Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer very slow and appears to be infected [Closed]

Virus Malware infected

  • This topic is locked This topic is locked

#1
Laura B

Laura B

    Member

  • Member
  • PipPip
  • 29 posts

My computer has gotten very slow. I have been downloading clipart so I think I may have gotten something from one of the downloads. The Processes tab in the Task Manager shows 95% to 100% use but cannot tell what is causing the usage. Java ™ Platform SE binary (32 bit) is at the top of the list and when I end the process, it just comes back. I also tried to uninstall Java and still it comes back. I uninstalled Google Crome too, but that has had not affect. I ran Malwarebytes and Ccleaner which worked until I rebooted the computer.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-02-2016
Ran by Laura (administrator) on LAURA (20-02-2016 12:54:41)
Running from C:\Users\Laura\Desktop
Loaded Profiles: Laura (Available Profiles: Laura)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
() C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\n360.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe
() C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
(Dell Inc.) C:\Program Files (x86)\DELL\SupportAssistAgent\bin\SupportAssistAgent.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Wyse Technology.) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
(TechSmith Corporation) C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(DELL INC.) C:\Program Files (x86)\DELL\DELLOSD\MediaButtons.exe
(DELL INC.) C:\Program Files (x86)\DELL\DELLOSD\DELLOSD.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\n360.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Amazon.com Inc.) C:\Users\Laura\AppData\Local\Amazon Cloud Drive\AmazonCloudDrive.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIKBE.EXE
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIKBE.EXE
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 12\Snagit32.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Amazon Digital Services, LLC.) C:\Users\Laura\AppData\Local\Apps\2.0\OVG7B4O8.MJR\0OE0RBP6.GM5\amaz..tion_f2fa081ea2183235_0002.0004_9f25fd1982bf3008\AmazonCloudDrive.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 12\SnagPriv.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Sun Microsystems, Inc.) C:\Users\Laura\AppData\Local\Apps\2.0\OVG7B4O8.MJR\0OE0RBP6.GM5\amaz..tion_f2fa081ea2183235_0002.0004_9f25fd1982bf3008\LocalServiceJre\bin\AmazonCloudDriveW.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 12\TscHelp.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 12\SnagitEditor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.0_none_95e4f9a171a1ad95\TiWorker.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8512760 2015-12-02] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-12-02] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-09] (Apple Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133440 2012-07-20] (Intel Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [102928 2012-10-23] (CyberLink Corp.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310064 2014-06-13] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [650784 2015-12-22] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863776 2015-12-22] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1065968 2015-07-23] (SEIKO EPSON CORPORATION)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1952728211-2621831436-1186278313-1001\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [843568 2014-06-13] (Samsung)
HKU\S-1-5-21-1952728211-2621831436-1186278313-1001\...\Run: [Amazon Music] => C:\Users\Laura\AppData\Local\Amazon Music\Amazon Music Helper.exe [5895968 2016-02-01] ()
HKU\S-1-5-21-1952728211-2621831436-1186278313-1001\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1952728211-2621831436-1186278313-1001\...\Run: [Amazon Cloud Drive] => C:\Users\Laura\AppData\Local\Amazon Cloud Drive\AmazonCloudDrive.exe [2017568 2016-02-11] (Amazon.com Inc.)
HKU\S-1-5-21-1952728211-2621831436-1186278313-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIKBE.EXE [298560 2013-09-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1952728211-2621831436-1186278313-1001\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIKBE.EXE [298560 2013-09-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1952728211-2621831436-1186278313-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8619224 2016-01-15] (Piriform Ltd)
HKU\S-1-5-21-1952728211-2621831436-1186278313-1001\...\Policies\Explorer: [HideSCAHealth] 1
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\WINDOWS\system32\mscoree.dll [2015-10-30] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\WINDOWS\system32\mscoree.dll [2015-10-30] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-01-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-01-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-01-21] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 12.lnk [2015-04-14]
ShortcutTarget: Snagit 12.lnk -> C:\Program Files (x86)\TechSmith\Snagit 12\Snagit32.exe (TechSmith Corporation)
Startup: C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Cloud Drive.appref-ms [2016-02-20] ()
Startup: C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-12-21]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{35e7d058-e921-40d8-a197-1e05a5e03b8a}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1952728211-2621831436-1186278313-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1952728211-2621831436-1186278313-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-1952728211-2621831436-1186278313-1001 -> DefaultScope {4DB7723C-24AB-407C-B385-3B140DA45EF2} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US679D20140720&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1952728211-2621831436-1186278313-1001 -> {4DB7723C-24AB-407C-B385-3B140DA45EF2} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US679D20140720&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1952728211-2621831436-1186278313-1001 -> {52A25C35-7EB3-4875-ABD8-29A6BA0E1EAF} URL =
SearchScopes: HKU\S-1-5-21-1952728211-2621831436-1186278313-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NSBU&chn=retail&geo=US&ver=22&locale=en_US&gct=kwd&qsrc=2869
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-12-15] (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine64\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2012-08-08] (Qualcomm Atheros Commnucations)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-01-21] (Microsoft Corporation)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-12-15] (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-01-21] (Microsoft Corporation)
BHO-x32: No Name -> {D40C654D-7C51-4EB3-95B2-1E23905C2A2D} -> No File
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
Toolbar: HKU\S-1-5-21-1952728211-2621831436-1186278313-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\uhll2yp5.default
FF DefaultSearchEngine.US: Google
FF SearchEngineOrder.1: Secure Search
FF SelectedSearchEngine: Secure Search
FF Keyword.URL: hxxps://search.yahoo.com/search?fr=mcafee&type=C111US679D20140720&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-10] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-10] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @glance.net/GlanceClient -> C:\Program Files (x86)\Glance29\npglance.dll [2014-09-16] (Glance Networks, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-09-02] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2015-06-20]
FF Extension: 20-20 3D Viewer - WEB - C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\uhll2yp5.default\Extensions\[email protected] [2015-07-29] [not signed]
FF Extension: Adblock Plus - C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\uhll2yp5.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-20]
FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-01-06]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon [2016-01-20]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2015-12-28] [not signed]

Chrome:
=======
CHR DefaultSearchURL: Default -> hxxp://nortonsafe.search.ask.com/web?q={searchTerms}&o=apn10506&prt=cr
CHR DefaultSearchKeyword: Default -> NortonSafe
CHR DefaultSuggestURL: Default -> hxxp://ss-sym.ask.com/query?q={searchTerms}&sstype=prefix&li=ff
CHR Profile: C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-02]
CHR Extension: (Google Docs) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-02]
CHR Extension: (Google Drive) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-25]
CHR Extension: (YouTube) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-02]
CHR Extension: (Norton Security Toolbar) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2016-01-28]
CHR Extension: (Google Search) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Norton Home Page for Chrome) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejbdobdndcjhdmljipngpeoekdinlohe [2015-10-02]
CHR Extension: (Google Sheets) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-02]
CHR Extension: (Google Docs Offline) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-19]
CHR Extension: (Norton Identity Safe) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-10-02]
CHR Extension: (Norton Safe) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2015-10-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-02]
CHR Extension: (Gmail) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-02]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\Exts\Chrome.crx [2015-12-04]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\Exts\Chrome.crx [2015-12-04]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S3 becldr3Service; C:\Program Files\BCL Technologies\easyConverter SDK 3\Common\becldr.exe [263168 2013-07-03] () [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2787512 2015-12-22] (Microsoft Corporation)
R2 Dell WMI Service; C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe [73728 2012-08-01] () [File not signed]
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2557136 2015-02-26] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-02-26] (Dell Inc.)
R2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [676336 2015-06-25] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-11-13] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-07-20] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\N360.exe [282016 2015-11-20] (Symantec Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312056 2015-12-02] (Realtek Semiconductor)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [19288 2015-04-10] (Dell Inc.)
R2 TechSmith Uploader Service; C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe [3408384 2015-01-26] (TechSmith Corporation) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-06-21] ()
R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [1436160 2012-11-29] (Wyse Technology.) [File not signed]
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-08-07] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\System32\drivers\athw10x.sys [4318760 2015-12-02] (Qualcomm Atheros Communications, Inc.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\BASHDefs\20160213.003\BHDrvx64.sys [1665608 2015-10-08] (Symantec Corporation)
R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [165376 2015-10-30] (Microsoft Corporation)
R3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [36864 2015-10-30] (Microsoft Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1605050.00F\ccSetx64.sys [173808 2015-07-10] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [23312 2015-01-30] (Dell Computer Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-11-18] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [157520 2015-11-18] (Symantec Corporation)
R3 FintekCIR; C:\Windows\system32\DRIVERS\FintekCIR.sys [33064 2013-07-25] (Fintek)
R1 glancedrv; C:\Windows\system32\DRIVERS\glancedrv.sys [36384 2009-05-13] (Glance Networks, Inc)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\IPSDefs\20160219.001\IDSvia64.sys [767224 2016-02-13] (Symantec Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80160 2015-02-13] (McAfee, Inc.)
R3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\VirusDefs\20160219.020\ENG64.SYS [138488 2016-01-16] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\VirusDefs\20160219.020\EX64.SYS [2148080 2016-01-16] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1605050.00F\SRTSP64.SYS [928496 2015-11-11] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1605050.00F\SRTSPX64.SYS [50936 2015-07-10] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1605050.00F\SYMEFASI64.SYS [1621232 2015-11-11] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\N360x64\1605050.00F\SymELAM.sys [24192 2015-07-10] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-08-02] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1605050.00F\Ironx64.SYS [297720 2015-07-10] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1605050.00F\SYMNETS.SYS [577768 2015-11-11] (Symantec Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-20 12:54 - 2016-02-20 12:56 - 00029467 _____ C:\Users\Laura\Desktop\FRST.txt
2016-02-20 12:54 - 2016-02-20 12:54 - 00000000 ____D C:\FRST
2016-02-20 12:53 - 2016-02-20 12:53 - 02371072 _____ (Farbar) C:\Users\Laura\Desktop\FRST64.exe
2016-02-20 12:30 - 2016-02-20 12:30 - 00373320 _____ C:\Users\Laura\Desktop\cc_20160220_122958.reg
2016-02-20 12:28 - 2016-02-20 12:28 - 00002850 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2016-02-20 12:28 - 2016-02-20 12:28 - 00000865 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-02-20 12:28 - 2016-02-20 12:28 - 00000000 ____D C:\Program Files\CCleaner
2016-02-20 12:27 - 2016-02-20 12:27 - 06828320 _____ (Piriform Ltd) C:\Users\Laura\Downloads\ccsetup514.exe
2016-02-20 11:38 - 2016-02-20 11:39 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-02-20 11:38 - 2016-02-20 11:38 - 00001177 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-02-20 11:38 - 2016-02-20 11:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-02-20 11:38 - 2016-02-20 11:38 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-02-20 11:38 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-02-20 11:38 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-02-20 11:38 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-02-20 11:34 - 2016-02-20 11:34 - 22908888 _____ (Malwarebytes ) C:\Users\Laura\Downloads\mbam-setup-2.2.0.1024.exe
2016-02-20 10:29 - 2016-02-20 10:29 - 00000000 ____D C:\NPE
2016-02-20 10:24 - 2016-02-20 10:48 - 00000000 ____D C:\Users\Laura\AppData\Local\NPE
2016-02-19 15:20 - 2016-02-19 15:20 - 05512933 _____ C:\Users\Laura\Downloads\Frame14.svg
2016-02-19 15:16 - 2016-02-19 15:16 - 00390473 _____ C:\Users\Laura\Downloads\Decorative-Ornamental-Frame-Border.svg
2016-02-19 11:42 - 2016-02-19 11:41 - 00385026 _____ C:\Users\Laura\Desktop\Shawn Mullins Apr 7.pdf
2016-02-19 11:41 - 2016-02-19 11:41 - 00385026 _____ C:\Users\Laura\Downloads\095984440008.pdf
2016-02-16 15:37 - 2016-02-19 19:34 - 03209818 _____ C:\Users\Laura\Downloads\~taxReturn (1).tax2015
2016-02-16 12:53 - 2016-02-19 19:38 - 03280266 _____ C:\Users\Laura\Downloads\taxReturn (1).tax2015
2016-02-16 12:32 - 2016-02-19 17:59 - 00000000 ____D C:\Users\Laura\Desktop\TroyTax
2016-02-16 12:26 - 2016-02-16 12:26 - 00030329 _____ C:\Users\Laura\Downloads\2015_Form1095C.pdf
2016-02-16 11:29 - 2016-02-16 11:29 - 00000000 ____D C:\Users\Laura\AppData\Local\Intuit
2016-02-16 11:28 - 2016-02-16 12:42 - 00000000 ____D C:\Users\Laura\Documents\TurboTax
2016-02-16 11:25 - 2016-02-16 11:28 - 00000000 ____D C:\Users\Laura\AppData\Roaming\Intuit
2016-02-16 11:24 - 2016-02-16 13:47 - 00000469 _____ C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2016-02-16 11:24 - 2016-02-16 11:24 - 00002531 _____ C:\Users\Public\Desktop\TurboTax 2015.lnk
2016-02-16 11:24 - 2016-02-16 11:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2015
2016-02-16 11:23 - 2016-02-16 11:24 - 00000000 ____D C:\ProgramData\Intuit
2016-02-16 11:23 - 2016-02-16 11:23 - 00000000 ____D C:\Program Files (x86)\TurboTax
2016-02-16 11:22 - 2016-02-16 11:22 - 118776896 _____ C:\Users\Laura\Downloads\TurboTax_Premier_2015_Federal__State_Taxes__Fed_Efile_Tax_Preparation_Software_-_PC_Download.exe
2016-02-16 11:05 - 2016-02-16 11:05 - 01068240 _____ C:\Users\Laura\Downloads\taxReturn.tax2015
2016-02-12 18:09 - 2016-02-20 10:30 - 00000000 ____D C:\Users\Laura\AppData\Local\Amazon Cloud Drive
2016-02-10 11:01 - 2016-01-27 00:37 - 01998176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-02-10 11:01 - 2016-01-27 00:10 - 22394368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-02-10 11:01 - 2016-01-27 00:05 - 19339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-02-10 11:01 - 2016-01-27 00:05 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-02-10 11:01 - 2016-01-27 00:04 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-02-10 11:01 - 2016-01-26 23:58 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-02-10 11:01 - 2016-01-26 23:55 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-02-10 11:01 - 2016-01-26 23:54 - 24603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-02-10 11:01 - 2016-01-26 23:48 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-02-10 11:01 - 2016-01-26 23:41 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-02-10 11:00 - 2016-01-29 01:57 - 04502352 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-02-10 11:00 - 2016-01-29 01:33 - 04064320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-02-10 11:00 - 2016-01-27 01:15 - 01557776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-02-10 11:00 - 2016-01-27 01:15 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-02-10 11:00 - 2016-01-27 01:01 - 07476064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-02-10 11:00 - 2016-01-27 01:01 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-02-10 11:00 - 2016-01-27 01:01 - 01819720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-02-10 11:00 - 2016-01-27 00:59 - 00304752 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2016-02-10 11:00 - 2016-01-27 00:57 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-02-10 11:00 - 2016-01-27 00:57 - 01824264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-02-10 11:00 - 2016-01-27 00:57 - 00820704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-02-10 11:00 - 2016-01-27 00:56 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-02-10 11:00 - 2016-01-27 00:55 - 05242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-02-10 11:00 - 2016-01-27 00:55 - 00081112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpenWith.exe
2016-02-10 11:00 - 2016-01-27 00:54 - 00295264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-02-10 11:00 - 2016-01-27 00:46 - 02606824 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-02-10 11:00 - 2016-01-27 00:46 - 01270072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-02-10 11:00 - 2016-01-27 00:45 - 22564328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-02-10 11:00 - 2016-01-27 00:45 - 06605544 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-02-10 11:00 - 2016-01-27 00:44 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-02-10 11:00 - 2016-01-27 00:44 - 00085320 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpenWith.exe
2016-02-10 11:00 - 2016-01-27 00:43 - 00359776 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-02-10 11:00 - 2016-01-27 00:37 - 00576352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-02-10 11:00 - 2016-01-27 00:21 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-02-10 11:00 - 2016-01-27 00:15 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ztrace_maps.dll
2016-02-10 11:00 - 2016-01-27 00:13 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-02-10 11:00 - 2016-01-27 00:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-02-10 11:00 - 2016-01-27 00:11 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-02-10 11:00 - 2016-01-27 00:10 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2016-02-10 11:00 - 2016-01-27 00:08 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-02-10 11:00 - 2016-01-27 00:08 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ztrace_maps.dll
2016-02-10 11:00 - 2016-01-27 00:07 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iassam.dll
2016-02-10 11:00 - 2016-01-27 00:05 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-02-10 11:00 - 2016-01-27 00:05 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-02-10 11:00 - 2016-01-27 00:04 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-02-10 11:00 - 2016-01-27 00:03 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2016-02-10 11:00 - 2016-01-27 00:02 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2016-02-10 11:00 - 2016-01-27 00:01 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-02-10 11:00 - 2016-01-26 23:59 - 00258048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iassam.dll
2016-02-10 11:00 - 2016-01-26 23:57 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-02-10 11:00 - 2016-01-26 23:55 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-02-10 11:00 - 2016-01-26 23:52 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-02-10 11:00 - 2016-01-26 23:50 - 02230784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-02-10 11:00 - 2016-01-26 23:50 - 01504768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-02-10 11:00 - 2016-01-26 23:50 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2016-02-10 11:00 - 2016-01-26 23:49 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-02-10 11:00 - 2016-01-26 23:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cfgbkend.dll
2016-02-10 11:00 - 2016-01-26 23:42 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-02-10 11:00 - 2016-01-26 23:39 - 02275328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-02-10 11:00 - 2016-01-26 23:38 - 07835648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-02-10 11:00 - 2016-01-26 23:38 - 01734656 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-02-10 11:00 - 2016-01-26 23:37 - 04894720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-02-10 11:00 - 2016-01-26 23:36 - 02757120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-02-10 11:00 - 2016-01-26 23:32 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-02-10 11:00 - 2016-01-26 23:31 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\cfgbkend.dll
2016-01-27 13:37 - 2016-01-16 01:37 - 00202472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2016-01-27 13:37 - 2016-01-16 01:36 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-01-27 13:37 - 2016-01-16 01:36 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-01-27 13:37 - 2016-01-16 01:34 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-01-27 13:37 - 2016-01-16 01:24 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2016-01-27 13:37 - 2016-01-16 01:23 - 08728920 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-01-27 13:37 - 2016-01-16 01:23 - 00848160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-01-27 13:37 - 2016-01-16 01:23 - 00785088 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-01-27 13:37 - 2016-01-16 01:23 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-01-27 13:37 - 2016-01-16 01:23 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-01-27 13:37 - 2016-01-16 01:23 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-01-27 13:37 - 2016-01-16 01:21 - 01750440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2016-01-27 13:37 - 2016-01-16 01:20 - 06971752 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-01-27 13:37 - 2016-01-16 01:20 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-01-27 13:37 - 2016-01-16 01:20 - 00431240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2016-01-27 13:37 - 2016-01-16 01:20 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2016-01-27 13:37 - 2016-01-16 01:19 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-01-27 13:37 - 2016-01-16 01:19 - 00405568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-01-27 13:37 - 2016-01-16 01:12 - 01415200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-01-27 13:37 - 2016-01-16 01:09 - 01089880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-01-27 13:37 - 2016-01-16 01:08 - 01174008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-01-27 13:37 - 2016-01-16 01:08 - 00440152 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2016-01-27 13:37 - 2016-01-16 00:46 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-01-27 13:37 - 2016-01-16 00:45 - 16986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-01-27 13:37 - 2016-01-16 00:44 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-01-27 13:37 - 2016-01-16 00:44 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasadhlp.dll
2016-01-27 13:37 - 2016-01-16 00:44 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
2016-01-27 13:37 - 2016-01-16 00:43 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttpcom.dll
2016-01-27 13:37 - 2016-01-16 00:42 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-01-27 13:37 - 2016-01-16 00:42 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscoreext.dll
2016-01-27 13:37 - 2016-01-16 00:41 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-01-27 13:37 - 2016-01-16 00:40 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
2016-01-27 13:37 - 2016-01-16 00:40 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe
2016-01-27 13:37 - 2016-01-16 00:40 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasautou.exe
2016-01-27 13:37 - 2016-01-16 00:39 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll
2016-01-27 13:37 - 2016-01-16 00:38 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-01-27 13:37 - 2016-01-16 00:38 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-01-27 13:37 - 2016-01-16 00:38 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimCfg.dll
2016-01-27 13:37 - 2016-01-16 00:38 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbio.dll
2016-01-27 13:37 - 2016-01-16 00:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-01-27 13:37 - 2016-01-16 00:37 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-01-27 13:37 - 2016-01-16 00:37 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-01-27 13:37 - 2016-01-16 00:37 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2016-01-27 13:37 - 2016-01-16 00:36 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-01-27 13:37 - 2016-01-16 00:36 - 00475648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll
2016-01-27 13:37 - 2016-01-16 00:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-01-27 13:37 - 2016-01-16 00:36 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimAuth.dll
2016-01-27 13:37 - 2016-01-16 00:36 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
2016-01-27 13:37 - 2016-01-16 00:35 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-01-27 13:37 - 2016-01-16 00:35 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-01-27 13:37 - 2016-01-16 00:35 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasadhlp.dll
2016-01-27 13:37 - 2016-01-16 00:34 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2016-01-27 13:37 - 2016-01-16 00:34 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2016-01-27 13:37 - 2016-01-16 00:34 - 00477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2016-01-27 13:37 - 2016-01-16 00:34 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-01-27 13:37 - 2016-01-16 00:34 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttpcom.dll
2016-01-27 13:37 - 2016-01-16 00:33 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2016-01-27 13:37 - 2016-01-16 00:33 - 00574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2016-01-27 13:37 - 2016-01-16 00:33 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-01-27 13:37 - 2016-01-16 00:32 - 00621568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2016-01-27 13:37 - 2016-01-16 00:32 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe
2016-01-27 13:37 - 2016-01-16 00:31 - 00851456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-01-27 13:37 - 2016-01-16 00:31 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-01-27 13:37 - 2016-01-16 00:31 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-01-27 13:37 - 2016-01-16 00:31 - 00343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-01-27 13:37 - 2016-01-16 00:31 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasautou.exe
2016-01-27 13:37 - 2016-01-16 00:30 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-01-27 13:37 - 2016-01-16 00:30 - 01053696 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-01-27 13:37 - 2016-01-16 00:30 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-01-27 13:37 - 2016-01-16 00:30 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimCfg.dll
2016-01-27 13:37 - 2016-01-16 00:30 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winbio.dll
2016-01-27 13:37 - 2016-01-16 00:29 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-01-27 13:37 - 2016-01-16 00:29 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-01-27 13:37 - 2016-01-16 00:28 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-01-27 13:37 - 2016-01-16 00:28 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-01-27 13:37 - 2016-01-16 00:28 - 00884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2016-01-27 13:37 - 2016-01-16 00:28 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimAuth.dll
2016-01-27 13:37 - 2016-01-16 00:27 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-01-27 13:37 - 2016-01-16 00:26 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2016-01-27 13:37 - 2016-01-16 00:26 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-01-27 13:37 - 2016-01-16 00:26 - 00260608 _____ C:\WINDOWS\system32\MTFServer.dll
2016-01-27 13:37 - 2016-01-16 00:26 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-01-27 13:37 - 2016-01-16 00:25 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2016-01-27 13:37 - 2016-01-16 00:25 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-01-27 13:37 - 2016-01-16 00:25 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
2016-01-27 13:37 - 2016-01-16 00:24 - 02057216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-01-27 13:37 - 2016-01-16 00:24 - 00613888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-01-27 13:37 - 2016-01-16 00:24 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-01-27 13:37 - 2016-01-16 00:24 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-01-27 13:37 - 2016-01-16 00:23 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-01-27 13:37 - 2016-01-16 00:23 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-01-27 13:37 - 2016-01-16 00:21 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-01-27 13:37 - 2016-01-16 00:20 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-01-27 13:37 - 2016-01-16 00:20 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-01-27 13:37 - 2016-01-16 00:20 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-01-27 13:37 - 2016-01-16 00:20 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2016-01-27 13:37 - 2016-01-16 00:19 - 00733184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2016-01-27 13:37 - 2016-01-16 00:19 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-01-27 13:37 - 2016-01-16 00:19 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
2016-01-27 13:37 - 2016-01-16 00:19 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-01-27 13:37 - 2016-01-16 00:18 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-01-27 13:37 - 2016-01-16 00:17 - 05503488 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-01-27 13:37 - 2016-01-16 00:16 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-01-27 13:37 - 2016-01-16 00:16 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2016-01-27 13:37 - 2016-01-16 00:15 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-01-27 13:37 - 2016-01-16 00:14 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-01-27 13:37 - 2016-01-16 00:14 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-01-27 13:37 - 2016-01-16 00:11 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-20 12:49 - 2015-12-27 17:49 - 00000931 _____ C:\WINDOWS\Tasks\EPSON WF-7610 Series Update {0627C66D-770E-4EE1-A58F-6B1D7BB2CDDD}.job
2016-02-20 12:49 - 2015-12-27 17:49 - 00000745 _____ C:\WINDOWS\Tasks\EPSON WF-7610 Series Invitation {0627C66D-770E-4EE1-A58F-6B1D7BB2CDDD}.job
2016-02-20 12:49 - 2015-12-08 17:24 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton 360
2016-02-20 12:47 - 2015-10-30 02:21 - 00000000 ____D C:\WINDOWS\INF
2016-02-20 12:47 - 2015-08-01 15:15 - 00881036 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-02-20 12:42 - 2015-12-22 13:34 - 00000000 ____D C:\Users\Laura\AppData\Roaming\Amazon Cloud Drive
2016-02-20 12:41 - 2015-12-20 15:14 - 00000000 ____D C:\Users\Laura\AppData\Local\Deployment
2016-02-20 12:41 - 2015-07-29 13:41 - 00000000 __SHD C:\Users\Laura\IntelGraphicsProfiles
2016-02-20 12:40 - 2015-12-20 12:22 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-02-20 12:40 - 2015-12-20 12:01 - 00358584 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-02-20 12:39 - 2015-10-30 01:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-02-20 12:34 - 2015-08-23 07:58 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-02-20 12:32 - 2015-12-20 15:00 - 00000000 ___DC C:\WINDOWS\Panther
2016-02-20 12:32 - 2014-03-01 11:04 - 00000000 ____D C:\Users\Laura\AppData\Local\CrashDumps
2016-02-20 12:20 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\L2Schemas
2016-02-20 12:18 - 2013-10-28 15:55 - 00000000 ____D C:\Temp
2016-02-20 12:00 - 2015-12-27 18:00 - 00000931 _____ C:\WINDOWS\Tasks\EPSON WF-7610 Series Update {2EE65247-AFA3-4EDA-B4CC-DBA043DA030D}.job
2016-02-20 12:00 - 2015-12-27 18:00 - 00000745 _____ C:\WINDOWS\Tasks\EPSON WF-7610 Series Invitation {2EE65247-AFA3-4EDA-B4CC-DBA043DA030D}.job
2016-02-20 11:25 - 2014-02-27 19:02 - 00000000 ____D C:\Program Files (x86)\Google
2016-02-20 10:41 - 2015-10-30 01:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-02-20 10:24 - 2015-07-06 07:40 - 00000000 ____D C:\ProgramData\Norton
2016-02-20 07:46 - 2015-10-30 02:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-02-20 07:46 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-02-20 07:00 - 2014-03-24 12:01 - 00004148 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{00031551-E752-4175-8831-A36E8E7ACA78}
2016-02-19 19:40 - 2015-12-12 14:31 - 00000000 ____D C:\Users\Laura\Documents\Clipart
2016-02-19 19:38 - 2016-01-15 07:53 - 00000000 ____D C:\Users\Laura\Desktop\Taxes 2015
2016-02-17 11:07 - 2014-02-26 16:44 - 00000000 ____D C:\Users\Laura\AppData\Local\Packages
2016-02-13 14:36 - 2014-02-27 19:18 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-02-13 14:31 - 2014-02-27 19:18 - 146614896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-02-12 18:09 - 2015-12-22 13:34 - 00001324 _____ C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Drive.lnk
2016-02-12 18:09 - 2015-12-22 13:34 - 00001312 _____ C:\Users\Laura\Desktop\Amazon Cloud Drive.lnk
2016-02-11 18:20 - 2014-07-23 09:25 - 00000000 ____D C:\Users\Laura\AppData\Local\Amazon Music
2016-02-11 14:18 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\rescache
2016-02-11 13:05 - 2015-12-20 12:07 - 00000000 ____D C:\Users\Laura
2016-02-11 09:47 - 2015-10-30 02:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-02-11 08:45 - 2014-02-26 18:16 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-02-11 08:38 - 2015-10-30 04:07 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-03 14:01 - 2015-10-30 02:26 - 00828920 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-02-03 14:01 - 2015-10-30 02:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-02 17:24 - 2014-08-02 17:17 - 00001240 _____ C:\Users\Laura\Desktop\Amazon Music.lnk
2016-01-30 13:10 - 2014-12-17 20:10 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-01-30 13:10 - 2014-12-17 20:10 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-01-30 12:20 - 2015-10-30 02:24 - 00000000 ___SD C:\WINDOWS\system32\F12
2016-01-30 12:20 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-01-30 12:20 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-01-30 12:20 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-01-30 12:20 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-01-30 12:20 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-01-30 12:20 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-01-21 08:00 - 2015-10-30 02:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-01-21 07:59 - 2014-09-01 17:14 - 00000000 ____D C:\Program Files\Microsoft Office 15

==================== Files in the root of some directories =======

2016-01-06 17:54 - 2016-01-06 17:54 - 0002285 _____ () C:\Users\Laura\AppData\Local\recently-used.xbel
2014-12-25 11:53 - 2015-07-05 10:25 - 0007665 _____ () C:\Users\Laura\AppData\Local\Resmon.ResmonCfg
2014-04-02 14:52 - 2014-04-02 14:52 - 0000057 _____ () C:\ProgramData\Ament.ini
2016-02-16 11:24 - 2016-02-16 13:47 - 0000469 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2013-10-28 15:54 - 2013-10-28 15:54 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2013-10-28 15:50 - 2013-10-28 15:51 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2013-10-28 15:51 - 2013-10-28 15:52 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2013-10-28 15:50 - 2013-10-28 15:50 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2013-10-28 15:53 - 2013-10-28 15:54 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log

Some files in TEMP:
====================
C:\Users\Laura\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-02-19 12:53

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:20-02-2016
Ran by Laura (2016-02-20 12:57:19)
Running from C:\Users\Laura\Desktop
Windows 10 Home (X64) (2015-12-20 17:31:30)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1952728211-2621831436-1186278313-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1952728211-2621831436-1186278313-503 - Limited - Disabled)
Guest (S-1-5-21-1952728211-2621831436-1186278313-501 - Administrator - Disabled)
HomeGroupUser$ (S-1-5-21-1952728211-2621831436-1186278313-1005 - Limited - Enabled)
Laura (S-1-5-21-1952728211-2621831436-1186278313-1001 - Administrator - Enabled) => C:\Users\Laura

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security Suite (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security Suite (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security Suite (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Digital Editions 4.0 (HKLM-x32\...\Adobe Digital Editions 4.0) (Version: 4.0.2 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Amazon 1Button App (HKLM-x32\...\{4D875057-4353-4B8F-93E5-8C3DC7F34EA9}) (Version: 1.0.8 - Amazon)
Amazon Cloud Drive (HKU\S-1-5-21-1952728211-2621831436-1186278313-1001\...\23ab716f18849b6f) (Version: 2.4.2013.3290 - Amazon)
Amazon Cloud Drive (HKU\S-1-5-21-1952728211-2621831436-1186278313-1001\...\Amazon Cloud Drive) (Version: 3.2.1.29 - Amazon.com, Inc.)
Amazon Music (HKU\S-1-5-21-1952728211-2621831436-1186278313-1001\...\Amazon Amazon Music) (Version: 4.1.0.1229 - Amazon Services LLC)
Apple Application Support (32-bit) (HKLM-x32\...\{C5815ACF-FD34-4553-8A22-C7411B7E662B}) (Version: 4.1.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{CBF12D2F-CF64-4CB7-858B-2C1F21068E5F}) (Version: 4.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
BCL easyConverter SDK 3 (Word Version) 64 (HKLM\...\{350CC85B-CA59-4F85-909D-8E4CDBF532FA}) (Version: 3.0.64 - BCL Technologies)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.14 - Piriform)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.6.2.4 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.6.2.4 - Dell Inc.)
Dell Data Vault (Version: 4.2.2.0 - Dell Inc.) Hidden
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.0.3.60494 - Dell)
Dell Update (HKLM-x32\...\{D9E0A33F-19D6-45A7-83BB-535C7B5F699B}) (Version: 1.5.3000.0 - Dell Inc.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
DELLOSD (HKLM-x32\...\{B0F29C6D-C7A9-40AC-9658-921961818E2B}) (Version: 1.0.0.17 - DELL)
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.3.0 - SEIKO EPSON CORPORATION)
Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.80.0000 - Seiko Epson Corporation)
Epson Event Manager (HKLM-x32\...\{17FA0444-A025-43B9-862C-81AE6307C2F2}) (Version: 3.10.0050 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.62.00 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 2.30.00 - SEIKO EPSON Corp.)
EPSON Scan PDF Extensions (HKLM-x32\...\{F9956472-6E16-4F83-BF9A-F887EF4A45B7}) (Version: 1.03.0001 - SEIKO EPSON Corp.)
EPSON WF-7610 Series Printer Uninstall (HKLM\...\EPSON WF-7610 Series) (Version:  - SEIKO EPSON Corporation)
Epson WF-7610 User’s Guide version 1.0 (HKLM-x32\...\UsersGuideEpson WF-7610 User’s Guide_is1) (Version: 1.0 - )
EpsonNet Print (HKLM\...\{15A0F113-BF2C-4C12-8AA8-42AE0D9AE1C9}) (Version: 3.1.2.0 - SEIKO EPSON Corporation)
Family Tree Maker 2014 (HKLM-x32\...\Family Tree Maker 2014) (Version: 22.0.207 - Ancestry.com, Inc.)
Family Tree Maker 2014 (Version: 22.0.207 - Ancestry.com, Inc.) Hidden
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Glance 2.9 (HKLM-x32\...\Glance_is1) (Version:  - Glance Networks, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
H&R Block Deluxe + Efile + State 2014 (HKLM-x32\...\{BDA77C08-60A6-4AAB-B5A9-849ECF399A49}) (Version: 14.05.5801 - HRB Technology, LLC.)
Home Designer Suite 2016 (64 bit) (HKLM\...\{C4BAD792-39AE-4A6A-986C-7FB6D660BB95}) (Version: 17.3.1.0 - Chief Architect)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{2BF5E9CC-C55D-4B0F-ACAF-FFE77F333CD8}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Support Assistant (HKLM-x32\...\{61EB474B-67A6-47F4-B1B7-386851BAB3D0}) (Version: 8.1.40.3 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{F6A11738-3EE4-4573-AEA5-6CD5D491C167}) (Version: 12.0.30.219 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
iTunes (HKLM\...\{0D44E3A4-6C3D-45D7-B443-079509E5BE5D}) (Version: 12.3.2.35 - Apple Inc.)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4787.1002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 43.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.1 (x86 en-US)) (Version: 43.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.1.5828 - Mozilla)
MyFreeCodec (HKU\S-1-5-21-1952728211-2621831436-1186278313-1001\...\MyFreeCodec) (Version:  - )
Norton Security Suite (HKLM-x32\...\N360) (Version: 22.5.5.15 - Symantec Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4787.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4787.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4787.1002 - Microsoft Corporation) Hidden
Pdf995 (installed by H&R Block) (HKLM-x32\...\Pdf995) (Version:  - )
PdfEdit995 (installed by H&R Block) (HKLM-x32\...\PdfEdit995) (Version:  - )
Pin It (HKLM-x32\...\Pin It_is1) (Version: 0.0.4 - Pinterest)
PocketCloud (HKLM-x32\...\{AAF1E996-6AE6-4684-88A8-41F4E98E2899}) (Version: 2.6.21 - Wyse Technology)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.206 - Qualcomm Atheros Communications)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7544 - Realtek Semiconductor Corp.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14055.3 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14055.3 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.43.0 - SAMSUNG Electronics Co., Ltd.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)
Snagit 12 (HKLM-x32\...\{588591F5-74D7-4646-87C5-6A07E526F303}) (Version: 12.3.2 - TechSmith Corporation)
Software Updater (HKLM-x32\...\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}) (Version: 4.3.7 - SEIKO EPSON CORPORATION)
SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 3.0 - Krzysztof Kowalczyk)
TurboTax 2015 (HKLM-x32\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1952728211-2621831436-1186278313-1001_Classes\CLSID\{503E492B-C90C-4E23-842B-EB05CDA61DC9}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1952728211-2621831436-1186278313-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Laura\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1952728211-2621831436-1186278313-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {003E4E26-3803-42F9-B81F-7E005481E203} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-12-03] (CyberLink Corp.)
Task: {032D23B0-8E9C-4938-9C34-02318E30F0E8} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {09C128BB-7375-44D5-8368-F9F5199C5514} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-30] (Microsoft Corporation)
Task: {0DA2A568-734B-48D3-B697-32E4771A48E3} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {19230450-7D50-4B19-AA1B-D251454580A4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-01-12] (Hewlett-Packard Company)
Task: {20C0F572-0178-435E-99DB-F0AE1B25B1A0} - System32\Tasks\pcreg => C:\Program Files\pcmax\service.exe <==== ATTENTION
Task: {214DAE1B-FF9C-4E32-B51B-4AF09D70749C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {3065CB6B-0AF3-43C3-BD96-4B5A8A2F7FB3} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {374695C9-73C1-43AF-A714-2C207D7597EC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-01-06] (Hewlett-Packard)
Task: {3B607ED3-59C0-4E66-9051-86F5F315770F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {3BE13084-A80A-4A1F-BECB-9CFCDDF645FE} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\SymErr.exe [2015-11-05] (Symantec Corporation)
Task: {44F42C3F-37FA-4B2C-A73D-9D955CB9F4BD} - System32\Tasks\PinItAutoUpdate => C:\Program Files (x86)\Pinterest\Pin It\AutoUpdater.exe [2013-10-17] ()
Task: {459E8EC4-24DB-4334-B58C-62EE8A2F5784} - System32\Tasks\PocketCloud => C:\Program
Task: {45C412E3-5BB2-45E7-B2A3-E200EC663C18} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {53230E82-AB49-4DCF-B726-AEED7D4B8742} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {538735E5-AB00-4457-9B1C-0EE0D14F829A} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-05-25] (PC-Doctor, Inc.)
Task: {6372D0A7-8D73-4222-BC43-DD9ABC07EA2B} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-05-25] (PC-Doctor, Inc.)
Task: {64C3AB82-EBF8-490F-81D6-5852BFE9691D} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {65AE2CC2-43B0-45A9-B3D6-15E7FDAC56A5} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-10] (Adobe Systems Incorporated)
Task: {6BFF73A7-6CFB-4A5B-AA11-85BE92F48533} - System32\Tasks\Norton 360\Norton Autofix => C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\SymErr.exe [2015-11-05] (Symantec Corporation)
Task: {6C83B791-881B-41C2-863C-D80324EC1A0F} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-1952728211-2621831436-1186278313-1001
Task: {6F8B4D4F-46EC-4984-9277-1CD3F8C2EB17} - System32\Tasks\EPSON WF-7610 Series Invitation {2EE65247-AFA3-4EDA-B4CC-DBA043DA030D} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKBE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {705BB41F-30D5-4785-8847-370AFC56CBA4} - System32\Tasks\EPSON WF-7610 Series Invitation {0627C66D-770E-4EE1-A58F-6B1D7BB2CDDD} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKBE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {70C03D67-E04B-44C4-A051-F66AFCB07833} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-12-03] (CyberLink)
Task: {718FB240-F49B-47E7-BCF2-5698B8DF901E} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\WSCStub.exe [2015-11-20] (Symantec Corporation)
Task: {71C31E04-CB2B-43BC-BE94-2809A7C08DD3} - System32\Tasks\PocketCloudUpdater => C:\Program
Task: {722696C1-B570-452A-8157-6F4FF89750A9} - System32\Tasks\EPSON WF-7610 Series Update {2EE65247-AFA3-4EDA-B4CC-DBA043DA030D} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKBE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {7759E7DA-9ADA-44CE-AFCE-619C4B6CB5F7} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {79EA5F45-8D20-4851-9EC3-24FCC3A1CEAD} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {7A9D5136-0250-4EDC-8F16-8A1C3781D8F1} - System32\Tasks\Norton Security Suite\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\SymErr.exe
Task: {830E5ACB-B657-4CAD-A8C1-6D124A54F0EE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {8554AAF3-57B1-42B0-88C5-89E36D7083A9} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {93DFB1C0-E8C4-43B1-8D50-0C294668E722} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {BA0B7D4A-F4A2-48E4-90FB-7CE5D3BBB6CE} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-12-22] (Microsoft Corporation)
Task: {BE87BFF1-B9F0-46A2-B0BC-789597FE9008} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {C089B742-DD73-4EFE-BE73-632570E4B5B6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-01-20] (Hewlett-Packard)
Task: {E715D64E-3976-46A1-AF13-76B84369EA46} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-04-10] (Dell Inc.)
Task: {EE8B7D3F-78DC-4847-AF4F-FBF89BC9EB81} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-30] (Microsoft Corporation)
Task: {EED2C801-85D4-4E1C-8A9A-BEC3195958C1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-01-15] (Piriform Ltd)
Task: {F1F784BC-FE64-41D8-87D0-E83D7FA045B8} - System32\Tasks\Norton Security Suite\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\SymErr.exe
Task: {F458C05B-0F61-4894-B721-ACF63EE22AF4} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {F5C6A5D6-CA98-4039-81C8-0FFAB7D7E81F} - System32\Tasks\EPSON WF-7610 Series Update {0627C66D-770E-4EE1-A58F-6B1D7BB2CDDD} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKBE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {F6B74F19-16ED-4549-88E7-D252DBE468E8} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\SymErr.exe [2015-11-05] (Symantec Corporation)
Task: {F8E1FACA-C269-4C0A-8F8E-1F7F1E1B25D8} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-02-13] (Microsoft Corporation)
Task: {F8E28283-541D-4540-B8CD-360CE7152F36} - System32\Tasks\PocketCloudVirtualChannel => C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WPCRDPVirtualChannelServer.exe
Task: {F8E2DF9E-865F-4EF4-AFF3-21479004EB6A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-12-22] (Microsoft Corporation)
Task: {FF3C3863-14A5-4B94-809F-E2B5517740B8} - System32\Tasks\TechSmith Updater => C:\Program Files (x86)\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe [2014-07-31] (TechSmith Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\EPSON WF-7610 Series Invitation {0627C66D-770E-4EE1-A58F-6B1D7BB2CDDD}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKBE.EXE
Task: C:\WINDOWS\Tasks\EPSON WF-7610 Series Invitation {2EE65247-AFA3-4EDA-B4CC-DBA043DA030D}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKBE.EXE
Task: C:\WINDOWS\Tasks\EPSON WF-7610 Series Update {0627C66D-770E-4EE1-A58F-6B1D7BB2CDDD}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKBE.EXE:/EXE:{0627C66D-770E-4EE1-A58F-6B1D7BB2CDDD} /F:UpdateWORKGROUP\LAURA$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON WF-7610 Series Update {2EE65247-AFA3-4EDA-B4CC-DBA043DA030D}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKBE.EXE:/EXE:{2EE65247-AFA3-4EDA-B4CC-DBA043DA030D} /F:UpdateWORKGROUP\LAURA$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\HPCeeScheduleForLaura.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 02:18 - 2015-10-30 02:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-11-01 08:55 - 2012-04-26 15:51 - 00040448 _____ () C:\WINDOWS\System32\pdf995mon64.dll
2013-10-28 15:45 - 2012-08-01 14:03 - 00073728 _____ () C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe
2015-11-20 14:57 - 2015-11-20 14:57 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-11-20 14:57 - 2015-11-20 14:57 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-06-21 21:46 - 2013-06-21 21:46 - 00016176 _____ () C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
2013-10-28 15:52 - 2012-04-24 21:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2014-09-02 09:00 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-12-21 07:40 - 2015-11-22 05:47 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-21 07:40 - 2015-11-22 05:47 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-10-30 03:40 - 2015-09-01 11:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-12-21 07:38 - 2015-12-06 23:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-12-21 07:38 - 2015-12-06 23:00 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-01-13 11:28 - 2016-01-04 20:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-13 11:28 - 2016-01-04 20:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-27 13:37 - 2016-01-16 00:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-27 13:37 - 2016-01-16 00:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-12-30 13:22 - 2015-12-30 13:22 - 01984000 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.UI\56e105a23acfbb917442d06f65d16852\Windows.UI.ni.dll
2016-01-21 16:56 - 2016-01-21 16:56 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-11-18 19:57 - 2015-11-18 19:57 - 00676672 _____ () C:\Users\Laura\AppData\Local\Amazon Cloud Drive\sqlite3.dll
2014-08-15 17:02 - 2014-08-15 17:02 - 02099200 _____ () C:\Program Files (x86)\TechSmith\Snagit 12\opencv_core249.dll
2014-08-15 17:02 - 2014-08-15 17:02 - 00050688 _____ () C:\Program Files (x86)\TechSmith\Snagit 12\ScrollingCapture.dll
2014-08-15 17:02 - 2014-08-15 17:02 - 01914368 _____ () C:\Program Files (x86)\TechSmith\Snagit 12\opencv_imgproc249.dll
2013-10-28 15:51 - 2012-06-07 22:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 13:34 - 2012-06-08 13:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2013-10-28 15:44 - 2012-07-19 05:55 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2016-01-21 16:56 - 2016-01-21 16:56 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-01-21 16:56 - 2016-01-21 16:56 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2014-03-01 11:20 - 2016-02-20 12:55 - 00046080 _____ () C:\Users\Laura\AppData\Local\Apps\2.0\OVG7B4O8.MJR\0OE0RBP6.GM5\amaz..tion_f2fa081ea2183235_0002.0004_9f25fd1982bf3008\NativeOperations.dll
2016-02-20 10:31 - 2016-02-20 10:31 - 00541696 _____ () C:\Users\Laura\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1952728211-2621831436-1186278313-1001\...\dell.com -> dell.com
IE restricted site: HKU\S-1-5-21-1952728211-2621831436-1186278313-1001\...\trovi.com -> hxxp://www.trovi.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2014-06-15 11:30 - 00000098 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost
::1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1952728211-2621831436-1186278313-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Laura\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\20140629_140550.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 0) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "RtHDVBg"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "KiesTrayAgent"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "FUFAXRCV"
HKU\S-1-5-21-1952728211-2621831436-1186278313-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-1952728211-2621831436-1186278313-1001\...\StartupApproved\Run: => "Amazon Music"
HKU\S-1-5-21-1952728211-2621831436-1186278313-1001\...\StartupApproved\Run: => ""
HKU\S-1-5-21-1952728211-2621831436-1186278313-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1952728211-2621831436-1186278313-1001\...\StartupApproved\Run: => "CCleaner Monitoring"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{4858C7FA-7ED8-4B64-9C43-52C0350F477A}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{8709494D-EFB8-43CC-A0FC-D36BFC9B1F99}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{624C2A04-5A0D-44B3-A9A8-B75A98DD2692}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BFF42FBD-E776-4E44-8751-3904C72F7EDC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5A97F08A-56D5-4E8B-9742-2EADDCBEFCD2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9B6AA221-8EA9-44FB-8FDF-54B9F149A4CB}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{B381498A-9B7F-4A01-85C3-62CAD5D4E48B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{3F0C9B4A-1FF4-4440-ADFE-E97F336D5D75}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{5F32DA9A-6D08-45E2-840F-763C6B618D9B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{751049A2-21A1-4DAE-A07A-BED131BE1CD6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{422C7393-5045-416E-B65E-22B9DB1741D2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2339B469-AA34-449E-9235-37606E9855A6}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{D1D5BD9C-34E6-493E-80AB-4E2C39D7586C}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
FirewallRules: [{FAD71DF7-BAF2-4D1E-A17A-084F1CE3F7CB}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe
FirewallRules: [{CF7E6E7E-BA0F-4E8A-B2EA-3219554B47E4}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe
FirewallRules: [{15E15C99-61ED-4C24-AB34-3E460565C5FA}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe
FirewallRules: [{5B872DD3-2B75-4F2A-BCF3-0323F3A8B40B}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe
FirewallRules: [{475C187E-C6DB-4AF3-8389-232EAE0A2DFF}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
FirewallRules: [{A5FFB75D-CA69-41F5-AF49-F58EE5AA3652}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe
FirewallRules: [{D63FD45D-5189-4774-AEA3-131387C8BD4F}] => (Allow) LPort=1900
FirewallRules: [{9B593DD6-C0F7-4B7F-9158-7EEB5202BF21}] => (Allow) LPort=2869
FirewallRules: [{6C313A99-B684-4716-88FA-614A92466CA2}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{06566996-4B88-431E-AB7E-AD4DEDC0AC79}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{4B235689-CA6A-410E-9E37-EFBBD3B9036C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{290742BD-5B05-4BC5-9B58-EABB4A5CDEE3}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{85277A74-E7B4-415E-A271-C69D51A7BFDA}] => (Allow) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Win7Ui.exe
FirewallRules: [{EC3CA05A-44A1-491E-A273-FCF82C7F613F}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{D1B5B680-9969-42F3-B36F-00309CC91E97}] => (Allow) LPort=8298
FirewallRules: [{93067D65-FE88-4A8D-B1AB-E981DE0717A0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{00B5F256-A0DA-41DE-81E8-78D779661324}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6422C53C-E46C-4749-A611-9AF8E2414CD8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{22EA2006-4F64-40AD-8969-75E25B2155A1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9E7A2FF3-9410-4D66-B519-07DC264754BC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BA79A759-442E-4687-AC73-C7F71FD4EBC7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{0D2F8FAA-A4AC-4733-9B0B-E74D5B40886C}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{68CD750F-68D8-4922-B0DF-17B4DB4C932B}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{98C2A2F3-30AE-4406-AC40-FD4E95038868}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{EECBAC4A-0FAC-4140-A02F-FC5EAEBFDCCA}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{C6A51412-F26C-47AE-B269-AA994FFD266C}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{345DD255-416C-4C3E-A757-42D2678F0B86}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{850F1404-C9A2-411A-9B97-0ACFCEBCE688}] => (Allow) D:\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{0DDA0C72-D667-4B77-B199-0AC68AA283D4}] => (Allow) D:\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{79B1AAA7-A6AC-440C-98D3-FB334B902F67}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{BC643494-F9E7-4FDD-8BBF-887F9024C7F9}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{B156266C-5928-4CB8-AA95-8A2706A48997}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{D4C72C89-C7B6-495C-8B02-89D6EFD24EB9}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{848E2342-E957-4CB3-933A-C4E590C55183}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{4933EA6F-E7AF-40C5-9D68-5DAF04A70A83}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{EBE90526-E71B-4408-A848-CB992D8184F9}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{D4F692DE-28D0-453C-9B8B-A43DAB31AE6E}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{F5D7490F-55CA-4C1C-9AA3-006D8EC5320B}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{C5667A7D-2F44-45B3-8A8E-8C3946E99BD6}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

==================== Restore Points =========================

10-02-2016 11:04:37 Windows Update
13-02-2016 12:40:07 Windows Update
16-02-2016 11:23:46 Installed TurboTax 2015 wrapper
20-02-2016 11:25:53 Removed Java 8 Update 71

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/20/2016 12:44:01 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (02/20/2016 12:20:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Laura.local already in use; will try Laura-2.local instead

Error: (02/20/2016 12:20:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister    4 Laura.local. Addr 10.0.0.163

Error: (02/20/2016 12:20:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 10.0.0.163:5353   16 Laura.local. AAAA 2601:05C7:0000:0E51:0000:0000:0000:776F

Error: (02/20/2016 11:25:59 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (02/20/2016 10:37:38 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (02/16/2016 11:23:51 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (02/15/2016 07:08:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Microsoft.Photos.exe, version: 16.201.11370.0, time stamp: 0x56afb8be
Faulting module name: twinapi.appcore.dll, version: 10.0.10586.0, time stamp: 0x5632d2f5
Exception code: 0xc000027b
Fault offset: 0x000000000004b199
Faulting process id: 0xbbc
Faulting application start time: 0xMicrosoft.Photos.exe0
Faulting application path: Microsoft.Photos.exe1
Faulting module path: Microsoft.Photos.exe2
Report Id: Microsoft.Photos.exe3
Faulting package full name: Microsoft.Photos.exe4
Faulting package-relative application ID: Microsoft.Photos.exe5

Error: (02/13/2016 12:40:16 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (02/11/2016 01:06:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Laura.local already in use; will try Laura-2.local instead


System errors:
=============
Error: (02/20/2016 12:43:04 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (02/20/2016 12:39:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_4918d service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (02/20/2016 12:39:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_4918d service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (02/20/2016 12:39:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_4918d service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (02/20/2016 12:39:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_4918d service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (02/20/2016 12:39:33 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (02/20/2016 12:19:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_4c967 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (02/20/2016 12:19:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_4c967 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (02/20/2016 12:19:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_4c967 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (02/20/2016 12:19:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_4c967 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.


CodeIntegrity:
===================================
  Date: 2016-02-12 03:13:53.404
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-11 08:44:59.054
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-11 03:16:01.149
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-30 13:16:51.598
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-06 04:46:41.476
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-12-29 18:10:49.637
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-12-29 16:00:20.574
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-12-27 17:20:46.325
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-12-27 16:31:56.241
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-12-22 04:22:54.373
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Pentium® CPU G2030 @ 3.00GHz
Percentage of memory in use: 57%
Total physical RAM: 3969.11 MB
Available physical RAM: 1668.41 MB
Total Virtual: 5953.11 MB
Available Virtual: 3348.68 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:917.74 GB) (Free:814.27 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 94C29F78)

Partition: GPT.

==================== End of Addition.txt ============================

 


  • 0

Advertisements


#2
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hello Laura B and :welcome:

My name is Bruce1270 and I will be helping you with your malware problem.

Please Note: I am still in training and my fixes have to be approved by my instructor so there may be a slight delay in my replies. Look upon it as a good thing though in that you have two people looking at your problem.

A few things before we get started.
  • Please read all instructions carefully. If there is anything you do not understand please ask me first before doing anything.
  • Please be patient. I am a volunteer who does this in my spare time so I will try to get back to you as soon as possible.
  • Please follow all instructions in the order given.
  • Please do not install any other software unless advised. This may hinder the removal process.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • Please make sure you reply within 4 days to my responses, if there is no reply within 4 days, the topic will be closed and you will need to request the topic be reopened.


    Important!

    Please save or print off these instructions. Part of this fix may require you to be in safe mode where you will not be able to access the internet or my instructions!

    I would strongly recommend you back up your personal data and folders before we begin.

    Malware removal can be very long, complicated and may take multiple steps. I understand this may be frustrating but please stay with this topic until your machine is declared clean. The results will hopefully be very rewarding. :happy:
    As we go along please tell me how the computer is running now. Please be as descriptive as possible e.g. I'm still getting web redirects, I am unable to access the internet etc.

    OK. I need a bit of time to analyse your logs and will post back further instructions. :)

  • 0

#3
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hi Laura B

Lets see if we can get things going again. :)

Step1 - FRST fix


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: igfxdev.dll [X]
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-1952728211-2621831436-1186278313-1001 -> DefaultScope {4DB7723C-24AB-407C-B385-3B140DA45EF2} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US679D20140720&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1952728211-2621831436-1186278313-1001 -> {4DB7723C-24AB-407C-B385-3B140DA45EF2} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US679D20140720&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1952728211-2621831436-1186278313-1001 -> {52A25C35-7EB3-4875-ABD8-29A6BA0E1EAF} URL =
SearchScopes: HKU\S-1-5-21-1952728211-2621831436-1186278313-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NSBU&chn=retail&geo=US&ver=22&locale=en_US&gct=kwd&qsrc=2869
BHO-x32: No Name -> {D40C654D-7C51-4EB3-95B2-1E23905C2A2D} -> No File
FF SearchEngineOrder.1: Secure Search
FF SelectedSearchEngine: Secure Search
FF Keyword.URL: hxxps://search.yahoo.com/search?fr=mcafee&type=C111US679D20140720&p=
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2015-06-20]
CHR DefaultSearchURL: Default -> hxxp://nortonsafe.search.ask.com/web?q={searchTerms}&o=apn10506&prt=cr
CHR DefaultSearchKeyword: Default -> NortonSafe
CHR DefaultSuggestURL: Default -> hxxp://ss-sym.ask.com/query?q={searchTerms}&sstype=prefix&li=ff
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80160 2015-02-13] (McAfee, Inc.)
S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]
CustomCLSID: HKU\S-1-5-21-1952728211-2621831436-1186278313-1001_Classes\CLSID\{503E492B-C90C-4E23-842B-EB05CDA61DC9}\InprocServer32 -> no filepath
Task: {0DA2A568-734B-48D3-B697-32E4771A48E3} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {20C0F572-0178-435E-99DB-F0AE1B25B1A0} - System32\Tasks\pcreg => C:\Program Files\pcmax\service.exe <==== ATTENTION
Task: {3065CB6B-0AF3-43C3-BD96-4B5A8A2F7FB3} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {3B607ED3-59C0-4E66-9051-86F5F315770F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {7759E7DA-9ADA-44CE-AFCE-619C4B6CB5F7} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {79EA5F45-8D20-4851-9EC3-24FCC3A1CEAD} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {93DFB1C0-E8C4-43B1-8D50-0C294668E722} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {BE87BFF1-B9F0-46A2-B0BC-789597FE9008} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {F458C05B-0F61-4894-B721-ACF63EE22AF4} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
C:\Program Files\pcmax
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state off
Hosts:
EmptyTemp:

  • Save this as fixlist.txt, in the same location as FRST.exe on your desktop.
    FRSTfix.JPG
  • Run FRST by right clicking on it and selecting Run as Administrator and press Fix
  • On completion a log (fixlog.txt) will be generated.
  • Please select all text in this fix, copy (CTRL + C) and then Paste (CTRL + V) in your next reply.


    Step2 - Junkware Removal Tool

    Download Junkware Removal Tool by Malwarebytes and save it to your desktop.

    Important: Please disable your anti virus prior to running this program.. Advice on how to do this for your anti virus can be found here

    1.Ensure all programs and windows are closed before proceeding.
    2.Simply double-click the program icon to run it. It will ask for administrator privileges.
    3.A black window will appear. Press any key to continue.
    4.Wait for it to finish. It won't take long.
    5.A log will automatically pop-up once done. Alternatively, you can find JRT.txt at your desktop.
    6.Copy (CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
    7. Reboot your machine and enable your anti virus again.


    Step3 - AdwCleaner


    Download AdwCleaner from here to the Desktop
  • Close all open windows and browsers
  • Double click the Adwcleaner icon to execute the program
  • When the Tool opens for the first time accept the Terms of use
    adwcleaner_zpslhu4ltda.jpg
  • Click the Scan button and wait for the program to finish.
  • Click on options - untick Reset proxy settings and Reset winsock settings.
  • When finished, please click Cleaning button.
  • Upon completion, click Logfile. A log (AdwCleaner[C*].txt) will open.
  • Please copy and paste this in your next reply.


    Step4 - Please post the Malwarebytes log form your last scan.
  • Double click on Malwarebytes to open the application.
  • Click on History
  • Click on application logs.
  • under the heading type, locate the latest log called Scan Log and double click to select it.
  • In the next window that opens click Export then select Text file (.txt). Save this to your desktop. You can call the file MBAM.
  • Copy and paste the entire contents of the report into your next reply.


    Things for your next post:
  • fixlog.txt
  • JRT.txt
  • adwCleaner[C*].txt
  • MBAM log
  • How is the computer running now?

  • 0

#4
Laura B

Laura B

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

Ok, I followed all the instructions. All the logs requested are pasted below.  One thing I want to note - my son noticed that many of the programs on my computer are 32 bit versions, but my computer is 64 bit. Not sure if this makes any difference.

 

Thanks for all your help.

 

# AdwCleaner v5.035 - Logfile created 21/02/2016 at 09:45:40
# Updated 18/02/2016 by Xplode
# Database : 2016-02-20.3 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : Laura - LAURA
# Running from : C:\Users\Laura\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec

***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}
[-] Key Deleted : HKCU\Software\Myfree Codec
[-] Key Deleted : HKLM\SOFTWARE\Myfree Codec
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}

***** [ Web browsers ] *****

[-] [C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com

*************************

:: "Tracing" keys removed

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1660 bytes] ##########
 

Fix result of Farbar Recovery Scan Tool (x64) Version:20-02-2016
Ran by Laura (2016-02-21 09:11:38) Run:1
Running from C:\Users\Laura\Desktop
Loaded Profiles: Laura (Available Profiles: Laura)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: igfxdev.dll [X]
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-1952728211-2621831436-1186278313-1001 -> DefaultScope {4DB7723C-24AB-407C-B385-3B140DA45EF2} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US679D20140720&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1952728211-2621831436-1186278313-1001 -> {4DB7723C-24AB-407C-B385-3B140DA45EF2} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US679D20140720&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1952728211-2621831436-1186278313-1001 -> {52A25C35-7EB3-4875-ABD8-29A6BA0E1EAF} URL =
SearchScopes: HKU\S-1-5-21-1952728211-2621831436-1186278313-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NSBU&chn=retail&geo=US&ver=22&locale=en_US&gct=kwd&qsrc=2869
BHO-x32: No Name -> {D40C654D-7C51-4EB3-95B2-1E23905C2A2D} -> No File
FF SearchEngineOrder.1: Secure Search
FF SelectedSearchEngine: Secure Search
FF Keyword.URL: hxxps://search.yahoo.com/search?fr=mcafee&type=C111US679D20140720&p=
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2015-06-20]
CHR DefaultSearchURL: Default -> hxxp://nortonsafe.search.ask.com/web?q={searchTerms}&o=apn10506&prt=cr
CHR DefaultSearchKeyword: Default -> NortonSafe
CHR DefaultSuggestURL: Default -> hxxp://ss-sym.ask.com/query?q={searchTerms}&sstype=prefix&li=ff
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80160 2015-02-13] (McAfee, Inc.)
S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]
CustomCLSID: HKU\S-1-5-21-1952728211-2621831436-1186278313-1001_Classes\CLSID\{503E492B-C90C-4E23-842B-EB05CDA61DC9}\InprocServer32 -> no filepath
Task: {0DA2A568-734B-48D3-B697-32E4771A48E3} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {20C0F572-0178-435E-99DB-F0AE1B25B1A0} - System32\Tasks\pcreg => C:\Program Files\pcmax\service.exe <==== ATTENTION
Task: {3065CB6B-0AF3-43C3-BD96-4B5A8A2F7FB3} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {3B607ED3-59C0-4E66-9051-86F5F315770F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {7759E7DA-9ADA-44CE-AFCE-619C4B6CB5F7} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {79EA5F45-8D20-4851-9EC3-24FCC3A1CEAD} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {93DFB1C0-E8C4-43B1-8D50-0C294668E722} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {BE87BFF1-B9F0-46A2-B0BC-789597FE9008} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {F458C05B-0F61-4894-B721-ACF63EE22AF4} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
C:\Program Files\pcmax
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state off
Hosts:
EmptyTemp:
*****************

Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui" => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-1952728211-2621831436-1186278313-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-1952728211-2621831436-1186278313-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4DB7723C-24AB-407C-B385-3B140DA45EF2}" => key removed successfully
HKCR\CLSID\{4DB7723C-24AB-407C-B385-3B140DA45EF2} => key not found.
"HKU\S-1-5-21-1952728211-2621831436-1186278313-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{52A25C35-7EB3-4875-ABD8-29A6BA0E1EAF}" => key removed successfully
HKCR\CLSID\{52A25C35-7EB3-4875-ABD8-29A6BA0E1EAF} => key not found.
"HKU\S-1-5-21-1952728211-2621831436-1186278313-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}" => key removed successfully
HKCR\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}" => key removed successfully
HKCR\Wow6432Node\CLSID\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D} => key not found.
Firefox SearchEngineOrder.1 removed successfully
Firefox SelectedSearchEngine removed successfully
Firefox "Keyword.URL" removed successfully
C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml => moved successfully
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSearchKeyword => removed successfully
Chrome DefaultSuggestURL => removed successfully
mfeelamk => service removed successfully
PCDSRVC{3B54B31B-D06B6431-06020200}_0 => service removed successfully
"HKU\S-1-5-21-1952728211-2621831436-1186278313-1001_Classes\CLSID\{503E492B-C90C-4E23-842B-EB05CDA61DC9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0DA2A568-734B-48D3-B697-32E4771A48E3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0DA2A568-734B-48D3-B697-32E4771A48E3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{20C0F572-0178-435E-99DB-F0AE1B25B1A0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{20C0F572-0178-435E-99DB-F0AE1B25B1A0}" => key removed successfully
C:\WINDOWS\System32\Tasks\pcreg => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\pcreg" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3065CB6B-0AF3-43C3-BD96-4B5A8A2F7FB3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3065CB6B-0AF3-43C3-BD96-4B5A8A2F7FB3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3B607ED3-59C0-4E66-9051-86F5F315770F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3B607ED3-59C0-4E66-9051-86F5F315770F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7759E7DA-9ADA-44CE-AFCE-619C4B6CB5F7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7759E7DA-9ADA-44CE-AFCE-619C4B6CB5F7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{79EA5F45-8D20-4851-9EC3-24FCC3A1CEAD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{79EA5F45-8D20-4851-9EC3-24FCC3A1CEAD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{93DFB1C0-E8C4-43B1-8D50-0C294668E722}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{93DFB1C0-E8C4-43B1-8D50-0C294668E722}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BE87BFF1-B9F0-46A2-B0BC-789597FE9008}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE87BFF1-B9F0-46A2-B0BC-789597FE9008}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F458C05B-0F61-4894-B721-ACF63EE22AF4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F458C05B-0F61-4894-B721-ACF63EE22AF4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"C:\Program Files\pcmax" => not found.

=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.8.10586 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========


=========  netsh advfirewall reset =========

Ok.


========= End of CMD: =========


=========  netsh advfirewall set allprofiles state off =========

Ok.


========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 272.7 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 09:12:17 ====

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.3 (02.09.2016)
Operating System: Windows 10 Home x64
Ran by Laura (Administrator) on Sun 02/21/2016 at  9:24:40.35
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 5

Successfully deleted: C:\Users\Laura\AppData\Local\packageaware (Folder)
Successfully deleted: C:\WINDOWS\system32\Tasks\PCDEventLauncherTask (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\PCDoctorBackgroundMonitorTask (Task)
Successfully deleted: C:\WINDOWS\wininit.ini (File)
Successfully deleted: C:\Program Files (x86)\myfree codec (Folder)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 02/21/2016 at  9:27:13.87
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

# AdwCleaner v5.035 - Logfile created 21/02/2016 at 09:45:40
# Updated 18/02/2016 by Xplode
# Database : 2016-02-20.3 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : Laura - LAURA
# Running from : C:\Users\Laura\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec

***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}
[-] Key Deleted : HKCU\Software\Myfree Codec
[-] Key Deleted : HKLM\SOFTWARE\Myfree Codec
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}

***** [ Web browsers ] *****

[-] [C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com

*************************

:: "Tracing" keys removed

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1660 bytes] ##########
 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2/20/2016
Scan Time: 11:39 AM
Logfile: MBAM.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.02.20.02
Rootkit Database: v2016.02.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Laura

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 386328
Time Elapsed: 16 min, 35 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 1
PUM.Optional.LowRiskFileTypes, HKU\S-1-5-21-1952728211-2621831436-1186278313-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\ASSOCIATIONS|LowRiskFileTypes, .zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;.log;, Quarantined, [955de57d93061224182ba0a515ef2ad6]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.Conduit, C:\Temp\embededstub_new2.exe, Quarantined, [aa48481a960315212cea16168779a35d],

Physical Sectors: 0
(No malicious items detected)


(end)


  • 0

#5
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hi Laura B
 

many of the programs on my computer are 32 bit versions, but my computer is 64 bit.


That's perfectly normal. 32 bit programs will run quite happily on a 64 bit version system. :)

I would like you to run Malwarebytes again, this time with the Search for Rootkits option enabled.


Step1 - Malwarebytes


Launch Malwarebytes Anti-Malware
[The MBAM dashboard may appear with an alert to update - click the button Fix Now;

Navigate to the Settings tab > Detection and Protection and ensure ALL the boxes under Detection Options are checked.

MBAM_settings_zps3dey1yqg.jpg

Return to the Dashboard click on Scan Now;

MBAM_scan_zpsoqfjupkt.jpg

If threats are detected, make sure everything is set to Quarantine and click on Apply actions. If the program asks to reboot your PC, let it do so;
On completion of the scan click on History > Application Log. After that click on the top Scan Log > Export, select Text File and save the log to your Desktop;
Copy and Paste the contents of the log in your next reply.


Step2 - ESET scan


Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

Note: You can use either Internet Explorer or Mozilla FireFox for this Scan.
  • Please go here then click on esetbar_zps93905f48.jpg.
  • You will however need to disable your current installed Anti-Virus, how to do so can be read here.
If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

All of the following instructions work with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on Start.
  • When prompted allow Add-On/Active X to install.
  • Make sure Enable detection of potentially unwanted applications is selected.
  • Click the Advanced Settings link.
  • Make sure Remove found threats is NOT checked.
  • Make sure Scan archives IS checked.
  • Make sure Scan for potentially unsafe applications IS checked.
  • Make sure Enable Anti-Stealth technology IS checked
    2.JPG
  • Now click on Start.
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt.
  • Copy and paste that log as a reply to this topic.
  • When completed select Uninstall application on close.
  • Now click on Finish.

    Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


    Things for your next post:
  • MBAM log
  • ESET log
  • How is your computer running now?

  • 0

#6
Laura B

Laura B

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

Okay, so I followed all your instructions and the logs are pasted below. However, I do want to let you know a few things I did since my last posting. Computer was still sporadically slow and Norton kept getting hung up. So, I uninstalled Norton and reinstalled it. I also reinstalled Google Chrome. While I was uninstalling, I cleaned out a few other items that I don't use anymore or think I may need an updated version anyway, like Snagit and Amazon Cloud.  However, I could not get Amazon Cloud to uninstall. I could force it to stop and it appeared to uninstall but then it would just come back when I rebooted my computer. I tried to use CCleaner and Norton to uninstall it and to stop it from Startup, but would still come back. Found the Revo Uninstaller on the site and used that, which seems to have worked, but I suspect there are still a few lingering files since I got a message at my last reboot that said something was not able to start. That error did have a detail log (titled Platform Version Info) which I pasted at the end of this post. Looks like Amazon Cloud!  Anyway, computer is much faster now.

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 2/22/2016
Scan Time: 1:43 PM
Logfile: MBAM 2.txt
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2016.02.22.05
Rootkit Database: v2016.02.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: Laura
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 378693
Time Elapsed: 16 min, 36 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
[email protected] as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=c9dc2040cd7c7241a4eabbc0ac5c11ed
# end=init
# utc_time=2016-02-22 07:13:05
# local_time=2016-02-22 02:13:05 (-0500, Eastern Standard Time)
# country="United States"
# osver=6.2.9200 NT 
Update Init
Update Download
Update Finalize
Updated modules version: 28251
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=c9dc2040cd7c7241a4eabbc0ac5c11ed
# end=updated
# utc_time=2016-02-22 07:15:55
# local_time=2016-02-22 02:15:55 (-0500, Eastern Standard Time)
# country="United States"
# osver=6.2.9200 NT 
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=c9dc2040cd7c7241a4eabbc0ac5c11ed
# engine=28251
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2016-02-22 08:28:55
# local_time=2016-02-22 03:28:55 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.2.9200 NT 
# compatibility_mode_1=''
# compatibility_mode=3589 16777213 100 57 0 218679520 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 0 9061878 0 0
# scanned=262623
# found=21
# cleaned=0
# scan_time=4379
sh=81FBC911F6F39943B5A508257ED317C6A388CA54 ft=1 fh=f881a71255879118 vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe.vir"
sh=6F4FD559E82ECD0E9BF238374A8AE7763D9AF88F ft=1 fh=0fe3e64a55eab364 vn="a variant of Win32/Conduit.SearchProtect.I potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPTool.dll.vir"
sh=09975ED04166B761DC1CED0B15BAE6D37DCC0560 ft=1 fh=919d2464905062de vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe.vir"
sh=CC7735B51ACFC778DAFCE7B9C25798C1149059CA ft=1 fh=bdcf262ba56c13e6 vn="a variant of Win32/Conduit.SearchProtect.I potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe.vir"
sh=C2BF9E02AAF8CD61356523AF0425BD4DEEE8A0E8 ft=1 fh=aed2a53e39c1b826 vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe.vir"
sh=E07AC00C609A9096EFEDCF5839D77AD91C96BD2D ft=1 fh=a44174895411af10 vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll.vir"
sh=6C0CFF21847BEBDC22C8ED1C8A24ED19724D7741 ft=1 fh=91d5fb4f6ab1ad55 vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll.vir"
sh=19D4CD0E4DDB51C3B3A25676F68963807BE1710C ft=1 fh=5c3c9fe0db73a8b4 vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64.dll.vir"
sh=3AE79DE1D9A3C56075DB1B53DF9D7880AE03A5F6 ft=1 fh=bd390a3911fc5a39 vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll.vir"
sh=0F00EB8310C851AAD8AE9C7C17EF5F0D81617D3A ft=1 fh=1090c94a8e08b65e vn="a variant of Win32/Conduit.SearchProtect.I potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe.vir"
sh=22D72360BFE9AA4C456BB3B04E1353276ADC51D4 ft=1 fh=058f6640cbb7b14e vn="a variant of Win32/HiddenStart.A potentially unsafe application" ac=I fn="C:\Program Files\Family Tree Maker 2014\FTM2014SfxPatch64.exe"
sh=626A8BFDE566A47CF8E844A0E43552BE7789EB6B ft=1 fh=92a716713397c90b vn="a variant of Win32/HiddenStart.A potentially unsafe application" ac=I fn="C:\Program Files\Family Tree Maker 2014\hstart.exe"
sh=626A8BFDE566A47CF8E844A0E43552BE7789EB6B ft=1 fh=92a716713397c90b vn="a variant of Win32/HiddenStart.A potentially unsafe application" ac=I fn="C:\Program Files\Family Tree Maker 2014\hstartRt.exe"
sh=E6BC489B8ED073FFCD78A4CEAEA6D294A03AF24C ft=1 fh=7468968bc4b25304 vn="a variant of Win32/Toolbar.Visicom.B potentially unwanted application" ac=I fn="C:\Program Files (x86)\xfin_portal\comcastdx.dll"
sh=270D6C0E56091F2ACF8A675012C216932F44C1CA ft=1 fh=6baa270008143a42 vn="a variant of Win64/Toolbar.Visicom.A potentially unwanted application" ac=I fn="C:\Program Files (x86)\xfin_portal\comcastdx64.dll"
sh=ABDDE3AF9ED8BF51B6A2FBD4294E346C85B57DC1 ft=1 fh=410e587c67a2ec37 vn="a variant of Win32/Toolbar.Visicom.A potentially unwanted application" ac=I fn="C:\Program Files (x86)\xfin_portal\comcasttb.dll"
sh=31F709955DE64FF4193FC9389848F654AA457288 ft=0 fh=0000000000000000 vn="a variant of Win32/HiddenStart.A potentially unsafe application" ac=I fn="C:\ProgramData\{3F06E471-FD45-4DB4-83A5-E68D149EA29F}\setup.res"
sh=31F709955DE64FF4193FC9389848F654AA457288 ft=0 fh=0000000000000000 vn="a variant of Win32/HiddenStart.A potentially unsafe application" ac=I fn="C:\Users\All Users\{3F06E471-FD45-4DB4-83A5-E68D149EA29F}\setup.res"
sh=91352F7C0C03DBAFE73A9D7B2539C7B346EF9582 ft=1 fh=50f3aee05957228d vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Laura\Downloads\ccsetup514.exe"
sh=02F18375EF776089296105D8ED756BA018D84DF9 ft=1 fh=7a126cbe48eb4780 vn="a variant of Win32/Conduit.SearchProtect.O potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\06152014_112636\C_Program Files\pcmax\pcmax.exe"
sh=038AF16619CFB2102B38C8F0D187E14DB7EF1AEA ft=1 fh=0e796303eff9f02f vn="Win32/Conduit.SearchProtect.T potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\06152014_112636\C_Program Files\pcmax\service.exe"
 
 
PLATFORM VERSION INFO
Windows : 10.0.10586.0 (Win32NT)
Common Language Runtime : 4.0.30319.42000
System.Deployment.dll : 4.6.1038.0 built by: NETFXREL2
clr.dll : 4.6.1063.1 built by: NETFXREL3STAGE
dfdll.dll : 4.6.1038.0 built by: NETFXREL2
dfshim.dll : 10.0.10586.0 (th2_release.151029-1700)
 
SOURCES
Deployment url : file:///C:/Users/Laura/AppData/Roaming/Microsoft/Windows/Start%20Menu/Programs/Startup/Amazon%20Cloud%20Drive.appref-ms%7C
 
ERROR SUMMARY
Below is a summary of the errors, details of these errors are listed later in the log.
* Activation of C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Cloud Drive.appref-ms| resulted in exception. Following failure messages were detected:
+ Activation failed.
+ The system cannot find the file specified. (Exception from HRESULT: 0x80070002)
 
COMPONENT STORE TRANSACTION FAILURE SUMMARY
No transaction error was detected.
 
WARNINGS
There were no warnings during this operation.
 
OPERATION PROGRESS STATUS
* [2/22/2016 1:37:02 PM] : Activation of C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Cloud Drive.appref-ms| has started.
* [2/22/2016 1:37:02 PM] : Performing necessary update check as specified by the deployment.
 
ERROR DETAILS
Following errors were detected during this operation.
* [2/22/2016 1:37:03 PM] System.Deployment.Application.DeploymentException (Activation)
- Activation failed.
- Source: System.Deployment
- Stack trace:
at System.Deployment.Application.ComponentStore.ActivateApplication(DefinitionAppId appId, String activationParameter, Boolean useActivationParameter)
at System.Deployment.Application.SubscriptionStore.ActivateApplication(DefinitionAppId appId, String activationParameter, Boolean useActivationParameter)
at System.Deployment.Application.ApplicationActivator.Activate(DefinitionAppId appId, AssemblyManifest appManifest, String activationParameter, Boolean useActivationParameter)
at System.Deployment.Application.ApplicationActivator.ProcessOrFollowShortcut(String shortcutFile, String& errorPageUrl, TempFile& deployFile)
at System.Deployment.Application.ApplicationActivator.PerformDeploymentActivation(Uri activationUri, Boolean isShortcut, String textualSubId, String deploymentProviderUrlFromExtension, BrowserSettings browserSettings, String& errorPageUrl)
at System.Deployment.Application.ApplicationActivator.ActivateDeploymentWorker(Object state)
--- Inner Exception ---
System.IO.FileNotFoundException
- The system cannot find the file specified. (Exception from HRESULT: 0x80070002)
- Source: System.Deployment
- Stack trace:
at System.Deployment.Application.NativeMethods.CorLaunchApplication(UInt32 hostType, String applicationFullName, Int32 manifestPathsCount, String[] manifestPaths, Int32 activationDataCount, String[] activationData, PROCESS_INFORMATION processInformation)
at System.Deployment.Application.ComponentStore.ActivateApplication(DefinitionAppId appId, String activationParameter, Boolean useActivationParameter)
 
COMPONENT STORE TRANSACTION DETAILS
No transaction information is available.
 

  • 0

#7
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hi Laura B

Thanks for the update and pleased to hear the system seems to be faster now. :)

There are a couple of remnants of the Amazon Cloud which is trying to start up where you are getting the error so we'll remove them with FRST. Then I want you to run xbootmgr which should boost the performance and help windows 10 run as it should.

Step1 - FRST fix


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint:
C:\Program Files\Family Tree Maker 2014
C:\Program Files (x86)\xfin_portal
C:\ProgramData\{3F06E471-FD45-4DB4-83A5-E68D149EA29F}
C:\Users\Laura\Downloads\ccsetup514.exe
C:\Users\Laura\AppData\Local\Amazon Cloud Drive
(Amazon Digital Services, LLC.) C:\Users\Laura\AppData\Local\Apps\2.0\OVG7B4O8.MJR\0OE0RBP6.GM5\amaz..tion_f2fa081ea2183235_0002.0004_9f25fd1982bf3008\AmazonCloudDrive.exe
(Sun Microsystems, Inc.) C:\Users\Laura\AppData\Local\Apps\2.0\OVG7B4O8.MJR\0OE0RBP6.GM5\amaz..tion_f2fa081ea2183235_0002.0004_9f25fd1982bf3008\LocalServiceJre\bin\AmazonCloudDriveW.exe
HKU\S-1-5-21-1952728211-2621831436-1186278313-1001\...\Run: [Amazon Cloud Drive] => C:\Users\Laura\AppData\Local\Amazon Cloud Drive\AmazonCloudDrive.exe [2017568 2016-02-11] (Amazon.com Inc.)
Startup: C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Cloud Drive.appref-ms [2016-02-20] ()
C:\Users\Laura\AppData\Local\Apps\2.0
C:\Users\Laura\AppData\Local\Amazon Cloud Drive
EmptyTemp:

  • Save this as fixlist.txt, in the same location as FRST.exe on your desktop.
    FRSTfix.JPG
  • Run FRST by right clicking on it and selecting Run as Administrator and press Fix
  • On completion a log (fixlog.txt) will be generated.
  • Please select all text in this fix, copy (CTRL + C) and then Paste (CTRL + V) in your next reply.


    Step2 - xbootmgr


    Download the SDK web installer from here
    Run the installer and select the following:

    Leave the location to default
    wdk%20location.JPG

    Windows Performance Toolkit
    Wintoolkitselect.JPG

    You must reboot on completion of the install

    After reboot set aside about 30 minutes when you will not need the computer

    To turn UAC off

    1.Open User Account Control Settings by clicking the Start button , and then clicking Control Panel. In the search box, type uac, and then click Change User Account Control settings.
    2.Do the following: To turn off UAC, move the slider to the Never notify position, and then click OK.


    When ready start an elevated command prompt :

    Go Start > All Programs > Accessories
    Right click Command Prompt and select Run as Administrator

    Then copy and paste the following command into the black box :

    xbootmgr -trace boot -prepSystem -verboseReadyBoot

    sdk%20command.JPG

    Now your PC will be restarted 6 times. With a two minute pause before the tool runs after the desktop loads
    After the second reboot the MS defragmentation program is running and is placing the files into an optimized layout, so that Windows will boot up faster
    The last Reboots are training of readyBoot. After the training is finished, you'll notice a huge improvement in startup.

    To turn UAC on

    1.Open User Account Control Settings by clicking the Start button , and then clicking Control Panel. In the search box, type uac, and then click Change User Account Control settings.
    2.Do the following: To turn on UAC, move the slider to the notify me (default) position, and then click OK.


    Things for your next post:
  • fixlog.txt
  • How is the computer running now?

  • 0

#8
Laura B

Laura B

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

I ran the FRST and the log is pasted below.  I followed the directions for the xbootmgr but it keeps getting stuck at the 2nd reboot.  I've tried leaving it overnight, but still stuck there. I tried closing it an rebooting again - it will start the process but then again will get stuck on Preparing System.  I now do not know how to stop the process. Suggestions?

 

Computer is running okay and seems a bit faster although I have not done a whole lot yet, other then come out to this forum, since this last process is getting stuck.

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:20-02-2016
Ran by Laura (2016-02-22 19:56:57) Run:2
Running from C:\Users\Laura\Desktop
Loaded Profiles: Laura (Available Profiles: Laura)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
C:\Program Files\Family Tree Maker 2014
C:\Program Files (x86)\xfin_portal
C:\ProgramData\{3F06E471-FD45-4DB4-83A5-E68D149EA29F}
C:\Users\Laura\Downloads\ccsetup514.exe
C:\Users\Laura\AppData\Local\Amazon Cloud Drive
(Amazon Digital Services, LLC.) C:\Users\Laura\AppData\Local\Apps\2.0\OVG7B4O8.MJR\0OE0RBP6.GM5\amaz..tion_f2fa081ea2183235_0002.0004_9f25fd1982bf3008\AmazonCloudDrive.exe
(Sun Microsystems, Inc.) C:\Users\Laura\AppData\Local\Apps\2.0\OVG7B4O8.MJR\0OE0RBP6.GM5\amaz..tion_f2fa081ea2183235_0002.0004_9f25fd1982bf3008\LocalServiceJre\bin\AmazonCloudDriveW.exe
HKU\S-1-5-21-1952728211-2621831436-1186278313-1001\...\Run: [Amazon Cloud Drive] => C:\Users\Laura\AppData\Local\Amazon Cloud Drive\AmazonCloudDrive.exe [2017568 2016-02-11] (Amazon.com Inc.)
Startup: C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Cloud Drive.appref-ms [2016-02-20] ()
C:\Users\Laura\AppData\Local\Apps\2.0
C:\Users\Laura\AppData\Local\Amazon Cloud Drive
EmptyTemp:
*****************
 
Restore point was successfully created.
C:\Program Files\Family Tree Maker 2014 => moved successfully
C:\Program Files (x86)\xfin_portal => moved successfully
C:\ProgramData\{3F06E471-FD45-4DB4-83A5-E68D149EA29F} => moved successfully
C:\Users\Laura\Downloads\ccsetup514.exe => moved successfully
"C:\Users\Laura\AppData\Local\Amazon Cloud Drive" => not found.
C:\Users\Laura\AppData\Local\Apps\2.0\OVG7B4O8.MJR\0OE0RBP6.GM5\amaz..tion_f2fa081ea2183235_0002.0004_9f25fd1982bf3008\AmazonCloudDrive.exe => No running process found
C:\Users\Laura\AppData\Local\Apps\2.0\OVG7B4O8.MJR\0OE0RBP6.GM5\amaz..tion_f2fa081ea2183235_0002.0004_9f25fd1982bf3008\LocalServiceJre\bin\AmazonCloudDriveW.exe => No running process found
HKU\S-1-5-21-1952728211-2621831436-1186278313-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Amazon Cloud Drive => value removed successfully
C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Cloud Drive.appref-ms => moved successfully
C:\Users\Laura\AppData\Local\Apps\2.0 => moved successfully
"C:\Users\Laura\AppData\Local\Amazon Cloud Drive" => not found.
EmptyTemp: => 225 MB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 19:57:25 ====

  • 0

#9
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hi Laura b

the 2nd reboot is the longest. I ran one on my win10 machine and it took around 7 hours.

Try running it again and leave to run.
  • 0

#10
Laura B

Laura B

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

I've left it for 24 hours and it still is not done. I've attached a screenshot of what it says. Suggestions?

 

 


  • 0

#11
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hi Laura b

That doesn't sound right. If you can open up an elevated command prompt type in xbootmgr -remove. Then return.

There is a space between xbootmgr and the -.

See how that goes and if it stops it.
  • 0

#12
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0






Similar Topics


Also tagged with one or more of these keywords: Virus, Malware, infected

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP