\Attachments_201625.zip
    2016-02-04 09:18 - 2016-02-04 09:18 - 00004006 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
    2016-02-04 09:18 - 2016-02-04 09:18 - 00003156 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1454594977
    2016-02-04 09:18 - 2016-02-04 09:18 - 00001987 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
    2016-02-04 09:18 - 2016-02-04 09:18 - 00001090 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
    2016-02-04 09:18 - 2016-02-04 09:05 - 01065720 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
    2016-02-04 09:18 - 2016-02-04 09:05 - 00463744 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
    2016-02-04 09:18 - 2016-02-04 09:05 - 00398152 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
    2016-02-04 09:18 - 2016-02-04 09:05 - 00165344 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
    2016-02-04 09:18 - 2016-02-04 09:05 - 00107792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
    2016-02-04 09:18 - 2016-02-04 09:05 - 00103064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
    2016-02-04 09:18 - 2016-02-04 09:05 - 00074544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
    2016-02-04 09:18 - 2016-02-04 09:05 - 00037656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
    2016-02-04 09:18 - 2016-02-04 09:05 - 00037144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
    2016-02-04 09:05 - 2016-02-04 09:05 - 00052184 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
    2016-02-02 09:03 - 2016-02-02 09:03 - 00003622 _____ C:\WINDOWS\System32\Tasks\GarminUpdaterTask
    2016-02-02 09:03 - 2016-02-02 09:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
    2016-01-29 09:10 - 2016-01-29 09:11 - 14423632 _____ (IObit ) C:\Users\start_000\Downloads\driver_booster_setup (1).exe
    2016-01-29 09:09 - 2016-01-16 01:37 - 00202472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
    2016-01-29 09:09 - 2016-01-16 01:36 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
    2016-01-29 09:09 - 2016-01-16 01:36 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
    2016-01-29 09:09 - 2016-01-16 01:34 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
    2016-01-29 09:09 - 2016-01-16 01:24 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
    2016-01-29 09:09 - 2016-01-16 01:23 - 08728920 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
    2016-01-29 09:09 - 2016-01-16 01:23 - 00848160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
    2016-01-29 09:09 - 2016-01-16 01:23 - 00785088 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
    2016-01-29 09:09 - 2016-01-16 01:23 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
    2016-01-29 09:09 - 2016-01-16 01:23 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
    2016-01-29 09:09 - 2016-01-16 01:23 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
    2016-01-29 09:09 - 2016-01-16 01:21 - 01750440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
    2016-01-29 09:09 - 2016-01-16 01:20 - 06971752 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
    2016-01-29 09:09 - 2016-01-16 01:20 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
    2016-01-29 09:09 - 2016-01-16 01:20 - 00431240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
    2016-01-29 09:09 - 2016-01-16 01:20 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
    2016-01-29 09:09 - 2016-01-16 01:19 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
    2016-01-29 09:09 - 2016-01-16 01:19 - 00405568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
    2016-01-29 09:09 - 2016-01-16 01:12 - 01415200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
    2016-01-29 09:09 - 2016-01-16 01:09 - 01089880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
    2016-01-29 09:09 - 2016-01-16 01:08 - 01174008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
    2016-01-29 09:09 - 2016-01-16 01:08 - 00440152 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
    2016-01-29 09:09 - 2016-01-16 00:46 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
    2016-01-29 09:09 - 2016-01-16 00:45 - 16986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
    2016-01-29 09:09 - 2016-01-16 00:44 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
    2016-01-29 09:09 - 2016-01-16 00:44 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasadhlp.dll
    2016-01-29 09:09 - 2016-01-16 00:44 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
    2016-01-29 09:09 - 2016-01-16 00:43 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttpcom.dll
    2016-01-29 09:09 - 2016-01-16 00:42 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
    2016-01-29 09:09 - 2016-01-16 00:42 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscoreext.dll
    2016-01-29 09:09 - 2016-01-16 00:41 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
    2016-01-29 09:09 - 2016-01-16 00:40 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
    2016-01-29 09:09 - 2016-01-16 00:40 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe
    2016-01-29 09:09 - 2016-01-16 00:40 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasautou.exe
    2016-01-29 09:09 - 2016-01-16 00:39 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll
    2016-01-29 09:09 - 2016-01-16 00:38 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
    2016-01-29 09:09 - 2016-01-16 00:38 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
    2016-01-29 09:09 - 2016-01-16 00:38 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimCfg.dll
    2016-01-29 09:09 - 2016-01-16 00:38 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbio.dll
    2016-01-29 09:09 - 2016-01-16 00:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
    2016-01-29 09:09 - 2016-01-16 00:37 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
    2016-01-29 09:09 - 2016-01-16 00:37 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
    2016-01-29 09:09 - 2016-01-16 00:37 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
    2016-01-29 09:09 - 2016-01-16 00:36 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
    2016-01-29 09:09 - 2016-01-16 00:36 - 00475648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll
    2016-01-29 09:09 - 2016-01-16 00:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
    2016-01-29 09:09 - 2016-01-16 00:36 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimAuth.dll
    2016-01-29 09:09 - 2016-01-16 00:36 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
    2016-01-29 09:09 - 2016-01-16 00:35 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
    2016-01-29 09:09 - 2016-01-16 00:35 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
    2016-01-29 09:09 - 2016-01-16 00:35 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasadhlp.dll
    2016-01-29 09:09 - 2016-01-16 00:34 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
    2016-01-29 09:09 - 2016-01-16 00:34 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
    2016-01-29 09:09 - 2016-01-16 00:34 - 00477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
    2016-01-29 09:09 - 2016-01-16 00:34 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
    2016-01-29 09:09 - 2016-01-16 00:34 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttpcom.dll
    2016-01-29 09:09 - 2016-01-16 00:33 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
    2016-01-29 09:09 - 2016-01-16 00:33 - 00574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
    2016-01-29 09:09 - 2016-01-16 00:33 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
    2016-01-29 09:09 - 2016-01-16 00:32 - 00621568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
    2016-01-29 09:09 - 2016-01-16 00:32 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe
    2016-01-29 09:09 - 2016-01-16 00:31 - 00851456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
    2016-01-29 09:09 - 2016-01-16 00:31 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
    2016-01-29 09:09 - 2016-01-16 00:31 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
    2016-01-29 09:09 - 2016-01-16 00:31 - 00343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
    2016-01-29 09:09 - 2016-01-16 00:31 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasautou.exe
    2016-01-29 09:09 - 2016-01-16 00:30 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
    2016-01-29 09:09 - 2016-01-16 00:30 - 01053696 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
    2016-01-29 09:09 - 2016-01-16 00:30 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
    2016-01-29 09:09 - 2016-01-16 00:30 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimCfg.dll
    2016-01-29 09:09 - 2016-01-16 00:30 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winbio.dll
    2016-01-29 09:09 - 2016-01-16 00:29 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
    2016-01-29 09:09 - 2016-01-16 00:29 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
    2016-01-29 09:09 - 2016-01-16 00:28 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
    2016-01-29 09:09 - 2016-01-16 00:28 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
    2016-01-29 09:09 - 2016-01-16 00:28 - 00884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
    2016-01-29 09:09 - 2016-01-16 00:28 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimAuth.dll
    2016-01-29 09:09 - 2016-01-16 00:27 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
    2016-01-29 09:09 - 2016-01-16 00:26 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
    2016-01-29 09:09 - 2016-01-16 00:26 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
    2016-01-29 09:09 - 2016-01-16 00:26 - 00260608 _____ C:\WINDOWS\system32\MTFServer.dll
    2016-01-29 09:09 - 2016-01-16 00:26 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
    2016-01-29 09:09 - 2016-01-16 00:25 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
    2016-01-29 09:09 - 2016-01-16 00:25 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
    2016-01-29 09:09 - 2016-01-16 00:25 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
    2016-01-29 09:09 - 2016-01-16 00:24 - 02057216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
    2016-01-29 09:09 - 2016-01-16 00:24 - 00613888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
    2016-01-29 09:09 - 2016-01-16 00:24 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
    2016-01-29 09:09 - 2016-01-16 00:24 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
    2016-01-29 09:09 - 2016-01-16 00:23 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
    2016-01-29 09:09 - 2016-01-16 00:23 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
    2016-01-29 09:09 - 2016-01-16 00:21 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
    2016-01-29 09:09 - 2016-01-16 00:20 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
    2016-01-29 09:09 - 2016-01-16 00:20 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
    2016-01-29 09:09 - 2016-01-16 00:20 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
    2016-01-29 09:09 - 2016-01-16 00:20 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
    2016-01-29 09:09 - 2016-01-16 00:19 - 00733184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
    2016-01-29 09:09 - 2016-01-16 00:19 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
    2016-01-29 09:09 - 2016-01-16 00:19 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
    2016-01-29 09:09 - 2016-01-16 00:19 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
    2016-01-29 09:09 - 2016-01-16 00:18 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
    2016-01-29 09:09 - 2016-01-16 00:17 - 05503488 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
    2016-01-29 09:09 - 2016-01-16 00:16 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
    2016-01-29 09:09 - 2016-01-16 00:16 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
    2016-01-29 09:09 - 2016-01-16 00:15 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
    2016-01-29 09:09 - 2016-01-16 00:14 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
    2016-01-29 09:09 - 2016-01-16 00:14 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
    2016-01-29 09:09 - 2016-01-16 00:11 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
    2016-01-26 09:15 - 2016-01-26 09:15 - 06828320 _____ (Piriform Ltd) C:\Users\start_000\Downloads\ccsetup514.exe

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-02-22 16:05 - 2015-10-22 14:41 - 00000000 ____D C:\Program Files (x86)\IObit
    2016-02-22 16:05 - 2015-03-22 09:07 - 00000000 ____D C:\Users\start_000\AppData\Roaming\IObit
    2016-02-22 16:05 - 2015-03-22 09:07 - 00000000 ____D C:\ProgramData\IObit
    2016-02-22 15:46 - 2015-11-23 16:11 - 00917148 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2016-02-22 15:46 - 2015-10-30 02:21 - 00000000 ____D C:\WINDOWS\INF
    2016-02-22 15:41 - 2015-11-23 16:13 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2016-02-22 15:41 - 2014-07-22 13:58 - 00000000 __SHD C:\Users\start_000\IntelGraphicsProfiles
    2016-02-22 15:40 - 2015-11-23 15:58 - 00000000 ____D C:\Users\start_000
    2016-02-22 15:40 - 2015-10-30 01:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
    2016-02-22 15:39 - 2016-01-03 14:13 - 00000000 ____D C:\searchplugins
    2016-02-22 15:38 - 2015-11-13 16:02 - 00000000 ____D C:\AdwCleaner
    2016-02-22 15:24 - 2014-12-22 11:11 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2016-02-22 13:26 - 2014-08-08 14:54 - 00004156 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{0B596711-D62E-4C9A-A60C-AE56F81F2B11}
    2016-02-21 10:49 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\AppReadiness
    2016-02-20 07:43 - 2015-10-30 02:24 - 00000000 ___HD C:\Program Files\WindowsApps
    2016-02-20 07:29 - 2014-07-23 03:27 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2016-02-19 21:08 - 2014-03-11 15:44 - 00007891 _____ C:\WINDOWS\BRRBCOM.INI
    2016-02-18 10:16 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\rescache
    2016-02-18 08:38 - 2015-11-23 15:58 - 00000000 ____D C:\Users\DefaultAppPool
    2016-02-15 10:02 - 2015-11-23 08:13 - 00000000 ___RD C:\Users\start_000\Desktop\Performance
    2016-02-15 08:51 - 2013-12-05 12:58 - 00000000 __RHD C:\Users\Public\AccountPictures
    2016-02-15 08:49 - 2014-12-22 10:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2016-02-15 08:48 - 2015-10-30 04:07 - 00000000 ____D C:\Program Files\Windows Journal
    2016-02-14 10:27 - 2015-11-23 18:51 - 00000000 ___DC C:\WINDOWS\Panther
    2016-02-14 10:27 - 2014-03-11 19:44 - 00057728 _____ C:\WINDOWS\diagwrn.xml
    2016-02-14 10:27 - 2014-03-11 19:44 - 00055848 _____ C:\WINDOWS\diagerr.xml
    2016-02-12 09:34 - 2014-03-11 17:31 - 00000000 ____D C:\WINDOWS\system32\MRT
    2016-02-12 09:31 - 2014-03-11 17:31 - 146614896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2016-02-10 17:01 - 2015-10-30 02:11 - 00000000 ____D C:\WINDOWS\CbsTemp
    2016-02-09 11:30 - 2014-07-23 03:17 - 00000000 ____D C:\Program Files\Java
    2016-02-09 11:29 - 2015-08-21 14:17 - 00000000 ____D C:\Users\start_000\.oracle_jre_usage
    2016-02-09 11:29 - 2014-03-11 18:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2016-02-09 11:24 - 2015-06-12 18:10 - 00000000 ____D C:\Users\start_000\Documents\My Filehippo Downloads
    2016-02-08 10:14 - 2014-07-22 13:58 - 00000000 ____D C:\Users\start_000\AppData\Local\VirtualStore
    2016-02-07 10:36 - 2014-07-22 18:27 - 00000000 ___RD C:\Users\start_000\OneDrive
    2016-02-06 14:11 - 2014-12-27 09:07 - 00000000 ____D C:\Users\start_000\Downloads\Intel Components
    2016-02-05 17:19 - 2014-07-22 13:58 - 00000000 ____D C:\Users\start_000\AppData\Local\Packages
    2016-02-05 17:16 - 2016-01-19 09:18 - 00000000 ____D C:\Users\start_000\Desktop\Upstate NY Pics
    2016-02-05 08:45 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\registration
    2016-02-05 08:24 - 2014-12-17 15:24 - 00000000 ____D C:\Users\start_000\AppData\Local\ElevatedDiagnostics
    2016-02-04 09:05 - 2015-01-11 09:42 - 00000000 ____D C:\ProgramData\AVAST Software
    2016-02-02 09:04 - 2014-03-11 16:01 - 00000000 ____D C:\ProgramData\Package Cache
    2016-02-02 09:03 - 2015-11-07 16:00 - 00000000 ____D C:\Program Files (x86)\Garmin
    2016-01-30 10:13 - 2015-11-09 15:31 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
    2016-01-30 10:12 - 2015-10-30 02:24 - 00000000 ___SD C:\WINDOWS\system32\F12
    2016-01-30 10:12 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
    2016-01-30 10:12 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
    2016-01-30 10:12 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
    2016-01-30 10:12 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\oobe
    2016-01-30 10:12 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
    2016-01-30 10:12 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\bcastdvr
    2016-01-30 10:04 - 2014-11-26 13:50 - 00000178 _____ C:\Users\start_000\Desktop\Yahoo.url
    2016-01-29 09:03 - 2014-12-22 10:55 - 00001240 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2016-01-29 09:03 - 2014-12-22 10:55 - 00001228 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2016-01-26 09:16 - 2015-12-21 09:23 - 00000867 _____ C:\Users\Public\Desktop\CCleaner.lnk

    ==================== Files in the root of some directories =======

    2014-07-22 16:09 - 2014-07-22 16:09 - 0000017 _____ () C:\Users\start_000\AppData\Local\resmon.resmoncfg
    2013-10-09 14:46 - 2013-10-09 14:46 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
    2013-10-09 14:43 - 2013-10-09 14:43 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
    2013-10-09 14:43 - 2013-10-09 14:44 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
    2013-10-09 14:42 - 2013-10-09 14:42 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
    2013-10-09 14:45 - 2013-10-09 14:46 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log

    Some files in TEMP:
    ====================
    C:\Users\start_000\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-02-13 09:32

    ==================== End of FRST.txt ============================

     

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:17-02-2016
    Ran by start_000 (2016-02-22 16:09:23)
    Running from C:\Users\start_000\Desktop
    Windows 10 Home (X64) (2015-11-23 21:20:35)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-4239315751-2608994865-2960470113-500 - Administrator - Disabled) => C:\Users\Administrator
    DefaultAccount (S-1-5-21-4239315751-2608994865-2960470113-503 - Limited - Disabled)
    Guest (S-1-5-21-4239315751-2608994865-2960470113-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-4239315751-2608994865-2960470113-1007 - Limited - Enabled)
    start_000 (S-1-5-21-4239315751-2608994865-2960470113-1008 - Administrator - Enabled) => C:\Users\start_000

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20059 - Adobe Systems Incorporated)
    Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.3.183 - Adobe Systems, Inc.)
    ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
    Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2253 - AVAST Software)
    Brother MFL-Pro Suite MFC-J475DW (HKLM-x32\...\{7B4C83B6-17C1-4BFD-B86D-4D7AD4498CBB}) (Version: 1.0.3.0 - Brother Industries, Ltd.)
    Brother Product Research and Support Program (HKLM-x32\...\{8040527F-DD74-4B45-8A06-C4BF145B6C76}) (Version: 2.1.1.0002 - Brother Industries, Ltd.)
    CCleaner (HKLM\...\CCleaner) (Version: 5.14 - Piriform)
    Combined Community Codec Pack 2014-07-13 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2014.07.13.0 - CCCP Project)
    Conexant HD Audio (HKLM-x32\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 1.0.50.0 - Conexant)
    Conexant SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.50.12.0 - Conexant)
    CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 11.0 - CyberLink Corp.)
    CyberLink PowerDVD 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.4412.58 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.5.0.0 - Dell Inc.)
    Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.5.0.0 - Dell Inc.)
    Dell System Detect (HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\73f463568823ebbe) (Version: 5.13.0.1 - Dell)
    Dell Wireless Driver Installation (HKLM-x32\...\{451517F1-7E41-400B-AA36-FB7E2563526D}) (Version: 10.0 - Dell)
    Digital Advertising Alliance Protect My Choices (Beta) (HKLM-x32\...\{B0E895EC-AF4D-48EB-A03B-18DA8ACF5F9A}) (Version: 1.6.0.0 - Digital Advertising Alliance)
    DSC/AA Factory Installer (Version: 3.3.6261.27 - PC-Doctor, Inc.) Hidden
    Elevated Installer (x32 Version: 4.1.16.0 - Garmin Ltd or its subsidiaries) Hidden
    FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version:  - FileHippo.com)
    Garmin Express (x32 Version: 4.1.16.0 - Garmin Ltd or its subsidiaries) Hidden
    Garmin Express Tray (x32 Version: 4.1.16.0 - Garmin Ltd or its subsidiaries) Hidden
    Intel Driver Update Utility (HKLM-x32\...\{a699b395-cd93-4135-85ec-828113841355}) (Version: 2.2.0.6 - Intel)
    Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
    Intel® Driver Update Utility 2.2.0.6 (x32 Version: 2.2.0.1 - Intel) Hidden
    Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
    Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
    Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
    IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
    Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
    Java 8 Update 72 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418072F0}) (Version: 8.0.720.15 - Oracle Corporation)
    Java 8 Update 74 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418074F0}) (Version: 8.0.740.2 - Oracle Corporation)
    Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
    Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4787.1002 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Mozilla Firefox 44.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 en-US)) (Version: 44.0.2 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla)
    MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
    My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.3.6261.27 - PC-Doctor, Inc.)
    Nuance PaperPort 12 (HKLM-x32\...\{869FCC6C-5669-4B0B-827E-2BBAACD88A87}) (Version: 12.1.0006 - Nuance Communications, Inc.)
    Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
    Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4787.1002 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (Version: 15.0.4787.1002 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4787.1002 - Microsoft Corporation) Hidden
    PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)
    PocketCloud (HKLM-x32\...\{AAF1E996-6AE6-4684-88A8-41F4E98E2899}) (Version: 2.6.21 - Wyse Technology)
    Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.30136 - Realtek Semiconductor Corp.)
    SafeZone Stable 1.48.2066.44 (x32 Version: 1.48.2066.44 - Avast Software) Hidden
    Scansoft PDF Professional (x32 Version:  - ) Hidden
    Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1208 - SUPERAntiSpyware.com)
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    System Requirements Lab for Intel (HKLM-x32\...\{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}) (Version: 4.5.22.0 - Husdawg, LLC)
    TomTom HOME (HKLM-x32\...\{0E09BE17-EDEA-42CA-8974-42A587F51510}) (Version: 2.9.8 - TomTom)
    TomTom HOME (HKLM-x32\...\{5DCB2EB3-87AD-426E-8D74-8B92C9D731C4}) (Version: 2.9.8 - TomTom)
    TomTom HOME (HKLM-x32\...\{BB05590A-6602-43F3-A400-77EA0976BC0A}) (Version: 2.9.8 - TomTom)
    TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
    Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.3.1 - Tweaking.com)
    Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
    Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
    WModem Driver Installer (HKLM-x32\...\HTC_WModemDriver) (Version: 3.0.9.0 - HTC)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\start_000\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {0AE30774-2E87-4745-8D50-C923A8791957} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {15BAC307-8ACF-4219-9AE7-66D541C2FA5A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-02-12] (Microsoft Corporation)
    Task: {16777BE2-E394-4E04-85C6-751F5A790E48} - \ProfessionalCleaningSoftware_Popup -> No File <==== ATTENTION
    Task: {2366C53B-764F-4A67-96E0-374D1BAA0F0D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {3F66089B-EF64-45AF-AA9D-1D7161B4782A} - \ProPCCleaner_Start -> No File <==== ATTENTION
    Task: {416C35DB-11E1-416B-BB02-D43ACA7B80AF} - System32\Tasks\SafeZone scheduled Autoupdate 1454594977 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-02-01] (Avast Software)
    Task: {43706976-862E-470D-A13D-F89954D98F51} - \SystemToolsDailyTest -> No File <==== ATTENTION
    Task: {468AF792-E386-481A-8CEF-A2B8F84ABC49} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
    Task: {47F550B7-EDF7-4828-9C2A-907D8E694CCD} - System32\Tasks\PocketCloudVirtualChannel => C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WPCRDPVirtualChannelServer.exe
    Task: {4EFC3408-8DC0-48FE-9322-B9210341B79F} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-12-22] (Microsoft Corporation)
    Task: {504BD9DC-D44A-4B7C-9A29-2D62386F14AC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-28] (Microsoft Corporation)
    Task: {506E8EA5-3088-46D8-A599-475966FE7BC4} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-02-04] (AVAST Software)
    Task: {51B2365D-1F26-43B0-9AFB-38DC6F9000E5} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-04] (CyberLink)
    Task: {568D2607-2E95-4D32-82E0-0BC464E51599} - \PCDoctorBackgroundMonitorTask -> No File <==== ATTENTION
    Task: {5C1E17B6-33A6-4B92-85A1-08BF5196D5F1} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {5D277F32-B4A8-4C34-AD42-B65329D0630C} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {69144A40-0124-430B-B3F8-B22DCE590922} - \ProPCCleaner_Popup -> No File <==== ATTENTION
    Task: {6C71B6A5-9904-484E-93D6-0B8537CCA0D0} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.)
    Task: {71C9B2DE-7999-4745-B97B-A5399F3AB7F8} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {7964398A-221B-4809-AC53-40ED00D8ED85} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-01-15] (Piriform Ltd)
    Task: {7F7B6BB1-A4ED-4587-95BF-1343A39A74B7} - \ProfessionalCleaningSoftware_Start -> No File <==== ATTENTION
    Task: {8080D58F-F969-48BD-9B6E-EA6DFA8CFD76} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {8C726201-EFB2-45A5-8213-3ED0C8E42C15} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {8E9C390E-B679-44BC-975F-8E9954E01EFC} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {96C39582-E10C-4B38-BA54-2CE39A50A06B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-28] (Microsoft Corporation)
    Task: {9DAC99AF-40EB-4E23-B19B-F5E8D748B054} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {A2791BBA-30B1-4CF1-8DA8-3B7E91892AC0} - \PCDEventLauncherTask -> No File <==== ATTENTION
    Task: {AC7A934C-97E9-4D72-BCE7-C9235A09283D} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2016-01-28] ()
    Task: {B357D940-DADB-41F4-AAB1-2F0833166F51} - System32\Tasks\PocketCloud => C:\Program
    Task: {BCC5E87D-2245-47E2-B38C-1DBCC5C8AE05} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-10] (Adobe Systems Incorporated)
    Task: {CBECAE10-CCB7-4E4B-8994-FF26BDE300C2} - System32\Tasks\JetBoost_AutoUpdate => C:\Program Files (x86)\BlueSprig\JetBoost\AutoUpdate.exe
    Task: {CEE6A43F-6131-4E7E-AF16-356FCE6F3105} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-12-22] (Microsoft Corporation)
    Task: {CFC78AED-C551-4E41-975A-6071343F4BE8} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {D980C5EA-9D4A-498A-AA76-F972309D9970} - System32\Tasks\PocketCloudUpdater => C:\Program
    Task: {EE05D4C9-6234-4612-8442-C9CE60CD2F75} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2015-10-30 02:18 - 2015-10-30 02:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
    2013-10-17 14:27 - 2013-10-17 14:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
    2016-01-22 12:58 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
    2014-03-11 15:41 - 2005-04-21 23:36 - 00143360 _____ () C:\WINDOWS\system32\BrSNMP64.dll
    2015-12-03 14:11 - 2015-11-22 05:47 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
    2015-12-03 14:11 - 2015-11-22 05:47 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
    2015-10-28 16:26 - 2015-09-01 11:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2016-01-22 12:53 - 2016-01-22 12:53 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
    2016-01-12 15:36 - 2016-01-04 20:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2015-12-18 07:58 - 2015-12-06 23:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
    2015-12-18 07:58 - 2015-12-06 23:00 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
    2016-01-12 15:36 - 2016-01-04 20:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
    2016-01-12 15:36 - 2016-01-04 20:24 - 00936960 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
    2016-01-29 09:09 - 2016-01-16 00:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
    2016-01-29 09:09 - 2016-01-16 00:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
    2016-02-04 09:05 - 2016-02-04 09:05 - 00113496 _____ () C:\Program Files\AVAST Software\Avast\log.dll
    2016-02-04 09:05 - 2016-02-04 09:05 - 00133768 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
    2016-02-22 14:29 - 2016-02-22 14:29 - 02835968 _____ () C:\Program Files\AVAST Software\Avast\defs\16022201\algo.dll
    2016-02-04 09:05 - 2016-02-04 09:05 - 00480760 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
    2016-02-04 09:05 - 2016-02-04 09:05 - 00307808 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll
    2015-11-08 09:13 - 2014-10-16 10:26 - 00622880 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll
    2015-12-04 08:54 - 2015-12-04 08:54 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2014-12-23 11:32 - 2013-09-04 05:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
    2016-01-22 12:53 - 2016-01-22 12:53 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
    2016-01-22 12:53 - 2016-01-22 12:53 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\dell.com -> dell.com
    IE trusted site: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\localhost -> localhost
    IE trusted site: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\webcompanion.com -> hxxp://webcompanion.com
    IE restricted site: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\008k.com -> 008k.com
    IE restricted site: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\00hq.com -> 00hq.com
    IE restricted site: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\0190-dialers.com -> 0190-dialers.com
    IE restricted site: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\01i.info -> 01i.info
    IE restricted site: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
    IE restricted site: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\05p.com -> 05p.com
    IE restricted site: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
    IE restricted site: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
    IE restricted site: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
    IE restricted site: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\0calories.net -> 0calories.net
    IE restricted site: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\0cj.net -> 0cj.net
    IE restricted site: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\0scan.com -> 0scan.com
    IE restricted site: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
    IE restricted site: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\1-domains-registrations.com -> 1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\1-se.com -> 1-se.com
    IE restricted site: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\1001movie.com -> 1001movie.com
    IE restricted site: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\1001night.biz -> 1001night.biz
    IE restricted site: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\100gal.net -> 100gal.net
    IE restricted site: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\100sexlinks.com -> 100sexlinks.com

    There are 4790 more sites.


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\Control Panel\Desktop\\Wallpaper -> C:\Users\start_000\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\desktop background.bmp
    DNS Servers: 192.168.1.254
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\Services: WysePocketCloud => 2
    MSCONFIG\Services: WyseRemoteAccess => 2
    MSCONFIG\startupreg: BrHelp =>
    HKLM\...\StartupApproved\Run32: => "BrHelp"
    HKLM\...\StartupApproved\Run32: => "ControlCenter4"
    HKLM\...\StartupApproved\Run32: => "IndexSearch"
    HKLM\...\StartupApproved\Run32: => "PaperPort PTD"
    HKLM\...\StartupApproved\Run32: => "RemoteControl10"
    HKLM\...\StartupApproved\Run32: => "F-Secure Hoster (53784)"
    HKLM\...\StartupApproved\Run32: => "F-Secure Manager"
    HKLM\...\StartupApproved\Run32: => "PowerDVD14Agent"
    HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\StartupApproved\StartupFolder: => "Content Anywhere.lnk"
    HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\StartupApproved\Run: => "CCleaner Monitoring"
    HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\StartupApproved\Run: => "TomTomHOME.exe"
    HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\StartupApproved\Run: => "ISUSPM"
    HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\StartupApproved\Run: => "GarminExpressTrayApp"
    HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\StartupApproved\Run: => "Itibiti.exe"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [{31D76E43-1623-49C1-A52F-16193788A73C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{6024DDEF-A88F-4210-9CCC-C7AA6B7244EF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{0A367021-57DA-41DB-BB45-B5E248D7274E}] => (Allow) LPort=54925
    FirewallRules: [{B22FE7CE-E6BC-4179-9050-61414BF6E6C7}] => (Allow) C:\Program Files (x86)\Brother\Brmfl13b\FAXRX.EXE
    FirewallRules: [{66CD6CE6-02A2-4C0A-AFBF-04E41D97588A}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
    FirewallRules: [{FF80914C-0A38-4B5D-AA25-2D9F5B5D34EF}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
    FirewallRules: [{9528A3B1-F3DC-47F4-9860-DD41BB68DF3C}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
    FirewallRules: [{4B35E4D6-B875-499D-8100-37888DF01721}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
    FirewallRules: [{718A6E7D-462F-40F3-97F7-5DD609C5F5FD}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
    FirewallRules: [{3C99700C-C51E-4ADA-AC61-0284AAA6197F}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
    FirewallRules: [{C4F407F2-05BE-487A-A960-E3D3C38EC2F9}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
    FirewallRules: [{BFAB4BF0-1742-4B5D-8D88-B9202D85A153}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
    FirewallRules: [{6FEA035A-B718-442B-BEF9-9E2062C15298}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
    FirewallRules: [{083EA1E7-9E50-4298-8DA5-BDE5A7428DA3}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
    FirewallRules: [{935B70A3-F6FE-4C80-A69D-1D8E92E5A88A}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
    FirewallRules: [{BBC61E43-0536-4629-8F95-A22A8A5683D0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{B858A7E8-6B0D-44A2-8D57-442BA2453252}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

    ==================== Restore Points =========================

    02-02-2016 09:02:50 Garmin Express
    05-02-2016 08:30:22 Restore Operation
    10-02-2016 16:52:54 Windows Modules Installer
    10-02-2016 16:58:16 Windows Modules Installer
    22-02-2016 16:05:24 JRT Pre-Junkware Removal

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (02/22/2016 04:05:45 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: MicrosoftEdge.exe, version: 11.0.10586.103, time stamp: 0x56a84dc4
    Faulting module name: CoreUIComponents.dll, version: 0.0.0.0, time stamp: 0x565185e4
    Exception code: 0xc0000005
    Fault offset: 0x00000000000780cd
    Faulting process id: 0x988
    Faulting application start time: 0xMicrosoftEdge.exe0
    Faulting application path: MicrosoftEdge.exe1
    Faulting module path: MicrosoftEdge.exe2
    Report Id: MicrosoftEdge.exe3
    Faulting package full name: MicrosoftEdge.exe4
    Faulting package-relative application ID: MicrosoftEdge.exe5

    Error: (02/22/2016 04:05:31 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

    System Error:
    Access is denied.
    .

    Error: (02/22/2016 04:03:19 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: SkypeHost.exe, version: 10.1.2123.10, time stamp: 0x569054dc
    Faulting module name: SkyWrap.dll, version: 10.1.2123.10, time stamp: 0x569054c9
    Exception code: 0xc0000005
    Fault offset: 0x00ac6197
    Faulting process id: 0x1234
    Faulting application start time: 0xSkypeHost.exe0
    Faulting application path: SkypeHost.exe1
    Faulting module path: SkypeHost.exe2
    Report Id: SkypeHost.exe3
    Faulting package full name: SkypeHost.exe4
    Faulting package-relative application ID: SkypeHost.exe5

    Error: (02/22/2016 03:52:33 PM) (Source: Perflib) (EventID: 1008) (User: )
    Description: BITSC:\Windows\System32\bitsperf.dll8

    Error: (02/20/2016 08:51:23 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program MicrosoftEdge.exe version 11.0.10586.103 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

    Process ID: 2ef4

    Start Time: 01d16be45f1d7939

    Termination Time: 4294967295

    Application Path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

    Report Id: 057aea50-d7d9-11e5-bef5-c81f6612a0d1

    Faulting package full name: Microsoft.MicrosoftEdge_25.10586.0.0_neutral__8wekyb3d8bbwe

    Faulting package-relative application ID: MicrosoftEdge

    Error: (02/18/2016 12:34:11 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: microsoftedgecp.exe, version: 11.0.10586.20, time stamp: 0x56540c35
    Faulting module name: ntdll.dll, version: 10.0.10586.103, time stamp: 0x56a8483f
    Exception code: 0xc0000005
    Fault offset: 0x000000000002e849
    Faulting process id: 0x1d90
    Faulting application start time: 0xmicrosoftedgecp.exe0
    Faulting application path: microsoftedgecp.exe1
    Faulting module path: microsoftedgecp.exe2
    Report Id: microsoftedgecp.exe3
    Faulting package full name: microsoftedgecp.exe4
    Faulting package-relative application ID: microsoftedgecp.exe5

    Error: (02/18/2016 12:33:00 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: microsoftedgecp.exe, version: 11.0.10586.20, time stamp: 0x56540c35
    Faulting module name: chakra.dll, version: 11.0.10586.103, time stamp: 0x56a849ae
    Exception code: 0xc0000005
    Fault offset: 0x000000000018af4e
    Faulting process id: 0x2174
    Faulting application start time: 0xmicrosoftedgecp.exe0
    Faulting application path: microsoftedgecp.exe1
    Faulting module path: microsoftedgecp.exe2
    Report Id: microsoftedgecp.exe3
    Faulting package full name: microsoftedgecp.exe4
    Faulting package-relative application ID: microsoftedgecp.exe5

    Error: (02/17/2016 05:49:32 PM) (Source: MsiInstaller) (EventID: 1024) (User: RALPH)
    Description: Product: Adobe Acrobat Reader DC - Update '{AC76BA86-7AD7-0000-2550-AC0F0A4E5B00}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft....k/?LinkId=23127

    Error: (02/16/2016 04:42:39 PM) (Source: Perflib) (EventID: 1008) (User: )
    Description: BITSC:\Windows\System32\bitsperf.dll8

    Error: (02/16/2016 01:52:01 PM) (Source: SideBySide) (EventID: 35) (User: )
    Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
    Component identity found in manifest does not match the identity of the component requested.
    Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
    Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
    Please use sxstrace.exe for detailed diagnosis.


    System errors:
    =============
    Error: (02/22/2016 03:44:34 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
    Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}

    Error: (02/22/2016 03:40:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The User Data Access_51d49 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (02/22/2016 03:40:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The User Data Storage_51d49 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (02/22/2016 03:40:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Contact Data_51d49 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (02/22/2016 03:40:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Sync Host_51d49 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (02/22/2016 03:40:21 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

    Error: (02/22/2016 03:39:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).

    Error: (02/22/2016 03:39:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

    Error: (02/22/2016 03:39:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Distributed Transaction Coordinator service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.

    Error: (02/22/2016 03:39:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Intel® Rapid Storage Technology service terminated unexpectedly.  It has done this 1 time(s).


    CodeIntegrity:
    ===================================
      Date: 2016-02-16 13:38:44.422
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

      Date: 2016-02-15 08:50:56.299
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

      Date: 2016-02-11 08:17:18.494
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

      Date: 2016-01-30 10:17:20.553
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

      Date: 2016-01-12 16:27:28.721
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

      Date: 2016-01-10 17:02:02.045
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

      Date: 2016-01-07 15:01:36.542
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

      Date: 2016-01-03 15:20:15.793
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

      Date: 2015-12-31 09:44:17.931
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

      Date: 2015-12-20 09:58:15.378
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Intel® Core™ i5-3330 CPU @ 3.00GHz
    Percentage of memory in use: 25%
    Total physical RAM: 8063.52 MB
    Available physical RAM: 6019.29 MB
    Total Virtual: 9343.52 MB
    Available Virtual: 7251.35 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:917.83 GB) (Free:852.21 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: 80870621)

    Partition: GPT.

    ==================== End of Addition.txt ============================


    • 0

    #4
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,029 posts
    • MVP
     
    Download the attached fixlist.txt to the same location as FRST
     
    [attachment=80418:fixFrst.txt]
     
    Run FRST and press Fix
    A fix log will be generated please post that 

    • 0

    #5
    starter005

    starter005

      Member

    • Topic Starter
    • Member
    • PipPip
    • 35 posts

    I'm a little confused. I clicked on the link and all I got was "open", "open folder", and "view downloads".  How do I download it to FRST?


    • 0

    #6
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,029 posts
    • MVP

    My mistake,  Let's try it again with this fixlist:

     

    [attachment=80425:fixlist.txt]


    • 0

    #7
    starter005

    starter005

      Member

    • Topic Starter
    • Member
    • PipPip
    • 35 posts

    I click on it and it opens but I can't drag it into the  FRST Tool. If I click fix it says no fixit.txt found. Can you walk me through it?


    • 0

    #8
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,029 posts
    • MVP

    No you don't drag it.  This is not Combofix.  Just make sure fixlist.txt is in the same folder as FRST then right click on FRST and Run As Admin.  Press the Fix button when FRST comes up and it should find it on its own.


    • 0

    #9
    starter005

    starter005

      Member

    • Topic Starter
    • Member
    • PipPip
    • 35 posts

    Ok, I ran the fix but my PC restarted and I don't see the fix file from FRST


    • 0

    #10
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,029 posts
    • MVP

    Should be a fixlog.txt in the same folder as FRST


    • 0

    Advertisements


    #11
    starter005

    starter005

      Member

    • Topic Starter
    • Member
    • PipPip
    • 35 posts

    Fix result of Farbar Recovery Scan Tool (x64) Version:21-02-2016 01
    Ran by start_000 (2016-02-23 16:29:07) Run:1
    Running from C:\Users\start_000\Downloads
    Loaded Profiles: start_000 (Available Profiles: start_000 & Administrator & DefaultAppPool)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596016 2016-01-29] (Oracle Corporation)
    Winlogon\Notify\igfxcui: igfxdev.dll [X]
    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
    Toolbar: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
    S0 ngvss; no ImagePath
    2016-02-22 16:05 - 2015-10-22 14:41 - 00000000 ____D C:\Program Files (x86)\IObit
    2016-02-22 16:05 - 2015-03-22 09:07 - 00000000 ____D C:\Users\start_000\AppData\Roaming\IObit
    2016-02-22 16:05 - 2015-03-22 09:07 - 00000000 ____D C:\ProgramData\IObit
    Task: {0AE30774-2E87-4745-8D50-C923A8791957} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {16777BE2-E394-4E04-85C6-751F5A790E48} - \ProfessionalCleaningSoftware_Popup -> No File <==== ATTENTION
    Task: {2366C53B-764F-4A67-96E0-374D1BAA0F0D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {3F66089B-EF64-45AF-AA9D-1D7161B4782A} - \ProPCCleaner_Start -> No File <==== ATTENTION
    Task: {43706976-862E-470D-A13D-F89954D98F51} - \SystemToolsDailyTest -> No File <==== ATTENTION
    Task: {568D2607-2E95-4D32-82E0-0BC464E51599} - \PCDoctorBackgroundMonitorTask -> No File <==== ATTENTION
    Task: {5C1E17B6-33A6-4B92-85A1-08BF5196D5F1} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {5D277F32-B4A8-4C34-AD42-B65329D0630C} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {69144A40-0124-430B-B3F8-B22DCE590922} - \ProPCCleaner_Popup -> No File <==== ATTENTION
    Task: {71C9B2DE-7999-4745-B97B-A5399F3AB7F8} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {7F7B6BB1-A4ED-4587-95BF-1343A39A74B7} - \ProfessionalCleaningSoftware_Start -> No File <==== ATTENTION
    Task: {8080D58F-F969-48BD-9B6E-EA6DFA8CFD76} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {8C726201-EFB2-45A5-8213-3ED0C8E42C15} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {8E9C390E-B679-44BC-975F-8E9954E01EFC} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {9DAC99AF-40EB-4E23-B19B-F5E8D748B054} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {A2791BBA-30B1-4CF1-8DA8-3B7E91892AC0} - \PCDEventLauncherTask -> No File <==== ATTENTION
    Task: {B357D940-DADB-41F4-AAB1-2F0833166F51} - System32\Tasks\PocketCloud => C:\Program
    Task: {CBECAE10-CCB7-4E4B-8994-FF26BDE300C2} - System32\Tasks\JetBoost_AutoUpdate => C:\Program Files (x86)\BlueSprig\JetBoost\AutoUpdate.exe
    Task: {CFC78AED-C551-4E41-975A-6071343F4BE8} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {D980C5EA-9D4A-498A-AA76-F972309D9970} - System32\Tasks\PocketCloudUpdater => C:\Program
    Task: {EE05D4C9-6234-4612-8442-C9CE60CD2F75} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    FirewallRules: [{3C99700C-C51E-4ADA-AC61-0284AAA6197F}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
    FirewallRules: [{C4F407F2-05BE-487A-A960-E3D3C38EC2F9}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
    FirewallRules: [{BFAB4BF0-1742-4B5D-8D88-B9202D85A153}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
    FirewallRules: [{6FEA035A-B718-442B-BEF9-9E2062C15298}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
    FirewallRules: [{083EA1E7-9E50-4298-8DA5-BDE5A7428DA3}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
    FirewallRules: [{935B70A3-F6FE-4C80-A69D-1D8E92E5A88A}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
    EmptyTemp:













    *****************

    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui" => key removed successfully
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value removed successfully
    HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => key not found.
    HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
    HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
    ngvss => service removed successfully
    C:\Program Files (x86)\IObit => moved successfully
    C:\Users\start_000\AppData\Roaming\IObit => moved successfully
    C:\ProgramData\IObit => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0AE30774-2E87-4745-8D50-C923A8791957}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0AE30774-2E87-4745-8D50-C923A8791957}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{16777BE2-E394-4E04-85C6-751F5A790E48}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{16777BE2-E394-4E04-85C6-751F5A790E48}" => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProfessionalCleaningSoftware_Popup => key not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2366C53B-764F-4A67-96E0-374D1BAA0F0D}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2366C53B-764F-4A67-96E0-374D1BAA0F0D}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3F66089B-EF64-45AF-AA9D-1D7161B4782A}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3F66089B-EF64-45AF-AA9D-1D7161B4782A}" => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProPCCleaner_Start => key not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{43706976-862E-470D-A13D-F89954D98F51}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{43706976-862E-470D-A13D-F89954D98F51}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SystemToolsDailyTest" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{568D2607-2E95-4D32-82E0-0BC464E51599}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{568D2607-2E95-4D32-82E0-0BC464E51599}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCDoctorBackgroundMonitorTask" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5C1E17B6-33A6-4B92-85A1-08BF5196D5F1}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5C1E17B6-33A6-4B92-85A1-08BF5196D5F1}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5D277F32-B4A8-4C34-AD42-B65329D0630C}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5D277F32-B4A8-4C34-AD42-B65329D0630C}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{69144A40-0124-430B-B3F8-B22DCE590922}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{69144A40-0124-430B-B3F8-B22DCE590922}" => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProPCCleaner_Popup => key not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{71C9B2DE-7999-4745-B97B-A5399F3AB7F8}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{71C9B2DE-7999-4745-B97B-A5399F3AB7F8}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7F7B6BB1-A4ED-4587-95BF-1343A39A74B7}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7F7B6BB1-A4ED-4587-95BF-1343A39A74B7}" => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProfessionalCleaningSoftware_Start => key not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8080D58F-F969-48BD-9B6E-EA6DFA8CFD76}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8080D58F-F969-48BD-9B6E-EA6DFA8CFD76}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8C726201-EFB2-45A5-8213-3ED0C8E42C15}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8C726201-EFB2-45A5-8213-3ED0C8E42C15}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8E9C390E-B679-44BC-975F-8E9954E01EFC}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8E9C390E-B679-44BC-975F-8E9954E01EFC}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9DAC99AF-40EB-4E23-B19B-F5E8D748B054}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9DAC99AF-40EB-4E23-B19B-F5E8D748B054}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A2791BBA-30B1-4CF1-8DA8-3B7E91892AC0}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A2791BBA-30B1-4CF1-8DA8-3B7E91892AC0}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCDEventLauncherTask" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B357D940-DADB-41F4-AAB1-2F0833166F51}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B357D940-DADB-41F4-AAB1-2F0833166F51}" => key removed successfully
    C:\WINDOWS\System32\Tasks\PocketCloud => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PocketCloud" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CBECAE10-CCB7-4E4B-8994-FF26BDE300C2}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CBECAE10-CCB7-4E4B-8994-FF26BDE300C2}" => key removed successfully
    C:\WINDOWS\System32\Tasks\JetBoost_AutoUpdate => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\JetBoost_AutoUpdate" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CFC78AED-C551-4E41-975A-6071343F4BE8}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CFC78AED-C551-4E41-975A-6071343F4BE8}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D980C5EA-9D4A-498A-AA76-F972309D9970}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D980C5EA-9D4A-498A-AA76-F972309D9970}" => key removed successfully
    C:\WINDOWS\System32\Tasks\PocketCloudUpdater => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PocketCloudUpdater" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EE05D4C9-6234-4612-8442-C9CE60CD2F75}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EE05D4C9-6234-4612-8442-C9CE60CD2F75}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3C99700C-C51E-4ADA-AC61-0284AAA6197F} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C4F407F2-05BE-487A-A960-E3D3C38EC2F9} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BFAB4BF0-1742-4B5D-8D88-B9202D85A153} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6FEA035A-B718-442B-BEF9-9E2062C15298} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{083EA1E7-9E50-4298-8DA5-BDE5A7428DA3} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{935B70A3-F6FE-4C80-A69D-1D8E92E5A88A} => value removed successfully
    EmptyTemp: => 655.8 MB temporary data Removed.


    The system needed a reboot.

    ==== End of Fixlog 16:29:31 ====


    • 0

    #12
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,029 posts
    • MVP

    search the Command Prompt, right-click it, and select Run as Administrator.  This should bring up a black window.  Type with an Enter after the line:

    DISM  /Online  /Cleanup-Image  /RestoreHealth

    This will take maybe 15 minutes to run.  If it finishes without an error then do

    sfc  /scannow

    Does this say it was able to fix everything?

     

    If not

     

    Copy the next two lines:

     

    findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 
    notepad \windows\logs\cbs\junk.txt 

    Come back to the Command Prompt window and right click and Paste (or Edit then Paste) and the copied lines should appear.  Hit Enter if notepad does not pop up.  Copy and paste the text into a Reply.

     

    Either way do the next step:

     

     
    1. Please download the Event Viewer Tool by Vino Rosso
    and save it to your Desktop:
    2. Right-click VEW.exe and Run AS Administrator
    3. Under 'Select log to query', select:
     
    * System
    4. Under 'Select type to list', select:
    * Error
    * Warning
     
     
    Then use the 'Number of events' as follows:
     
     
    1. Click the radio button for 'Number of events'
    Type 20 in the 1 to 20 box
    Then click the Run button.
    Notepad will open with the output log.
     
     
    Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)
     

    • 0

    #13
    starter005

    starter005

      Member

    • Topic Starter
    • Member
    • PipPip
    • 35 posts

    It wouldn't run

    I got an error message:

     

    ERROR:5

    An error occured. The directory in the temporary folder C:\Users\START_~1\AppData\Local\Temp\ could not be created. Ensure that the path to the temporary folder exists and that you have read/write permissions on the folder. The DISM log file can be found at C:\WINDOWS\Logs\DISM\dism.log


    • 0

    #14
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,029 posts
    • MVP

    C:\Users\START_~1\AppData\Local\Temp\ 

     

     

    is a hidden folder location so tell windows you want to see hidden files:

     

    http://www.howtogeek...-windows-vista/

     

    then navigate to C:\Users\START_000\AppData\Local\Temp\ 

     

    and see if it lets you make a new folder.  If not what error message do you get?


    • 0

    #15
    starter005

    starter005

      Member

    • Topic Starter
    • Member
    • PipPip
    • 35 posts

    I had to click continue to gain access and it let me in. Now what?


    • 0






    Similar Topics

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP